Kód: Vybrat vše
E:/
Byla vyřízena pouze část požadavku ReadProcessMemory nebo WriteProcessMemory.Poradil by někdo? Prosím?
Prosím o kontrolu logu..
Moderátoři: Mods_senior, Security team
Pravidla fóra
Návod na použití programu HijackThis || Návod na vyčištění počítače CCleanerem || FAQ: Antiviry
Návod na použití programu HijackThis || Návod na vyčištění počítače CCleanerem || FAQ: Antiviry
Re: Prosím o kontrolu logu..
Mám ještě jeden probém.. pokaždé když do mechaniky hodím CD a chci si nainstalovat GTA:SA tak to hrozně dlouho načítá a nakonec se to ani nespustí ale napíše to hlášku..
Předtím to vyhodilo hlášku že tento počítač neodpovídá...
Poradil by někdo? Prosím?
Poradil by někdo? Prosím?
Re: Prosím o kontrolu logu..
Ještě nejme hotovi...
Najdi a smaž: C:\SDFix
Odinstaluj : TrojanHunter 4.2
Vypni rez. štít u SpywareTerminatoru.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Nevidím antivir, po odvirování si nějaký pořiď.
Najdi a smaž: C:\SDFix
Odinstaluj : TrojanHunter 4.2
Vypni rez. štít u SpywareTerminatoru.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Nevidím antivir, po odvirování si nějaký pořiď.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu..
jj log z ComboFix:
ComboFix 09-01-01.01 - Olga Horáčková 2009-01-02 13:32:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1023.698 [GMT 1:00]
Spuštěný z: c:\documents and settings\Olga Horáčková\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Olga Horáčková\Data aplikací\FunWebProducts
c:\documents and settings\Olga Horáčková\Data aplikací\FunWebProducts\Data\Olga Horáčková\avatar.dat
c:\documents and settings\Olga Horáčková\Nabídka Start\Programy\Download programs.url
c:\documents and settings\Olga Horáčková\Nabídka Start\Programy\Games.url
c:\documents and settings\Olga Horáčková\Nabídka Start\Programy\Videos.url
c:\documents and settings\Olga Horáčková\Oblíbené položky\Download programs.url
c:\documents and settings\Olga Horáčková\Oblíbené položky\Translator.url
c:\documents and settings\Olga Horáčková\Oblíbené položky\Videos.url
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-02 do 2009-01-02 )))))))))))))))))))))))))))))))
.
2009-01-02 10:50 . 2009-01-02 10:50 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-01-02 10:46 . 2009-01-02 10:46 <DIR> d-------- c:\windows\ERUNT
2009-01-01 13:18 . 2009-01-01 13:18 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-31 11:03 . 2008-12-31 11:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-31 11:03 . 2008-12-31 11:03 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\Malwarebytes
2008-12-31 11:03 . 2008-12-31 11:03 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-12-31 11:03 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-31 11:03 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-30 16:50 . 2009-01-02 13:25 <DIR> d-------- c:\program files\TrojanHunter 4.2
2008-12-30 16:16 . 2008-12-30 16:16 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\PC Tools
2008-12-30 16:16 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-19 14:27 . 2008-12-19 14:27 287 --a------ c:\windows\game.ini
2008-12-19 10:08 . 2008-12-19 10:08 <DIR> d-------- c:\program files\SweetIM
2008-12-19 10:08 . 2008-12-19 10:08 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SweetIM
2008-12-18 16:26 . 2008-12-18 16:26 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\Canneverbe_Limited
2008-12-16 20:49 . 2008-12-20 12:12 <DIR> d-------- c:\program files\ICQ6Toolbar
2008-12-16 20:49 . 2008-12-20 12:10 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ICQ
2008-12-16 17:10 . 2008-12-16 17:10 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\Moyea
2008-12-14 13:28 . 2008-12-14 13:28 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\Sony
2008-12-14 13:28 . 2008-12-14 13:32 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\Publish Providers
2008-12-14 13:28 . 2008-12-14 13:28 156 --a------ c:\windows\Twunk001.MTX
2008-12-14 13:28 . 2008-12-14 13:28 2 --a------ c:\windows\Twain001.Mtx
2008-12-14 13:28 . 2008-12-14 13:28 0 --a------ c:\windows\Twunk002.MTX
2008-12-14 13:27 . 2008-12-14 13:27 <DIR> d-------- c:\program files\Vstplugins
2008-12-14 13:27 . 2008-12-14 13:27 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Sony
2008-12-14 12:11 . 2002-11-25 17:53 425,984 --a------ c:\windows\system32\xvid.dll
2008-12-14 12:11 . 2003-06-05 17:30 316,640 --a------ c:\windows\system32\WMSysPr9.prx
2008-12-14 12:11 . 2004-09-06 16:06 53,248 --a------ c:\windows\system32\xvid.ax
2008-12-14 12:11 . 2003-05-21 23:50 24,576 --a------ c:\windows\system32\msxml3a.dll
2008-12-13 00:12 . 2008-12-13 00:12 118 --a------ c:\windows\system32\MRT.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 10:50 --------- d-----w c:\documents and settings\Olga Horáčková\Data aplikací\Skype
2009-01-02 09:26 --------- d-----w c:\documents and settings\Olga Horáčková\Data aplikací\skypePM
2009-01-01 14:35 --------- d-----w c:\documents and settings\Mamina\Data aplikací\Skype
2009-01-01 12:18 --------- d-----w c:\program files\Java
2009-01-01 00:42 --------- d-----w c:\documents and settings\Mamina\Data aplikací\skypePM
2008-12-30 16:11 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-12-28 09:24 --------- d-----w c:\program files\WinClamAVShield
2008-12-19 13:28 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-19 09:07 --------- d-----w c:\program files\Spyware Terminator
2008-12-18 14:17 58 ----a-w c:\documents and settings\Olga Horáčková\USERDATA.DAT
2008-12-18 14:17 58 ----a-w c:\documents and settings\Olga Horáčková\USERDATA.DAT
2008-12-16 13:07 --------- d-----w c:\program files\ICQToolbar
2008-12-13 06:39 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 15:51 --------- d-----w c:\program files\GameSpy Arcade
2008-12-06 07:25 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2008-11-29 12:01 138,624 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2008-11-23 16:44 --------- d-----w c:\program files\steam
2008-11-22 20:09 --------- d-----w c:\program files\Common Files\Filseclab
2008-11-07 13:55 --------- d-----w c:\program files\City Interactive
