Ahoj,
chtěl jsem poprosit o kontrolu logu. Přikládám log z RSIT, pc sem prošel CCleanerem,Spybotem.Předem děkuji.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Iris Moon at 2011-07-27 11:36:46
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 125 GB (82%) free of 153 GB
Total RAM: 1023 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:37:10, on 27.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
C:\Documents and Settings\Iris Moon\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Iris Moon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 2590 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\ASC4_AutoCare.job
C:\WINDOWS\tasks\ASC4_AutoUpdate.job
C:\WINDOWS\tasks\AWC AutoSweep.job
C:\WINDOWS\tasks\AWC Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1957994488-839522115-1004Core1cc20a4e97d699c.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1957994488-839522115-1004UA.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Iris Moon\Data aplikací\Mozilla\Firefox\Profiles\k2deg59s.default
prefs.js - "browser.startup.homepage" - "http://www.mydtzone.com/startpage"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, plugin2@gameplaylabs.com:2.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =685749&p="
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nexon.net/NxGame]
"Description"=Nexon Game Controller
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Webzen.com/NPGameWebStarter]
"Description"=Webzen Game Controller
"Path"=C:\Program Files\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml
C:\Documents and Settings\Iris Moon\Data aplikací\Mozilla\Firefox\Profiles\k2deg59s.default\extensions\
plugin2@gameplaylabs.com
{20a82645-c095-46ed-80e3-08825760534b}
{ea614400-e918-4741-9a97-7a972ff7c30b}
C:\Documents and Settings\Iris Moon\Data aplikací\Mozilla\Firefox\Profiles\k2deg59s.default\searchplugins\
daemon-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-18 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-05-25 13895272]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"=C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe [2011-05-28 412560]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Iris Moon\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-03-24 136176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Iris Moon^Nabídka Start^Programy^Po spuštění^AnthariaMU.lnk]
C:\PROGRA~1\ANTHAR~1\ANTHAR~1.EXE [2011-04-13 880640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInstrumentation"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\QIP 2010\qip.exe"="C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Warcraft III\Warcraft III\Warcraft III.exe"="C:\Warcraft III\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Documents and Settings\Iris Moon\Local Settings\Data aplikací\Kamuse\KCSTrayDownloader\KCSTrayDownloaderEngine.exe"="C:\Documents and Settings\Iris Moon\Local Settings\Data aplikací\Kamuse\KCSTrayDownloader\KCSTrayDownloaderEngine.exe:*:Enabled:KCSTrayDownloaderEngine"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
======List of files/folders created in the last 1 month======
2011-07-27 11:36:46 ----D---- C:\rsit
2011-07-27 11:36:46 ----D---- C:\Program Files\trend micro
2011-07-27 11:19:59 ----D---- C:\Program Files\CCleaner
2011-07-25 17:48:03 ----D---- C:\Program Files\AnthariaMU
2011-07-14 03:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-14 03:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-06-30 03:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
======List of files/folders modified in the last 1 month======
2011-07-27 11:36:52 ----D---- C:\WINDOWS\Prefetch
2011-07-27 11:36:46 ----RD---- C:\Program Files
2011-07-27 11:35:09 ----SD---- C:\WINDOWS\Tasks
2011-07-27 11:33:59 ----D---- C:\WINDOWS
2011-07-27 11:32:49 ----D---- C:\WINDOWS\Temp
2011-07-27 11:29:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-07-27 11:24:18 ----D---- C:\WINDOWS\pss
2011-07-27 11:23:59 ----SHD---- C:\WINDOWS\Installer
2011-07-27 11:23:54 ----SHD---- C:\Config.Msi
