ComboFix 11-07-25.02 - user 26.07.2011 22:40:48.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.609 [GMT 2:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\user\LOCALS~1\Temp\7659773.exe
c:\docume~1\user\LOCALS~1\Temp\8471329.exe
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\user\WINDOWS
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\TEMP\4865996.exe
c:\windows\TEMP\53713388-loader2.exe
c:\windows\TEMP\8252859.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-2-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Legacy_srvbtcclient
-------\Legacy_srvbtcclient
-------\Service_srvbtcclient
-------\Service_srvbtcclient
.
.
((((((((((((((((((((((((( Files Created from 2011-06-26 to 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 19:36 . 2011-07-26 20:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-07-26 19:35 . 2011-07-26 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-07-26 18:12 . 2011-07-26 18:12 -------- d-----w- c:\program files\AMD APP
2011-07-26 18:12 . 2011-07-26 18:12 -------- d-----w- c:\program files\ATI
2011-07-26 17:46 . 2011-07-26 17:46 -------- d-----w- C:\ATI
2011-07-26 17:38 . 2011-07-26 17:38 -------- d-----w- c:\windows\rpcminer
2011-07-26 17:38 . 2011-07-26 17:38 -------- d-----w- c:\windows\ufa
2011-07-26 17:38 . 2011-07-26 17:38 -------- d-----w- c:\windows\phoenix
2011-07-26 17:35 . 2011-07-26 17:38 246272 ----a-w- c:\windows\unrar.exe
2011-07-26 17:31 . 2011-07-26 17:31 -------- d-----w- c:\windows\av_ico
2011-07-26 17:30 . 2011-07-26 20:44 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-26 17:30 . 2011-07-26 17:30 -------- d--h--w- c:\windows\update.tray-2-0-lnk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:02 . 1980-01-01 08:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-02 15:31 . 2003-02-20 17:10 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 1980-01-01 08:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 1980-01-01 08:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dfabc5b5-039b-4865-979a-de31cdf3e351}"= "c:\program files\Media_Star\prxtbMed0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Media_Star\prxtbMed0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dfabc5b5-039b-4865-979a-de31cdf3e351}"= "c:\program files\Media_Star\prxtbMed0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DFABC5B5-039B-4865-979A-DE31CDF3E351}"= "c:\program files\Media_Star\prxtbMed0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-07-21 540672]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-11 21741864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 69632]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-07-03 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"TpShocks"="TpShocks.exe" [2003-09-04 77824]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2003-07-11 20480]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2003-09-02 897024]
"TP4EX"="tp4ex.exe" [2002-09-04 53248]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-07-18 208896]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 88363]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 335872]
"UC_Start"="c:\ibmtools\Updater\ucstartup.exe" [2003-03-17 32768]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-07-21 540672]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-10-22 114741]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2003-07-11 94208]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-02 185872]
"ISSI Service"="c:\sdwork\issimsvc.exe" [2009-07-06 242928]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-08-15 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-08-15 143360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 14:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-08-08 17:14 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\IBMTOOLS\\Updater\\jre\\bin\\javaw.exe"=
"c:\\sdwork\\w32maing.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\update.tray-2-0-lnk\\svchost.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 13:47 94872]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [26.3.2008 23:35 15360]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [18.9.2008 21:48 222456]
.
Contents of the 'Scheduled Tasks' folder
.
2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2008-03-26 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2008-03-26 09:34]
.
2008-03-26 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2008-03-26 02:38]
.
2011-07-26 c:\windows\Tasks\User_Feed_Synchronization-{F401BBD0-0E53-4762-85FC-928671DB44DD}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sme.sk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-IBM RecordNow! - (no file)
HKLM-Run-wxpdrv - c:\windows\services32.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-2-0\svchost.exe
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-sysdriver32.exe - c:\windows\sysdriver32.exe
HKLM-Run-sysdriver32_.exe - c:\windows\sysdriver32_.exe
HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe
Notify-ACNotify - ACNotify.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 22:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
- - - - - - - > 'explorer.exe'(3808)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\TpShocks.exe
c:\windows\AGRSMMSG.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\acs.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
.
**************************************************************************
.
Completion time: 2011-07-26 22:52:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-26 20:52
.
Pre-Run: 24 801 849 344 bytes free
Post-Run: 25 512 706 048 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
.
- - End Of File - - 826C779C85463DD59974C1B0F5FDA14E
Dakujem za pomoc!