2008-10-26 15:29 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:42 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-15 16:38 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:04 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2007-12-21 18:45 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2008-03-04 17:48 88 --sh--r c:\windows\system32\B4A3EA5B95.sys
2008-03-04 17:48 2,568 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-08 17:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080820080809\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-07 21686568]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-18 49152]
"AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2006-06-09 110592]
"MediaSync"="c:\program files\Acer\Acer eConsole\MediaSync.exe" [2006-05-04 425984]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"PCMService"="c:\program files\Acer TV-FM\PCMService.exe" [2006-03-29 143360]
"supertintin_skype"="c:\program files\Supertintin for Skype\supertintin_skype.exe" [2008-06-26 761856]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"SW20"="c:\windows\system32\sw20.exe" [2006-09-07 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-09-07 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-01 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-12-02 111928]
"Ashampoo FireWall PRO"="d:\program files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" [2006-11-09 3525120]
"SiSPower"="SiSPower.dll" [2005-08-26 c:\windows\system32\SiSPower.dll]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Olga Hor źkov \Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Xfire.lnk - d:\program files\Xfire\xfire.exe [2008-07-16 3050832]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2006-12-25 262144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ShowSuperHidden"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.XFR1"= xfcodec.dll
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"=
"d:\\Program files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Program files\\Xfire\\xfire.exe"=
"d:\\Program files\\Edisk\\eDisk klient\\eDisk klient.exe"=
"d:\\Program files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"d:\\Program files\\Namco\\Street Racing Syndicate\\Bin\\SRS.EXE"=
"d:\\Program files\\VirtualDJ\\monitor.exe"=
"d:\\Program files\\VirtualDJ\\manager.exe"=
"d:\\Program files\\VirtualDJ\\server.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Edisk\\eDisk klient\\eDisk klient.exe"=
"d:\\Program files\\FlightGear\\bin\\win32\\fgfs.exe"=
"d:\\Program files\\rFactor MP Test\\rFactor MP Test.exe"=
"d:\\Program files\\rFactor\\rFactor.exe"=
"d:\\Program files\\VPN Anonymizer\\privoxy\\VPN_Anonymizer_webfilter.exe"=
"d:\\Program files\\QIP\\qip.exe"=
"d:\\Program files\\3dsmax.exe"=
"c:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"=
"d:\\Program files\\Playlogic\\World Racing 2\\MP Lounge 2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Olga Horáčková\\Plocha\\Insane\\Game.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Program files\\Counter-Strike Source\\hl2.exe"=
"d:\\Program files\\Cenega Czech\\VIETCONG\\vietcong.exe"=
"c:\\Program Files\\City Interactive\\Overspeed\\Overspeed.exe"=
"c:\\Program Files\\City Interactive\\Overspeed\\dedicated server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program files\\Graffiti Studio 2.0\\Graffiti Studio.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"d:\\Program files\\ICQ6.5\\ICQ.exe"=
"d:\\Program files\\BitLord\\BitLord.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-29 138624]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-12-16 222456]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;"d:\program files\mentalray\satellite\raysat_3dsMax2009_32server.exe" [2008-03-10 65536]
R3 DrvFltIp;DrvFltIp;\??\c:\documents and settings\Olga Horáčková\Local Settings\TEMP\DrvFltIp []
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-18 69120]
S1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys []
S3 jfdcd;jfdcd;\??\c:\docume~1\Filip\LOCALS~1\Temp\jfdcd.sys []
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-30 356920]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2601f487-b179-11dc-a97c-0016ec632195}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
*Newly Created Service* - PROCEXP90
.
Obsah adresáře 'Naplánované úlohy'
2008-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2008-06-14 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- d:\program files\Spybot - Search & Destroy\SpybotSD.exe []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-ICQ - ~d:\program files\ICQ6.5\ICQ.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com" onclick="window.open(this.href);return false;
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q=" onclick="window.open(this.href);return false;{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://home.sweetim.com" onclick="window.open(this.href);return false;
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=" onclick="window.open(this.href);return false;%s
IE: &Download All with FlashGet - d:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - d:\program files\FlashGet\jc_link.htm
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Crawler Search - tbr:iemenu
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: {B9C5DDB4-1199-421B-AD7B-6D71B7020B33} = 212.158.128.2,212.158.128.3
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Olga Horáčková\Data aplikací\Mozilla\Firefox\Profiles\a0x87r70.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=" onclick="window.open(this.href);return false;
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/" onclick="window.open(this.href);return false;
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=" onclick="window.open(this.href);return false;
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
FF - plugin: d:\program files\Plugins\npqtplugin.dll
FF - plugin: d:\program files\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\Plugins\npqtplugin7.dll
ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-01-02 13:34:17
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\documents and settings\Olga Horáčková\Local Settings\TEMP\ASFWHide"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DrvFltIp]
"ImagePath"="\??\c:\documents and settings\Olga Horáčková\Local Settings\TEMP\DrvFltIp"
.