2011-07-27 11:23:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-07-27 11:23:41 ----D---- C:\Documents and Settings\Iris Moon\Data aplikací\Skype
2011-07-27 11:21:04 ----D---- C:\Documents and Settings\Iris Moon\Data aplikací\DAEMON Tools Lite
2011-07-27 11:20:52 ----D---- C:\Documents and Settings\Iris Moon\Data aplikací\uTorrent
2011-07-27 11:20:40 ----D---- C:\WINDOWS\Logs
2011-07-27 11:20:40 ----D---- C:\WINDOWS\Debug
2011-07-27 11:10:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-27 11:10:29 ----D---- C:\Program Files\Movie Maker
2011-07-27 11:09:58 ----D---- C:\Program Files\IObit
2011-07-27 11:06:15 ----D---- C:\Documents and Settings\Iris Moon\Data aplikací\IObit
2011-07-27 11:01:30 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-07-27 10:57:56 ----D---- C:\Program Files\Counter-Strike 1.6
2011-07-26 11:14:45 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-26 06:14:58 ----D---- C:\Program Files\QIP 2010
2011-07-26 03:02:00 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-07-22 07:41:29 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-21 17:05:41 ----D---- C:\WINDOWS\system32\drivers
2011-07-21 17:05:33 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-07-18 18:10:25 ----D---- C:\WINDOWS\system32
2011-07-16 09:39:19 ----D---- C:\VLC
2011-07-16 09:11:07 ----D---- C:\Documents and Settings\Iris Moon\Data aplikací\vlc
2011-07-14 03:02:30 ----HD---- C:\WINDOWS\inf
2011-07-14 03:00:49 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-13 03:28:32 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-02 06:03:44 ----D---- C:\Program Files\Mozilla Firefox
2011-07-01 09:27:54 ----SD---- C:\Documents and Settings\Iris Moon\Data aplikací\Microsoft
2011-06-30 03:29:40 ----RSD---- C:\WINDOWS\assembly
2011-06-30 03:22:54 ----D---- C:\WINDOWS\Microsoft.NET
2011-06-30 03:18:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-30 03:18:39 ----D---- C:\WINDOWS\WinSxS
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-08 7967712]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 apf001;apf001; \??\C:\Program Files\Softnyx\RakionIS\Bin\apf001.sys []
S3 ByakkoDriver;ByakkoDriver; \??\C:\Program Files\Games Pirate\Cabal Reloaded\Byakko.K32 []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 LLRING0;LLRING0; \??\C:\Program Files\FlareMuSeason5Episode4\MuGuard\llck.sys []
S3 npkcrypt;npkcrypt; \??\c:\Program Files\Lineage II\system\npkcrypt.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vtany;vtany; \??\C:\WINDOWS\vtany.sys []
S3 XDva383;XDva383; \??\C:\WINDOWS\system32\XDva383.sys []
S3 xhunter1;xhunter1; \??\C:\WINDOWS\xhunter1.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2011-05-25 154728]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu
Zdravím!
Jsou tam rootkity. Dejte log z ComboFix.
Jsou tam rootkity. Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu
Tak tady je ten log ComboFixu 
ComboFix 11-07-27.01 - Iris Moon 27.07.2011 13:21:36.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.664 [GMT 2:00]
Spuštěný z: c:\documents and settings\Iris Moon\Dokumenty\Sta×enÚ soubory\ComboFix.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-27 do 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-27 09:44 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll
2011-07-27 09:43 . 2011-04-25 14:47 627200 ----a-w- c:\windows\system32\SET119.tmp
2011-07-27 09:43 . 2011-04-25 14:47 449536 ----a-w- c:\windows\system32\SET11D.tmp
2011-07-27 09:43 . 2011-04-25 14:47 1025024 ----a-w- c:\windows\system32\SET120.tmp
2011-07-27 09:43 . 2011-04-25 14:47 668160 ----a-w- c:\windows\system32\SET118.tmp
2011-07-27 09:43 . 2011-04-25 14:47 1510912 ----a-w- c:\windows\system32\SET11B.tmp
2011-07-27 09:42 . 2011-07-27 09:42 -------- d-----w- c:\windows\LastGood
2011-07-27 09:36 . 2011-07-27 09:37 -------- d-----w- C:\rsit
2011-07-27 09:36 . 2011-07-27 09:37 -------- d-----w- c:\program files\trend micro
2011-07-27 09:19 . 2011-07-27 09:20 -------- d-----w- c:\program files\CCleaner
2011-07-25 15:48 . 2011-07-27 04:28 -------- d-----w- c:\program files\AnthariaMU
2011-07-18 16:10 . 2002-03-15 13:25 53248 ----a-w- c:\windows\system32\AnimatedGif.ocx