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Log file z Combofixu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Log file z Combofixu
Zdravím,
CFscriptPokud nemáš ComboFix na ploše, přesuň jej tam.
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.
ComboFix se spustí - počkej na log a vlož ho sem.
Kód: Vybrat vše
KillAll::
File::
c:\windows\unrar.exe
Folder::
c:\windows\rpcminer
c:\windows\ufa
c:\windows\phoenix
c:\windows\av_ico
c:\windows\update.tray-2-0
c:\windows\update.tray-2-0-lnk
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\update.tray-2-0-lnk\\svchost.exe"=-
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Re: Log file z Combofixu
Ahoj,
tu je novy log file z Combofixu:
ComboFix 11-07-25.02 - user 27.07.2011 8:26.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.600 [GMT 2:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFscript.txt
.
FILE ::
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\av_ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-2-0-lnk\svchost.exe
c:\windows\update.tray-2-0
.
.
((((((((((((((((((((((((( Files Created from 2011-06-27 to 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-26 21:04 . 2011-07-26 21:04 -------- d-----w- c:\program files\trend micro
2011-07-26 21:04 . 2011-07-26 21:04 -------- d-----w- C:\rsit
2011-07-26 19:36 . 2011-07-26 20:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-07-26 19:35 . 2011-07-26 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-07-26 18:12 . 2011-07-26 18:12 -------- d-----w- c:\program files\AMD APP
2011-07-26 18:12 . 2011-07-26 18:12 -------- d-----w- c:\program files\ATI
2011-07-26 17:46 . 2011-07-26 17:46 -------- d-----w- C:\ATI
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:02 . 1980-01-01 08:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-02 15:31 . 2003-02-20 17:10 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 1980-01-01 08:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 1980-01-01 08:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-26_20.48.03 )))))))))))))))))))))))))))))))))))))))))
.
- 1980-01-01 08:00 . 2011-07-26 20:28 71842 c:\windows\system32\perfc009.dat
+ 1980-01-01 08:00 . 2011-07-27 06:11 71842 c:\windows\system32\perfc009.dat
+ 1980-01-01 08:00 . 2011-07-27 06:11 441906 c:\windows\system32\perfh009.dat
- 1980-01-01 08:00 . 2011-07-26 20:28 441906 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dfabc5b5-039b-4865-979a-de31cdf3e351}"= "c:\program files\Media_Star\prxtbMed0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Media_Star\prxtbMed0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dfabc5b5-039b-4865-979a-de31cdf3e351}"= "c:\program files\Media_Star\prxtbMed0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DFABC5B5-039B-4865-979A-DE31CDF3E351}"= "c:\program files\Media_Star\prxtbMed0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-07-21 540672]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-11 21741864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 69632]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-07-03 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"TpShocks"="TpShocks.exe" [2003-09-04 77824]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2003-07-11 20480]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2003-09-02 897024]
"TP4EX"="tp4ex.exe" [2002-09-04 53248]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-07-18 208896]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 88363]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 335872]
"UC_Start"="c:\ibmtools\Updater\ucstartup.exe" [2003-03-17 32768]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-07-21 540672]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-10-22 114741]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2003-07-11 94208]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-02 185872]
"ISSI Service"="c:\sdwork\issimsvc.exe" [2009-07-06 242928]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-08-15 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-08-15 143360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 14:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-08-08 17:14 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\IBMTOOLS\\Updater\\jre\\bin\\javaw.exe"=
"c:\\sdwork\\w32maing.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 13:47 94872]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [26.3.2008 23:35 15360]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [18.9.2008 21:48 222456]
.
Contents of the 'Scheduled Tasks' folder
.
2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2008-03-26 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2008-03-26 09:34]
.
2008-03-26 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2008-03-26 02:38]
.
2011-07-27 c:\windows\Tasks\User_Feed_Synchronization-{F401BBD0-0E53-4762-85FC-928671DB44DD}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sme.sk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-27 08:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
- - - - - - - > 'explorer.exe'(1224)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\TpShocks.exe
c:\windows\AGRSMMSG.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\acs.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
.
**************************************************************************
.
Completion time: 2011-07-27 08:38:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-27 06:38
ComboFix2.txt 2011-07-26 20:52
.
Pre-Run: 25 507 033 088 bytes free
Post-Run: 25 501 192 192 bytes free
.