Celkový čas: 2009-01-02 13:35:25
ComboFix-quarantined-files.txt 2009-01-02 12:34:46
Před spuštěním: Volných bajtů: 37 938 302 976
Po spuštění: Volných bajtů: 38,181,048,320
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
289 --- E O F --- 2008-12-18 21:11:50
ComboFix 09-01-01.01 - Olga Horáčková 2009-01-02 13:32:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1023.698 [GMT 1:00]
Spuštěný z: c:\documents and settings\Olga Horáčková\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Olga Horáčková\Data aplikací\FunWebProducts
c:\documents and settings\Olga Horáčková\Data aplikací\FunWebProducts\Data\Olga Horáčková\avatar.dat
c:\documents and settings\Olga Horáčková\Nabídka Start\Programy\Download programs.url
c:\documents and settings\Olga Horáčková\Nabídka Start\Programy\Games.url
c:\documents and settings\Olga Horáčková\Nabídka Start\Programy\Videos.url
c:\documents and settings\Olga Horáčková\Oblíbené položky\Download programs.url
c:\documents and settings\Olga Horáčková\Oblíbené položky\Translator.url
c:\documents and settings\Olga Horáčková\Oblíbené položky\Videos.url
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-02 do 2009-01-02 )))))))))))))))))))))))))))))))
.
2009-01-02 10:50 . 2009-01-02 10:50 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-01-02 10:46 . 2009-01-02 10:46 <DIR> d-------- c:\windows\ERUNT
2009-01-01 13:18 . 2009-01-01 13:18 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-31 11:03 . 2008-12-31 11:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-31 11:03 . 2008-12-31 11:03 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\Malwarebytes
2008-12-31 11:03 . 2008-12-31 11:03 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-12-31 11:03 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-31 11:03 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-30 16:50 . 2009-01-02 13:25 <DIR> d-------- c:\program files\TrojanHunter 4.2
2008-12-30 16:16 . 2008-12-30 16:16 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\PC Tools
2008-12-30 16:16 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-19 14:27 . 2008-12-19 14:27 287 --a------ c:\windows\game.ini
2008-12-19 10:08 . 2008-12-19 10:08 <DIR> d-------- c:\program files\SweetIM
2008-12-19 10:08 . 2008-12-19 10:08 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SweetIM
2008-12-18 16:26 . 2008-12-18 16:26 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\Canneverbe_Limited
2008-12-16 20:49 . 2008-12-20 12:12 <DIR> d-------- c:\program files\ICQ6Toolbar
2008-12-16 20:49 . 2008-12-20 12:10 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ICQ
2008-12-16 17:10 . 2008-12-16 17:10 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\Moyea
2008-12-14 13:28 . 2008-12-14 13:28 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\Sony
2008-12-14 13:28 . 2008-12-14 13:32 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\Publish Providers
2008-12-14 13:28 . 2008-12-14 13:28 156 --a------ c:\windows\Twunk001.MTX
2008-12-14 13:28 . 2008-12-14 13:28 2 --a------ c:\windows\Twain001.Mtx
2008-12-14 13:28 . 2008-12-14 13:28 0 --a------ c:\windows\Twunk002.MTX
2008-12-14 13:27 . 2008-12-14 13:27 <DIR> d-------- c:\program files\Vstplugins
2008-12-14 13:27 . 2008-12-14 13:27 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Sony
2008-12-14 12:11 . 2002-11-25 17:53 425,984 --a------ c:\windows\system32\xvid.dll
2008-12-14 12:11 . 2003-06-05 17:30 316,640 --a------ c:\windows\system32\WMSysPr9.prx
2008-12-14 12:11 . 2004-09-06 16:06 53,248 --a------ c:\windows\system32\xvid.ax
2008-12-14 12:11 . 2003-05-21 23:50 24,576 --a------ c:\windows\system32\msxml3a.dll
2008-12-13 00:12 . 2008-12-13 00:12 118 --a------ c:\windows\system32\MRT.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 10:50 --------- d-----w c:\documents and settings\Olga Horáčková\Data aplikací\Skype
2009-01-02 09:26 --------- d-----w c:\documents and settings\Olga Horáčková\Data aplikací\skypePM
2009-01-01 14:35 --------- d-----w c:\documents and settings\Mamina\Data aplikací\Skype
2009-01-01 12:18 --------- d-----w c:\program files\Java
2009-01-01 00:42 --------- d-----w c:\documents and settings\Mamina\Data aplikací\skypePM
2008-12-30 16:11 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-12-28 09:24 --------- d-----w c:\program files\WinClamAVShield
2008-12-19 13:28 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-19 09:07 --------- d-----w c:\program files\Spyware Terminator
2008-12-18 14:17 58 ----a-w c:\documents and settings\Olga Horáčková\USERDATA.DAT
2008-12-18 14:17 58 ----a-w c:\documents and settings\Olga Horáčková\USERDATA.DAT
2008-12-16 13:07 --------- d-----w c:\program files\ICQToolbar
2008-12-13 06:39 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 15:51 --------- d-----w c:\program files\GameSpy Arcade
2008-12-06 07:25 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2008-11-29 12:01 138,624 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2008-11-23 16:44 --------- d-----w c:\program files\steam
2008-11-22 20:09 --------- d-----w c:\program files\Common Files\Filseclab
2008-11-07 13:55 --------- d-----w c:\program files\City Interactive
2008-10-26 15:29 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:42 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-15 16:38 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:04 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2007-12-21 18:45 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2008-03-04 17:48 88 --sh--r c:\windows\system32\B4A3EA5B95.sys
2008-03-04 17:48 2,568 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-08 17:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080820080809\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-07 21686568]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-18 49152]
"AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2006-06-09 110592]
"MediaSync"="c:\program files\Acer\Acer eConsole\MediaSync.exe" [2006-05-04 425984]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"PCMService"="c:\program files\Acer TV-FM\PCMService.exe" [2006-03-29 143360]
"supertintin_skype"="c:\program files\Supertintin for Skype\supertintin_skype.exe" [2008-06-26 761856]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"SW20"="c:\windows\system32\sw20.exe" [2006-09-07 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-09-07 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-01 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-12-02 111928]
"Ashampoo FireWall PRO"="d:\program files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" [2006-11-09 3525120]