2011-07-18 16:10 . 1998-06-23 21:00 115016 ----a-w- c:\windows\system32\MSINET.OCX
2011-07-18 16:10 . 2009-05-09 23:32 380928 ----a-w- c:\windows\system32\actskin4.ocx
2011-07-02 04:03 . 2011-07-02 04:03 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-02 04:03 . 2011-07-02 04:03 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-01 07:27 . 2011-07-01 07:27 -------- d-----w- c:\documents and settings\Iris Moon\Local Settings\Data aplikací\Identities
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 06:09 . 2011-06-15 14:59 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 06:09 . 2011-06-15 14:58 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2011-06-15 14:58 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 06:09 . 2011-06-15 14:58 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2011-06-15 14:59 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 06:09 . 2011-06-15 14:58 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-05-25 06:09 . 2011-06-15 14:58 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:09 . 2011-06-15 14:58 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-25 06:09 . 2011-06-15 14:58 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-25 06:09 . 2011-06-15 14:58 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-02 15:32 . 2011-01-18 19:42 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-18 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-02 04:03 . 2011-04-08 18:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"KB2492386"="apphelp.dll" [2008-04-14 125952]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Iris Moon^Nabídka Start^Programy^Po spuštění^AnthariaMU.lnk]
backup=c:\windows\pss\AnthariaMU.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-03-24 15:57 136176 ----atw- c:\documents and settings\Iris Moon\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Warcraft III\\Warcraft III\\Warcraft III.exe"=
"c:\\Documents and Settings\\Iris Moon\\Local Settings\\Data aplikací\\Kamuse\\KCSTrayDownloader\\KCSTrayDownloaderEngine.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57194:TCP"= 57194:TCP:Pando Media Booster
"57194:UDP"= 57194:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6882:TCP"= 6882:TCP:League of Legends Launcher
"6882:UDP"= 6882:UDP:League of Legends Launcher
"6913:TCP"= 6913:TCP:League of Legends Launcher
"6913:UDP"= 6913:UDP:League of Legends Launcher
"6971:TCP"= 6971:TCP:League of Legends Launcher
"6971:UDP"= 6971:UDP:League of Legends Launcher
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [27.7.2011 11:32 353168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 apf001;apf001;\??\c:\program files\Softnyx\RakionIS\Bin\apf001.sys --> c:\program files\Softnyx\RakionIS\Bin\apf001.sys [?]
S3 ByakkoDriver;ByakkoDriver;\??\c:\program files\Games Pirate\Cabal Reloaded\Byakko.K32 --> c:\program files\Games Pirate\Cabal Reloaded\Byakko.K32 [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 LLRING0;LLRING0;\??\c:\program files\FlareMuSeason5Episode4\MuGuard\llck.sys --> c:\program files\FlareMuSeason5Episode4\MuGuard\llck.sys [?]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys --> c:\windows\system32\XDva383.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ADVANCEDSYSTEMCARESERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-27 c:\windows\Tasks\ASC4_AutoCare.job
- c:\program files\IObit\Advanced SystemCare 4\AutoCare.exe [2011-07-27 12:46]
.
2011-07-27 c:\windows\Tasks\ASC4_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-07-27 12:46]
.
.
------- Doplňkový sken -------
.
uStart Page = my.daemon-search.com
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\documents and settings\Iris Moon\Data aplikací\Mozilla\Firefox\Profiles\k2deg59s.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.mydtzone.com/startpage
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-27 13:25
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ByakkoDriver]
"ImagePath"="\??\c:\program files\Games Pirate\Cabal Reloaded\Byakko.K32"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1712)
c:\windows\system32\msi.dll
.