- - End Of File - - 013C6BDBFE21A26C99B391C4410927DB
tu je novy log file z Combofixu:
ComboFix 11-07-25.02 - user 27.07.2011 8:26.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.600 [GMT 2:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFscript.txt
.
FILE ::
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\av_ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-2-0-lnk\svchost.exe
c:\windows\update.tray-2-0
.
.
((((((((((((((((((((((((( Files Created from 2011-06-27 to 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-26 21:04 . 2011-07-26 21:04 -------- d-----w- c:\program files\trend micro
2011-07-26 21:04 . 2011-07-26 21:04 -------- d-----w- C:\rsit
2011-07-26 19:36 . 2011-07-26 20:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-07-26 19:35 . 2011-07-26 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-07-26 18:12 . 2011-07-26 18:12 -------- d-----w- c:\program files\AMD APP
2011-07-26 18:12 . 2011-07-26 18:12 -------- d-----w- c:\program files\ATI
2011-07-26 17:46 . 2011-07-26 17:46 -------- d-----w- C:\ATI
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:02 . 1980-01-01 08:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-02 15:31 . 2003-02-20 17:10 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 1980-01-01 08:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 1980-01-01 08:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-26_20.48.03 )))))))))))))))))))))))))))))))))))))))))
.
- 1980-01-01 08:00 . 2011-07-26 20:28 71842 c:\windows\system32\perfc009.dat
+ 1980-01-01 08:00 . 2011-07-27 06:11 71842 c:\windows\system32\perfc009.dat
+ 1980-01-01 08:00 . 2011-07-27 06:11 441906 c:\windows\system32\perfh009.dat
- 1980-01-01 08:00 . 2011-07-26 20:28 441906 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dfabc5b5-039b-4865-979a-de31cdf3e351}"= "c:\program files\Media_Star\prxtbMed0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Media_Star\prxtbMed0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dfabc5b5-039b-4865-979a-de31cdf3e351}"= "c:\program files\Media_Star\prxtbMed0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DFABC5B5-039B-4865-979A-DE31CDF3E351}"= "c:\program files\Media_Star\prxtbMed0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-07-21 540672]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-11 21741864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 69632]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-07-03 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"TpShocks"="TpShocks.exe" [2003-09-04 77824]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2003-07-11 20480]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2003-09-02 897024]
"TP4EX"="tp4ex.exe" [2002-09-04 53248]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-07-18 208896]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 88363]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 335872]
"UC_Start"="c:\ibmtools\Updater\ucstartup.exe" [2003-03-17 32768]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-07-21 540672]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-10-22 114741]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2003-07-11 94208]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-02 185872]
"ISSI Service"="c:\sdwork\issimsvc.exe" [2009-07-06 242928]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-08-15 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-08-15 143360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 14:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-08-08 17:14 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\IBMTOOLS\\Updater\\jre\\bin\\javaw.exe"=
"c:\\sdwork\\w32maing.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 13:47 94872]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [26.3.2008 23:35 15360]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [18.9.2008 21:48 222456]
.
Contents of the 'Scheduled Tasks' folder
.
2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2008-03-26 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2008-03-26 09:34]
.
2008-03-26 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2008-03-26 02:38]
.
2011-07-27 c:\windows\Tasks\User_Feed_Synchronization-{F401BBD0-0E53-4762-85FC-928671DB44DD}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sme.sk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-27 08:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
- - - - - - - > 'explorer.exe'(1224)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\TpShocks.exe
c:\windows\AGRSMMSG.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\acs.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
.
**************************************************************************
.
Completion time: 2011-07-27 08:38:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-27 06:38
ComboFix2.txt 2011-07-26 20:52
.
Pre-Run: 25 507 033 088 bytes free
Post-Run: 25 501 192 192 bytes free
.
- - End Of File - - 013C6BDBFE21A26C99B391C4410927DB
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Log file z Combofixu
FB vir by měl být vyhnán 
Ještě jedna kontrola
Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Kontrolor" -> Úplná kontrola -> Prohledat
po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené
vyběhne log, ve kterém budou záznamy tohoto typu:
Infikované adresáře:
C:\Program Files\xxxxxx -> Quarantined and deleted successfully.