"SiSPower"="SiSPower.dll" [2005-08-26 c:\windows\system32\SiSPower.dll]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Olga Hor źkov \Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Xfire.lnk - d:\program files\Xfire\xfire.exe [2008-07-16 3050832]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2006-12-25 262144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ShowSuperHidden"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.XFR1"= xfcodec.dll
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"=
"d:\\Program files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Program files\\Xfire\\xfire.exe"=
"d:\\Program files\\Edisk\\eDisk klient\\eDisk klient.exe"=
"d:\\Program files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"d:\\Program files\\Namco\\Street Racing Syndicate\\Bin\\SRS.EXE"=
"d:\\Program files\\VirtualDJ\\monitor.exe"=
"d:\\Program files\\VirtualDJ\\manager.exe"=
"d:\\Program files\\VirtualDJ\\server.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Edisk\\eDisk klient\\eDisk klient.exe"=
"d:\\Program files\\FlightGear\\bin\\win32\\fgfs.exe"=
"d:\\Program files\\rFactor MP Test\\rFactor MP Test.exe"=
"d:\\Program files\\rFactor\\rFactor.exe"=
"d:\\Program files\\VPN Anonymizer\\privoxy\\VPN_Anonymizer_webfilter.exe"=
"d:\\Program files\\QIP\\qip.exe"=
"d:\\Program files\\3dsmax.exe"=
"c:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"=
"d:\\Program files\\Playlogic\\World Racing 2\\MP Lounge 2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Olga Horáčková\\Plocha\\Insane\\Game.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Program files\\Counter-Strike Source\\hl2.exe"=
"d:\\Program files\\Cenega Czech\\VIETCONG\\vietcong.exe"=
"c:\\Program Files\\City Interactive\\Overspeed\\Overspeed.exe"=
"c:\\Program Files\\City Interactive\\Overspeed\\dedicated server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program files\\Graffiti Studio 2.0\\Graffiti Studio.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"d:\\Program files\\ICQ6.5\\ICQ.exe"=
"d:\\Program files\\BitLord\\BitLord.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-29 138624]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-12-16 222456]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;"d:\program files\mentalray\satellite\raysat_3dsMax2009_32server.exe" [2008-03-10 65536]
R3 DrvFltIp;DrvFltIp;\??\c:\documents and settings\Olga Horáčková\Local Settings\TEMP\DrvFltIp []
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-18 69120]
S1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys []
S3 jfdcd;jfdcd;\??\c:\docume~1\Filip\LOCALS~1\Temp\jfdcd.sys []
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-30 356920]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2601f487-b179-11dc-a97c-0016ec632195}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
*Newly Created Service* - PROCEXP90
.
Obsah adresáře 'Naplánované úlohy'
2008-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2008-06-14 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- d:\program files\Spybot - Search & Destroy\SpybotSD.exe []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-ICQ - ~d:\program files\ICQ6.5\ICQ.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com" onclick="window.open(this.href);return false;
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q=" onclick="window.open(this.href);return false;{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://home.sweetim.com" onclick="window.open(this.href);return false;
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=" onclick="window.open(this.href);return false;%s
IE: &Download All with FlashGet - d:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - d:\program files\FlashGet\jc_link.htm
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Crawler Search - tbr:iemenu
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: {B9C5DDB4-1199-421B-AD7B-6D71B7020B33} = 212.158.128.2,212.158.128.3
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Olga Horáčková\Data aplikací\Mozilla\Firefox\Profiles\a0x87r70.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=" onclick="window.open(this.href);return false;
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/" onclick="window.open(this.href);return false;
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=" onclick="window.open(this.href);return false;
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
FF - plugin: d:\program files\Plugins\npqtplugin.dll
FF - plugin: d:\program files\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\Plugins\npqtplugin7.dll
ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-01-02 13:34:17
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\documents and settings\Olga Horáčková\Local Settings\TEMP\ASFWHide"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DrvFltIp]
"ImagePath"="\??\c:\documents and settings\Olga Horáčková\Local Settings\TEMP\DrvFltIp"
.
Celkový čas: 2009-01-02 13:35:25
ComboFix-quarantined-files.txt 2009-01-02 12:34:46
Před spuštěním: Volných bajtů: 37 938 302 976
Po spuštění: Volných bajtů: 38,181,048,320
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
289 --- E O F --- 2008-12-18 21:11:50
Re: Prosím o kontrolu logu..
Jinak z antivirusem bych potřeboval poradit.. spousta antivirů pc dost brzdí.. doporučíš mi něaký dobrý.. ale něaký ne tolik "brzdící"??
Re: Prosím o kontrolu logu..
Dej si vyhledat zde na fóru jaký je nejlepší antivir , nebo něco takového.Pak má memphisto v podpise odkazy na free antiviry.Budeš muset sám vyzkoušet.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Toto otestuj na Virustotal
c:\windows\system32\B4A3EA5B95.sys
Vlož sem pak výsledek.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
c:\windows\Twunk001.MTX
c:\windows\Twain001.Mtx
c:\windows\Twunk002.MTX
c:\docume~1\Filip\LOCALS~1\Temp\jfdcd.sys
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2601f487-b179-11dc-a97c-0016ec632195}]Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Toto otestuj na Virustotal
c:\windows\system32\B4A3EA5B95.sys
Vlož sem pak výsledek.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu..
ComboFix 09-01-01.01 - Olga Horáčková 2009-01-02 15:37:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1023.633 [GMT 1:00]
Spuštěný z: c:\documents and settings\Olga Horáčková\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Olga Horáčková\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
FILE ::
c:\docume~1\Filip\LOCALS~1\Temp\jfdcd.sys
c:\windows\Twain001.Mtx
c:\windows\Twunk001.MTX
c:\windows\Twunk002.MTX
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Twain001.Mtx
c:\windows\Twunk001.MTX
c:\windows\Twunk002.MTX
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-02 do 2009-01-02 )))))))))))))))))))))))))))))))
.