Celkový čas: 2011-07-27 13:27:43
ComboFix-quarantined-files.txt 2011-07-27 11:27
.
Před spuštěním: Volných bajtů: 131 153 420 288
Po spuštění: Volných bajtů: 131 232 194 560
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 9A8841994ACB51896212BAA273B134E8
ComboFix 11-07-27.01 - Iris Moon 27.07.2011 13:21:36.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.664 [GMT 2:00]
Spuštěný z: c:\documents and settings\Iris Moon\Dokumenty\Sta×enÚ soubory\ComboFix.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-27 do 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-27 09:44 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll
2011-07-27 09:43 . 2011-04-25 14:47 627200 ----a-w- c:\windows\system32\SET119.tmp
2011-07-27 09:43 . 2011-04-25 14:47 449536 ----a-w- c:\windows\system32\SET11D.tmp
2011-07-27 09:43 . 2011-04-25 14:47 1025024 ----a-w- c:\windows\system32\SET120.tmp
2011-07-27 09:43 . 2011-04-25 14:47 668160 ----a-w- c:\windows\system32\SET118.tmp
2011-07-27 09:43 . 2011-04-25 14:47 1510912 ----a-w- c:\windows\system32\SET11B.tmp
2011-07-27 09:42 . 2011-07-27 09:42 -------- d-----w- c:\windows\LastGood
2011-07-27 09:36 . 2011-07-27 09:37 -------- d-----w- C:\rsit
2011-07-27 09:36 . 2011-07-27 09:37 -------- d-----w- c:\program files\trend micro
2011-07-27 09:19 . 2011-07-27 09:20 -------- d-----w- c:\program files\CCleaner
2011-07-25 15:48 . 2011-07-27 04:28 -------- d-----w- c:\program files\AnthariaMU
2011-07-18 16:10 . 2002-03-15 13:25 53248 ----a-w- c:\windows\system32\AnimatedGif.ocx
2011-07-18 16:10 . 1998-06-23 21:00 115016 ----a-w- c:\windows\system32\MSINET.OCX
2011-07-18 16:10 . 2009-05-09 23:32 380928 ----a-w- c:\windows\system32\actskin4.ocx
2011-07-02 04:03 . 2011-07-02 04:03 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-02 04:03 . 2011-07-02 04:03 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-01 07:27 . 2011-07-01 07:27 -------- d-----w- c:\documents and settings\Iris Moon\Local Settings\Data aplikací\Identities
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 06:09 . 2011-06-15 14:59 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 06:09 . 2011-06-15 14:58 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2011-06-15 14:58 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 06:09 . 2011-06-15 14:58 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2011-06-15 14:59 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 06:09 . 2011-06-15 14:58 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-05-25 06:09 . 2011-06-15 14:58 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:09 . 2011-06-15 14:58 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-25 06:09 . 2011-06-15 14:58 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-25 06:09 . 2011-06-15 14:58 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-02 15:32 . 2011-01-18 19:42 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-18 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-02 04:03 . 2011-04-08 18:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"KB2492386"="apphelp.dll" [2008-04-14 125952]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Iris Moon^Nabídka Start^Programy^Po spuštění^AnthariaMU.lnk]
backup=c:\windows\pss\AnthariaMU.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-03-24 15:57 136176 ----atw- c:\documents and settings\Iris Moon\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Warcraft III\\Warcraft III\\Warcraft III.exe"=
"c:\\Documents and Settings\\Iris Moon\\Local Settings\\Data aplikací\\Kamuse\\KCSTrayDownloader\\KCSTrayDownloaderEngine.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57194:TCP"= 57194:TCP:Pando Media Booster
"57194:UDP"= 57194:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6882:TCP"= 6882:TCP:League of Legends Launcher
"6882:UDP"= 6882:UDP:League of Legends Launcher
"6913:TCP"= 6913:TCP:League of Legends Launcher
"6913:UDP"= 6913:UDP:League of Legends Launcher
"6971:TCP"= 6971:TCP:League of Legends Launcher
"6971:UDP"= 6971:UDP:League of Legends Launcher
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [27.7.2011 11:32 353168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 apf001;apf001;\??\c:\program files\Softnyx\RakionIS\Bin\apf001.sys --> c:\program files\Softnyx\RakionIS\Bin\apf001.sys [?]