ten bych rád viděl
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Re: Log file z Combofixu
Nech sa paci novy log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7294
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
27.7.2011 12:27:20
mbam-log-2011-07-27 (12-27-20).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 251153
Time elapsed: 1 hour(s), 25 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 16
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Qoobox\quarantine\C\WINDOWS\l1rezerv.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\services32.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\sysdriver32.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\sysdriver32_.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\update.1\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\update.tray-2-0\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\update.tray-2-0-lnk\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{daad8284-5896-4b40-a753-8454bdc2e5a5}\RP215\A0035177.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{daad8284-5896-4b40-a753-8454bdc2e5a5}\RP215\A0035178.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{daad8284-5896-4b40-a753-8454bdc2e5a5}\RP216\A0036526.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{daad8284-5896-4b40-a753-8454bdc2e5a5}\RP216\A0036519.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{daad8284-5896-4b40-a753-8454bdc2e5a5}\RP216\A0036520.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{daad8284-5896-4b40-a753-8454bdc2e5a5}\RP216\A0036521.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{daad8284-5896-4b40-a753-8454bdc2e5a5}\RP216\A0036522.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{daad8284-5896-4b40-a753-8454bdc2e5a5}\RP216\A0036523.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{daad8284-5896-4b40-a753-8454bdc2e5a5}\RP216\A0036669.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7294
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
27.7.2011 12:27:20
mbam-log-2011-07-27 (12-27-20).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 251153
Time elapsed: 1 hour(s), 25 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 16
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Qoobox\quarantine\C\WINDOWS\l1rezerv.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\services32.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\sysdriver32.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\sysdriver32_.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\update.1\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\update.tray-2-0\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\update.tray-2-0-lnk\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{daad8284-5896-4b40-a753-8454bdc2e5a5}\RP215\A0035177.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{daad8284-5896-4b40-a753-8454bdc2e5a5}\RP215\A0035178.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{daad8284-5896-4b40-a753-8454bdc2e5a5}\RP216\A0036526.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{daad8284-5896-4b40-a753-8454bdc2e5a5}\RP216\A0036519.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{daad8284-5896-4b40-a753-8454bdc2e5a5}\RP216\A0036520.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{daad8284-5896-4b40-a753-8454bdc2e5a5}\RP216\A0036521.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{daad8284-5896-4b40-a753-8454bdc2e5a5}\RP216\A0036522.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{daad8284-5896-4b40-a753-8454bdc2e5a5}\RP216\A0036523.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{daad8284-5896-4b40-a753-8454bdc2e5a5}\RP216\A0036669.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Log file z Combofixu
zdá se, že máš čistoa jestli už nenacházíš nic podivného, tak po sobě uklidím
ComboFix odinstalujemejdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK
Stáhni a spusť T-cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe - uklidí po použitých čističích.
Po spuštění ignoruj případné varování antiviru - je to v pořádku
Po provedení akce T-cleaner smažeš
Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exeZavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)
stáhni program OTC tady: http://oldtimer.geekstogo.com/OTC.exe - spusť ho -> "CleanUp" (smaže dříve použité čističe) Vypni Obnovení systému -> restart -> zapni Obnovení systému http://www.viry.cz/forum/viewtopic.php?t=47040 Mohu doporučit kontrolu a vyčištění Ccleanerem
Ten si můžeš nechat i na budoucí občasné čištění.Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"
zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.
Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx
Po vyčištění by se hodila defragmentacedoporučuji http://www.slunecnice.cz/sw/defraggler/ + čeština
Pokud máš NOD32 legální, tak přeinstaluj - v opačném případě odstraň a dej Avast free!Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Re: Log file z Combofixu
Dakujem pekne za pomoc, vyzera to uz okay! 
Ked mam nainstalovany MBAM, treba aj iny antivirus, nestaci toto? NOD som mala iba trial version. Nemam zaplatene nic.
Ked mam nainstalovany MBAM, treba aj iny antivirus, nestaci toto? NOD som mala iba trial version. Nemam zaplatene nic.
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Log file z Combofixu
MBAM je nástroj na jednorázový scan (aktualizovat, kontrola - log sem na posouzení )
Avast je free plnohodnotný Antivirus a Antispyware nástroj s mnoha štíty a výbornou detekcí - vřele doporučuji
http://www.slunecnice.cz/sw/avast-free-antivirus/
A jestli nejsou problémy, tak nemáš zač - rádo se stalo a jsme tady i příště
)Avast je free plnohodnotný Antivirus a Antispyware nástroj s mnoha štíty a výbornou detekcí - vřele doporučuji
http://www.slunecnice.cz/sw/avast-free-antivirus/
A jestli nejsou problémy, tak nemáš zač - rádo se stalo a jsme tady i příště
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Přispějete na provoz fóra?