2009-01-02 10:50 . 2009-01-02 10:50 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-01-02 10:46 . 2009-01-02 10:46 <DIR> d-------- c:\windows\ERUNT
2009-01-01 13:18 . 2009-01-01 13:18 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-31 11:03 . 2008-12-31 11:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-31 11:03 . 2008-12-31 11:03 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\Malwarebytes
2008-12-31 11:03 . 2008-12-31 11:03 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-12-31 11:03 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-31 11:03 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-30 16:50 . 2009-01-02 13:25 <DIR> d-------- c:\program files\TrojanHunter 4.2
2008-12-30 16:16 . 2008-12-30 16:16 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\PC Tools
2008-12-30 16:16 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-19 14:27 . 2008-12-19 14:27 287 --a------ c:\windows\game.ini
2008-12-19 10:08 . 2008-12-19 10:08 <DIR> d-------- c:\program files\SweetIM
2008-12-19 10:08 . 2008-12-19 10:08 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SweetIM
2008-12-18 16:26 . 2008-12-18 16:26 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\Canneverbe_Limited
2008-12-16 20:49 . 2008-12-20 12:12 <DIR> d-------- c:\program files\ICQ6Toolbar
2008-12-16 20:49 . 2008-12-20 12:10 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ICQ
2008-12-16 17:10 . 2008-12-16 17:10 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\Moyea
2008-12-14 13:28 . 2008-12-14 13:28 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\Sony
2008-12-14 13:28 . 2008-12-14 13:32 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\Publish Providers
2008-12-14 13:27 . 2008-12-14 13:27 <DIR> d-------- c:\program files\Vstplugins
2008-12-14 13:27 . 2008-12-14 13:27 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Sony
2008-12-14 12:11 . 2002-11-25 17:53 425,984 --a------ c:\windows\system32\xvid.dll
2008-12-14 12:11 . 2003-06-05 17:30 316,640 --a------ c:\windows\system32\WMSysPr9.prx
2008-12-14 12:11 . 2004-09-06 16:06 53,248 --a------ c:\windows\system32\xvid.ax
2008-12-14 12:11 . 2003-05-21 23:50 24,576 --a------ c:\windows\system32\msxml3a.dll
2008-12-13 00:12 . 2008-12-13 00:12 118 --a------ c:\windows\system32\MRT.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 14:30 --------- d-----w c:\documents and settings\Olga Horáčková\Data aplikací\Skype
2009-01-02 13:43 --------- d-----w c:\program files\Spyware Terminator
2009-01-02 09:26 --------- d-----w c:\documents and settings\Olga Horáčková\Data aplikací\skypePM
2009-01-01 14:35 --------- d-----w c:\documents and settings\Mamina\Data aplikací\Skype
2009-01-01 12:18 --------- d-----w c:\program files\Java
2009-01-01 00:42 --------- d-----w c:\documents and settings\Mamina\Data aplikací\skypePM
2008-12-30 16:11 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-12-28 09:24 --------- d-----w c:\program files\WinClamAVShield
2008-12-19 13:28 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-18 14:17 58 ----a-w c:\documents and settings\Olga Horáčková\USERDATA.DAT
2008-12-18 14:17 58 ----a-w c:\documents and settings\Olga Horáčková\USERDATA.DAT
2008-12-16 13:07 --------- d-----w c:\program files\ICQToolbar
2008-12-13 06:39 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 15:51 --------- d-----w c:\program files\GameSpy Arcade
2008-12-06 07:25 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2008-11-29 12:01 138,624 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2008-11-23 16:44 --------- d-----w c:\program files\steam
2008-11-22 20:09 --------- d-----w c:\program files\Common Files\Filseclab
2008-11-07 13:55 --------- d-----w c:\program files\City Interactive
2008-10-26 15:29 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:42 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-15 16:38 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:04 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2007-12-21 18:45 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2008-03-04 17:48 88 --sh--r c:\windows\system32\B4A3EA5B95.sys
2008-03-04 17:48 2,568 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-08 17:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080820080809\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-07 21686568]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-18 49152]
"AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2006-06-09 110592]
"MediaSync"="c:\program files\Acer\Acer eConsole\MediaSync.exe" [2006-05-04 425984]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"PCMService"="c:\program files\Acer TV-FM\PCMService.exe" [2006-03-29 143360]
"supertintin_skype"="c:\program files\Supertintin for Skype\supertintin_skype.exe" [2008-06-26 761856]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"SW20"="c:\windows\system32\sw20.exe" [2006-09-07 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-09-07 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-01 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-12-02 111928]
"Ashampoo FireWall PRO"="d:\program files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" [2006-11-09 3525120]
"SiSPower"="SiSPower.dll" [2005-08-26 c:\windows\system32\SiSPower.dll]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Olga Hor źkov \Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Xfire.lnk - d:\program files\Xfire\xfire.exe [2008-07-16 3050832]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2006-12-25 262144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ShowSuperHidden"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.XFR1"= xfcodec.dll
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"=
"d:\\Program files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Program files\\Xfire\\xfire.exe"=
"d:\\Program files\\Edisk\\eDisk klient\\eDisk klient.exe"=
"d:\\Program files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"d:\\Program files\\Namco\\Street Racing Syndicate\\Bin\\SRS.EXE"=
"d:\\Program files\\VirtualDJ\\monitor.exe"=
"d:\\Program files\\VirtualDJ\\manager.exe"=
"d:\\Program files\\VirtualDJ\\server.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Edisk\\eDisk klient\\eDisk klient.exe"=
"d:\\Program files\\FlightGear\\bin\\win32\\fgfs.exe"=
"d:\\Program files\\rFactor MP Test\\rFactor MP Test.exe"=
"d:\\Program files\\rFactor\\rFactor.exe"=
"d:\\Program files\\VPN Anonymizer\\privoxy\\VPN_Anonymizer_webfilter.exe"=
"d:\\Program files\\QIP\\qip.exe"=
"d:\\Program files\\3dsmax.exe"=
"c:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"=
"d:\\Program files\\Playlogic\\World Racing 2\\MP Lounge 2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Olga Horáčková\\Plocha\\Insane\\Game.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Program files\\Counter-Strike Source\\hl2.exe"=
"d:\\Program files\\Cenega Czech\\VIETCONG\\vietcong.exe"=
"c:\\Program Files\\City Interactive\\Overspeed\\Overspeed.exe"=
"c:\\Program Files\\City Interactive\\Overspeed\\dedicated server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program files\\Graffiti Studio 2.0\\Graffiti Studio.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"d:\\Program files\\ICQ6.5\\ICQ.exe"=
"d:\\Program files\\BitLord\\BitLord.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-29 138624]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-12-16 222456]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;"d:\program files\mentalray\satellite\raysat_3dsMax2009_32server.exe" [2008-03-10 65536]
R3 DrvFltIp;DrvFltIp;\??\c:\documents and settings\Olga Horáčková\Local Settings\TEMP\DrvFltIp []
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-18 69120]
S1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys []
S3 jfdcd;jfdcd;\??\c:\docume~1\Filip\LOCALS~1\Temp\jfdcd.sys []
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-30 356920]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
*Newly Created Service* - PROCEXP90
.