S3 ByakkoDriver;ByakkoDriver;\??\c:\program files\Games Pirate\Cabal Reloaded\Byakko.K32 --> c:\program files\Games Pirate\Cabal Reloaded\Byakko.K32 [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 LLRING0;LLRING0;\??\c:\program files\FlareMuSeason5Episode4\MuGuard\llck.sys --> c:\program files\FlareMuSeason5Episode4\MuGuard\llck.sys [?]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys --> c:\windows\system32\XDva383.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ADVANCEDSYSTEMCARESERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-27 c:\windows\Tasks\ASC4_AutoCare.job
- c:\program files\IObit\Advanced SystemCare 4\AutoCare.exe [2011-07-27 12:46]
.
2011-07-27 c:\windows\Tasks\ASC4_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-07-27 12:46]
.
.
------- Doplňkový sken -------
.
uStart Page = my.daemon-search.com
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\documents and settings\Iris Moon\Data aplikací\Mozilla\Firefox\Profiles\k2deg59s.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.mydtzone.com/startpage
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-27 13:25
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ByakkoDriver]
"ImagePath"="\??\c:\program files\Games Pirate\Cabal Reloaded\Byakko.K32"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1712)
c:\windows\system32\msi.dll
.
Celkový čas: 2011-07-27 13:27:43
ComboFix-quarantined-files.txt 2011-07-27 11:27
.
Před spuštěním: Volných bajtů: 131 153 420 288
Po spuštění: Volných bajtů: 131 232 194 560
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 9A8841994ACB51896212BAA273B134E8
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu
Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
c:\windows\system32\SET119.tmp
c:\windows\system32\SET11D.tmp
c:\windows\system32\SET120.tmp
c:\windows\system32\SET118.tmp
c:\windows\system32\SET11B.tmp
c:\windows\system32\XDva383.sys
Driver::
XDva383
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu
Ok provedeno,přikládám logy z CF a RSIT:-)
CF:
ComboFix 11-07-27.01 - Iris Moon 27.07.2011 13:49:11.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.432 [GMT 2:00]
Spuštěný z: c:\documents and settings\Iris Moon\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Iris Moon\Plocha\CFScript.txt
.
file zipped: c:\windows\system32\SET118.tmp
file zipped: c:\windows\system32\SET119.tmp
file zipped: c:\windows\system32\SET11B.tmp
file zipped: c:\windows\system32\SET11D.tmp
file zipped: c:\windows\system32\SET120.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET118.tmp
c:\windows\system32\SET119.tmp
c:\windows\system32\SET11B.tmp
c:\windows\system32\SET11D.tmp
c:\windows\system32\SET120.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XDVA383
-------\Service_XDva383
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-27 do 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-27 09:44 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll
2011-07-27 09:42 . 2011-07-27 09:42 -------- d-----w- c:\windows\LastGood.Tmp
2011-07-27 09:36 . 2011-07-27 09:37 -------- d-----w- C:\rsit
2011-07-27 09:36 . 2011-07-27 09:37 -------- d-----w- c:\program files\trend micro
2011-07-27 09:19 . 2011-07-27 09:20 -------- d-----w- c:\program files\CCleaner
2011-07-25 15:48 . 2011-07-27 04:28 -------- d-----w- c:\program files\AnthariaMU
2011-07-18 16:10 . 2002-03-15 13:25 53248 ----a-w- c:\windows\system32\AnimatedGif.ocx
2011-07-18 16:10 . 1998-06-23 21:00 115016 ----a-w- c:\windows\system32\MSINET.OCX
2011-07-18 16:10 . 2009-05-09 23:32 380928 ----a-w- c:\windows\system32\actskin4.ocx
2011-07-02 04:03 . 2011-07-02 04:03 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-02 04:03 . 2011-07-02 04:03 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-01 07:27 . 2011-07-01 07:27 -------- d-----w- c:\documents and settings\Iris Moon\Local Settings\Data aplikací\Identities