Obsah adresáře 'Naplánované úlohy'
2008-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2008-06-14 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- d:\program files\Spybot - Search & Destroy\SpybotSD.exe []
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com" onclick="window.open(this.href);return false;
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q=" onclick="window.open(this.href);return false;{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://home.sweetim.com" onclick="window.open(this.href);return false;
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=" onclick="window.open(this.href);return false;%s
IE: &Download All with FlashGet - d:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - d:\program files\FlashGet\jc_link.htm
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Crawler Search - tbr:iemenu
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: {B9C5DDB4-1199-421B-AD7B-6D71B7020B33} = 212.158.128.2,212.158.128.3
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Olga Horáčková\Data aplikací\Mozilla\Firefox\Profiles\a0x87r70.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=" onclick="window.open(this.href);return false;
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/" onclick="window.open(this.href);return false;
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=" onclick="window.open(this.href);return false;
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
FF - plugin: d:\program files\Plugins\npqtplugin.dll
FF - plugin: d:\program files\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\Plugins\npqtplugin7.dll
ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-01-02 15:39:55
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\documents and settings\Olga Horáčková\Local Settings\TEMP\ASFWHide"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DrvFltIp]
"ImagePath"="\??\c:\documents and settings\Olga Horáčková\Local Settings\TEMP\DrvFltIp"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(600)
d:\program files\Ashampoo\Ashampoo FireWall PRO\MD5.dll
- - - - - - - > 'lsass.exe'(656)
d:\program files\Ashampoo\Ashampoo FireWall PRO\MD5.dll
- - - - - - - > 'csrss.exe'(576)
d:\program files\Ashampoo\Ashampoo FireWall PRO\MD5.dll
.
Celkový čas: 2009-01-02 15:41:09
ComboFix-quarantined-files.txt 2009-01-02 14:40:28
ComboFix2.txt 2009-01-02 12:35:26
Před spuštěním: Volných bajtů: 38 130 466 816
Po spuštění: Volných bajtů: 38,119,596,032
280 --- E O F --- 2008-12-18 21:11:50
Log z "HJT":
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42:30, on 2.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Program files\mentalray\satellite\raysat_3dsMax2009_32server.exe
D:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Acer TV-FM\PCMService.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Olga Horáčková\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com" onclick="window.open(this.href);return false;
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer TV-FM\PCMService.exe"
O4 - HKLM\..\Run: [supertintin_skype] C:\Program Files\Supertintin for Skype\supertintin_skype.exe /start_context sys_auto
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC315NC Webcam
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Ashampoo FireWall PRO] "D:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = D:\Program files\Xfire\xfire.exe
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C" onclick="window.open(this.href);return false;:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C" onclick="window.open(this.href);return false;:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C" onclick="window.open(this.href);return false;:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C" onclick="window.open(this.href);return false;:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9C5DDB4-1199-421B-AD7B-6D71B7020B33}: NameServer = 212.158.128.2,212.158.128.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - D:\Program files\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 13712 bytes
S tím virusTotal... nic takového v PC nemám.. podle cesty kterou píšeš tam nic takového není..
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1023.633 [GMT 1:00]
Spuštěný z: c:\documents and settings\Olga Horáčková\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Olga Horáčková\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
FILE ::
c:\docume~1\Filip\LOCALS~1\Temp\jfdcd.sys
c:\windows\Twain001.Mtx
c:\windows\Twunk001.MTX
c:\windows\Twunk002.MTX
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Twain001.Mtx
c:\windows\Twunk001.MTX
c:\windows\Twunk002.MTX
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-02 do 2009-01-02 )))))))))))))))))))))))))))))))
.
2009-01-02 10:50 . 2009-01-02 10:50 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-01-02 10:46 . 2009-01-02 10:46 <DIR> d-------- c:\windows\ERUNT
2009-01-01 13:18 . 2009-01-01 13:18 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-31 11:03 . 2008-12-31 11:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-31 11:03 . 2008-12-31 11:03 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\Malwarebytes
2008-12-31 11:03 . 2008-12-31 11:03 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-12-31 11:03 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-31 11:03 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-30 16:50 . 2009-01-02 13:25 <DIR> d-------- c:\program files\TrojanHunter 4.2
2008-12-30 16:16 . 2008-12-30 16:16 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\PC Tools
2008-12-30 16:16 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-19 14:27 . 2008-12-19 14:27 287 --a------ c:\windows\game.ini
2008-12-19 10:08 . 2008-12-19 10:08 <DIR> d-------- c:\program files\SweetIM
2008-12-19 10:08 . 2008-12-19 10:08 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SweetIM
2008-12-18 16:26 . 2008-12-18 16:26 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\Canneverbe_Limited
2008-12-16 20:49 . 2008-12-20 12:12 <DIR> d-------- c:\program files\ICQ6Toolbar
2008-12-16 20:49 . 2008-12-20 12:10 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ICQ
2008-12-16 17:10 . 2008-12-16 17:10 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\Moyea
2008-12-14 13:28 . 2008-12-14 13:28 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\Sony
2008-12-14 13:28 . 2008-12-14 13:32 <DIR> d-------- c:\documents and settings\Olga Horáčková\Data aplikací\Publish Providers
2008-12-14 13:27 . 2008-12-14 13:27 <DIR> d-------- c:\program files\Vstplugins
2008-12-14 13:27 . 2008-12-14 13:27 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Sony
2008-12-14 12:11 . 2002-11-25 17:53 425,984 --a------ c:\windows\system32\xvid.dll
2008-12-14 12:11 . 2003-06-05 17:30 316,640 --a------ c:\windows\system32\WMSysPr9.prx
2008-12-14 12:11 . 2004-09-06 16:06 53,248 --a------ c:\windows\system32\xvid.ax
2008-12-14 12:11 . 2003-05-21 23:50 24,576 --a------ c:\windows\system32\msxml3a.dll
2008-12-13 00:12 . 2008-12-13 00:12 118 --a------ c:\windows\system32\MRT.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 14:30 --------- d-----w c:\documents and settings\Olga Horáčková\Data aplikací\Skype
2009-01-02 13:43 --------- d-----w c:\program files\Spyware Terminator
2009-01-02 09:26 --------- d-----w c:\documents and settings\Olga Horáčková\Data aplikací\skypePM
2009-01-01 14:35 --------- d-----w c:\documents and settings\Mamina\Data aplikací\Skype
2009-01-01 12:18 --------- d-----w c:\program files\Java
2009-01-01 00:42 --------- d-----w c:\documents and settings\Mamina\Data aplikací\skypePM
2008-12-30 16:11 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-12-28 09:24 --------- d-----w c:\program files\WinClamAVShield
2008-12-19 13:28 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-18 14:17 58 ----a-w c:\documents and settings\Olga Horáčková\USERDATA.DAT
2008-12-18 14:17 58 ----a-w c:\documents and settings\Olga Horáčková\USERDATA.DAT
2008-12-16 13:07 --------- d-----w c:\program files\ICQToolbar
2008-12-13 06:39 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 15:51 --------- d-----w c:\program files\GameSpy Arcade
2008-12-06 07:25 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2008-11-29 12:01 138,624 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2008-11-23 16:44 --------- d-----w c:\program files\steam
2008-11-22 20:09 --------- d-----w c:\program files\Common Files\Filseclab
2008-11-07 13:55 --------- d-----w c:\program files\City Interactive
2008-10-26 15:29 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:42 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-15 16:38 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:04 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2007-12-21 18:45 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2008-03-04 17:48 88 --sh--r c:\windows\system32\B4A3EA5B95.sys
2008-03-04 17:48 2,568 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-08 17:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080820080809\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-07 21686568]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-18 49152]
"AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2006-06-09 110592]
"MediaSync"="c:\program files\Acer\Acer eConsole\MediaSync.exe" [2006-05-04 425984]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"PCMService"="c:\program files\Acer TV-FM\PCMService.exe" [2006-03-29 143360]
"supertintin_skype"="c:\program files\Supertintin for Skype\supertintin_skype.exe" [2008-06-26 761856]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"SW20"="c:\windows\system32\sw20.exe" [2006-09-07 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-09-07 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-01 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-12-02 111928]
"Ashampoo FireWall PRO"="d:\program files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" [2006-11-09 3525120]
"SiSPower"="SiSPower.dll" [2005-08-26 c:\windows\system32\SiSPower.dll]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Olga Hor źkov \Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Xfire.lnk - d:\program files\Xfire\xfire.exe [2008-07-16 3050832]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2006-12-25 262144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ShowSuperHidden"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.XFR1"= xfcodec.dll
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"=
"d:\\Program files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Program files\\Xfire\\xfire.exe"=
"d:\\Program files\\Edisk\\eDisk klient\\eDisk klient.exe"=
"d:\\Program files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"d:\\Program files\\Namco\\Street Racing Syndicate\\Bin\\SRS.EXE"=
"d:\\Program files\\VirtualDJ\\monitor.exe"=
"d:\\Program files\\VirtualDJ\\manager.exe"=
"d:\\Program files\\VirtualDJ\\server.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Edisk\\eDisk klient\\eDisk klient.exe"=
"d:\\Program files\\FlightGear\\bin\\win32\\fgfs.exe"=
"d:\\Program files\\rFactor MP Test\\rFactor MP Test.exe"=
"d:\\Program files\\rFactor\\rFactor.exe"=
"d:\\Program files\\VPN Anonymizer\\privoxy\\VPN_Anonymizer_webfilter.exe"=
"d:\\Program files\\QIP\\qip.exe"=
"d:\\Program files\\3dsmax.exe"=
"c:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"=
"d:\\Program files\\Playlogic\\World Racing 2\\MP Lounge 2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Olga Horáčková\\Plocha\\Insane\\Game.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Program files\\Counter-Strike Source\\hl2.exe"=
"d:\\Program files\\Cenega Czech\\VIETCONG\\vietcong.exe"=
"c:\\Program Files\\City Interactive\\Overspeed\\Overspeed.exe"=
"c:\\Program Files\\City Interactive\\Overspeed\\dedicated server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program files\\Graffiti Studio 2.0\\Graffiti Studio.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"d:\\Program files\\ICQ6.5\\ICQ.exe"=
"d:\\Program files\\BitLord\\BitLord.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-29 138624]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-12-16 222456]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;"d:\program files\mentalray\satellite\raysat_3dsMax2009_32server.exe" [2008-03-10 65536]
R3 DrvFltIp;DrvFltIp;\??\c:\documents and settings\Olga Horáčková\Local Settings\TEMP\DrvFltIp []
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-18 69120]
S1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys []
S3 jfdcd;jfdcd;\??\c:\docume~1\Filip\LOCALS~1\Temp\jfdcd.sys []
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-30 356920]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
*Newly Created Service* - PROCEXP90
.