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 06:09 . 2011-06-15 14:59 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 06:09 . 2011-06-15 14:58 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2011-06-15 14:58 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 06:09 . 2011-06-15 14:58 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2011-06-15 14:59 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 06:09 . 2011-06-15 14:58 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-05-25 06:09 . 2011-06-15 14:58 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:09 . 2011-06-15 14:58 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-25 06:09 . 2011-06-15 14:58 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-25 06:09 . 2011-06-15 14:58 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-02 15:32 . 2011-01-18 19:42 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-18 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-02 04:03 . 2011-04-08 18:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-27_11.25.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-18 12:00 . 2011-03-11 14:10 471552 c:\windows\AppPatch\aclayers.dll
- 2004-08-18 12:00 . 2009-11-21 16:03 471552 c:\windows\AppPatch\aclayers.dll
+ 2004-08-18 12:00 . 2011-04-25 18:17 3100672 c:\windows\system32\mshtml.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Iris Moon^Nabídka Start^Programy^Po spuštění^AnthariaMU.lnk]
backup=c:\windows\pss\AnthariaMU.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-03-24 15:57 136176 ----atw- c:\documents and settings\Iris Moon\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Warcraft III\\Warcraft III\\Warcraft III.exe"=
"c:\\Documents and Settings\\Iris Moon\\Local Settings\\Data aplikací\\Kamuse\\KCSTrayDownloader\\KCSTrayDownloaderEngine.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57194:TCP"= 57194:TCP:Pando Media Booster
"57194:UDP"= 57194:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6882:TCP"= 6882:TCP:League of Legends Launcher
"6882:UDP"= 6882:UDP:League of Legends Launcher
"6913:TCP"= 6913:TCP:League of Legends Launcher
"6913:UDP"= 6913:UDP:League of Legends Launcher
"6971:TCP"= 6971:TCP:League of Legends Launcher
"6971:UDP"= 6971:UDP:League of Legends Launcher
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [27.7.2011 11:32 353168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 apf001;apf001;\??\c:\program files\Softnyx\RakionIS\Bin\apf001.sys --> c:\program files\Softnyx\RakionIS\Bin\apf001.sys [?]
S3 ByakkoDriver;ByakkoDriver;\??\c:\program files\Games Pirate\Cabal Reloaded\Byakko.K32 --> c:\program files\Games Pirate\Cabal Reloaded\Byakko.K32 [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 LLRING0;LLRING0;\??\c:\program files\FlareMuSeason5Episode4\MuGuard\llck.sys --> c:\program files\FlareMuSeason5Episode4\MuGuard\llck.sys [?]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-27 c:\windows\Tasks\ASC4_AutoCare.job
- c:\program files\IObit\Advanced SystemCare 4\AutoCare.exe [2011-07-27 12:46]
.
2011-07-27 c:\windows\Tasks\ASC4_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-07-27 12:46]
.
.
------- Doplňkový sken -------
.
uStart Page = my.daemon-search.com
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\documents and settings\Iris Moon\Data aplikací\Mozilla\Firefox\Profiles\k2deg59s.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.mydtzone.com/startpage
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-27 13:55
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ByakkoDriver]
"ImagePath"="\??\c:\program files\Games Pirate\Cabal Reloaded\Byakko.K32"
.
Celkový čas: 2011-07-27 13:59:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-27 11:59
ComboFix2.txt 2011-07-27 11:27
.
Před spuštěním: Volných bajtů: 131 237 875 712
Po spuštění: Volných bajtů: 131 147 825 152
.