Obsah adresáře 'Naplánované úlohy'
2008-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2008-06-14 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- d:\program files\Spybot - Search & Destroy\SpybotSD.exe []
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com" onclick="window.open(this.href);return false;
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q=" onclick="window.open(this.href);return false;{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://home.sweetim.com" onclick="window.open(this.href);return false;
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=" onclick="window.open(this.href);return false;%s
IE: &Download All with FlashGet - d:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - d:\program files\FlashGet\jc_link.htm
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Crawler Search - tbr:iemenu
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: {B9C5DDB4-1199-421B-AD7B-6D71B7020B33} = 212.158.128.2,212.158.128.3
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Olga Horáčková\Data aplikací\Mozilla\Firefox\Profiles\a0x87r70.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=" onclick="window.open(this.href);return false;
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/" onclick="window.open(this.href);return false;
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=" onclick="window.open(this.href);return false;
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
FF - plugin: d:\program files\Plugins\npqtplugin.dll
FF - plugin: d:\program files\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\Plugins\npqtplugin7.dll
ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-01-02 15:39:55
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\documents and settings\Olga Horáčková\Local Settings\TEMP\ASFWHide"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DrvFltIp]
"ImagePath"="\??\c:\documents and settings\Olga Horáčková\Local Settings\TEMP\DrvFltIp"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(600)
d:\program files\Ashampoo\Ashampoo FireWall PRO\MD5.dll
- - - - - - - > 'lsass.exe'(656)
d:\program files\Ashampoo\Ashampoo FireWall PRO\MD5.dll
- - - - - - - > 'csrss.exe'(576)
d:\program files\Ashampoo\Ashampoo FireWall PRO\MD5.dll
.
Celkový čas: 2009-01-02 15:41:09
ComboFix-quarantined-files.txt 2009-01-02 14:40:28
ComboFix2.txt 2009-01-02 12:35:26
Před spuštěním: Volných bajtů: 38 130 466 816
Po spuštění: Volných bajtů: 38,119,596,032
280 --- E O F --- 2008-12-18 21:11:50
Log z "HJT":
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42:30, on 2.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Program files\mentalray\satellite\raysat_3dsMax2009_32server.exe
D:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Acer TV-FM\PCMService.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Olga Horáčková\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com" onclick="window.open(this.href);return false;
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer TV-FM\PCMService.exe"
O4 - HKLM\..\Run: [supertintin_skype] C:\Program Files\Supertintin for Skype\supertintin_skype.exe /start_context sys_auto
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC315NC Webcam
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Ashampoo FireWall PRO] "D:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = D:\Program files\Xfire\xfire.exe
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C" onclick="window.open(this.href);return false;:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C" onclick="window.open(this.href);return false;:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C" onclick="window.open(this.href);return false;:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C" onclick="window.open(this.href);return false;:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9C5DDB4-1199-421B-AD7B-6D71B7020B33}: NameServer = 212.158.128.2,212.158.128.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - D:\Program files\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 13712 bytes
S tím virusTotal... nic takového v PC nemám.. podle cesty kterou píšeš tam nic takového není..
Re: Prosím o kontrolu logu..
To je divné , je v obou lozích CF. Máš povoleno zobrazovat skryté a systémové soubory?
Nástroje -možnosti složky-zobrazení.
Nebo tam můžeš zadat jen cestu k tomu souboru.
Nástroje -možnosti složky-zobrazení.
Nebo tam můžeš zadat jen cestu k tomu souboru.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu..
jj zadal sem tam cestu a už to šlape.. jinak z těmi logy.. už je to hotové.. nebo jak na to sme..? Smím se li zeptat..
Re: Prosím o kontrolu logu..
Čekám na výsledek z VT.
A pak ještě koukni sem jestli to tam je , to se nesmazalo:
c:\docume~1\Filip\LOCALS~1\Temp\jfdcd.sys
Dej vědět.
A pak ještě koukni sem jestli to tam je , to se nesmazalo:
c:\docume~1\Filip\LOCALS~1\Temp\jfdcd.sys
Dej vědět.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu..
Takže VirusTotal...
Soubor c:\windows\system32\B4A3EA5B95.sys
http://www.virustotal.com/cs/analisis/c ... adbc51beba" onclick="window.open(this.href);return false;
A soubor... c:\docume~1\Filip\LOCALS~1\Temp\jfdcd.sys nenajde.. už v PC asi není..
Soubor c:\windows\system32\B4A3EA5B95.sys
http://www.virustotal.com/cs/analisis/c ... adbc51beba" onclick="window.open(this.href);return false;
A soubor... c:\docume~1\Filip\LOCALS~1\Temp\jfdcd.sys nenajde.. už v PC asi není..
Re: Prosím o kontrolu logu..
Vyměnil bych Trojan Hunter za něco jiného..
Spybot, SpywareDoctor..
Odinstaloval bych :
Winamp Toolbar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
K tomu CD něco zde:
http://support.microsoft.com/kb/891894/cs" onclick="window.open(this.href);return false;
Pokud nepomůže , tak vyčistit mechaniku, popř. zadat téma do sekce problémy s HW.
Spybot, SpywareDoctor..
Odinstaloval bych :
Winamp Toolbar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Kód: Vybrat vše
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
Start-Spustit a zadej ComboFix[mezera]/u
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
K tomu CD něco zde:
http://support.microsoft.com/kb/891894/cs" onclick="window.open(this.href);return false;
Pokud nepomůže , tak vyčistit mechaniku, popř. zadat téma do sekce problémy s HW.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu..
Ok díky moc.. Pokud je vše hotovo tak moc děkuji..