- - End Of File - - 89C46372BBD702E37B1DB03152D4EB20
Nahr nˇ probŘhlo ŁspŘçnŘ
Logfile of random's system information tool 1.09 (written by random/random)
Run by Iris Moon at 2011-07-27 14:02:46
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 125 GB (82%) free of 153 GB
Total RAM: 1023 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:03:02, on 27.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Iris Moon\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Iris Moon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 2761 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\ASC4_AutoCare.job
C:\WINDOWS\tasks\ASC4_AutoUpdate.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Iris Moon\Data aplikací\Mozilla\Firefox\Profiles\k2deg59s.default
prefs.js - "browser.startup.homepage" - "http://www.mydtzone.com/startpage"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, plugin2@gameplaylabs.com:2.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =685749&p="
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nexon.net/NxGame]
"Description"=Nexon Game Controller
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Webzen.com/NPGameWebStarter]
"Description"=Webzen Game Controller
"Path"=C:\Program Files\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml
C:\Documents and Settings\Iris Moon\Data aplikací\Mozilla\Firefox\Profiles\k2deg59s.default\extensions\
plugin2@gameplaylabs.com
{20a82645-c095-46ed-80e3-08825760534b}
{ea614400-e918-4741-9a97-7a972ff7c30b}
C:\Documents and Settings\Iris Moon\Data aplikací\Mozilla\Firefox\Profiles\k2deg59s.default\searchplugins\
daemon-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-18 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-05-25 13895272]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"=C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe [2011-05-28 412560]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Iris Moon\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-03-24 136176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Iris Moon^Nabídka Start^Programy^Po spuštění^AnthariaMU.lnk]
C:\PROGRA~1\ANTHAR~1\ANTHAR~1.EXE [2011-04-13 880640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoInstrumentation"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\QIP 2010\qip.exe"="C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Warcraft III\Warcraft III\Warcraft III.exe"="C:\Warcraft III\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Documents and Settings\Iris Moon\Local Settings\Data aplikací\Kamuse\KCSTrayDownloader\KCSTrayDownloaderEngine.exe"="C:\Documents and Settings\Iris Moon\Local Settings\Data aplikací\Kamuse\KCSTrayDownloader\KCSTrayDownloaderEngine.exe:*:Enabled:KCSTrayDownloaderEngine"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
======List of files/folders created in the last 1 month======
2011-07-27 14:01:28 ----D---- C:\WINDOWS\temp
2011-07-27 13:59:42 ----A---- C:\ComboFix.txt
2011-07-27 13:57:20 ----SHD---- C:\RECYCLER
2011-07-27 13:20:34 ----A---- C:\Boot.bak
2011-07-27 13:20:28 ----RASHD---- C:\cmdcons
2011-07-27 13:17:26 ----A---- C:\WINDOWS\zip.exe
2011-07-27 13:17:26 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-07-27 13:17:26 ----A---- C:\WINDOWS\SWSC.exe
2011-07-27 13:17:26 ----A---- C:\WINDOWS\SWREG.exe
2011-07-27 13:17:26 ----A---- C:\WINDOWS\sed.exe
2011-07-27 13:17:26 ----A---- C:\WINDOWS\PEV.exe
2011-07-27 13:17:26 ----A---- C:\WINDOWS\NIRCMD.exe
2011-07-27 13:17:26 ----A---- C:\WINDOWS\MBR.exe
2011-07-27 13:17:26 ----A---- C:\WINDOWS\grep.exe
2011-07-27 13:17:19 ----D---- C:\WINDOWS\ERDNT
2011-07-27 13:17:15 ----D---- C:\Qoobox
2011-07-27 11:44:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2544521$
2011-07-27 11:43:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2530548$
2011-07-27 11:43:19 ----A---- C:\WINDOWS\imsins.BAK
2011-07-27 11:43:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2492386$
2011-07-27 11:36:46 ----D---- C:\rsit
2011-07-27 11:36:46 ----D---- C:\Program Files\trend micro
2011-07-27 11:19:59 ----D---- C:\Program Files\CCleaner
2011-07-25 17:48:03 ----D---- C:\Program Files\AnthariaMU
2011-07-14 03:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-14 03:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-06-30 03:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
======List of files/folders modified in the last 1 month======
2011-07-27 14:01:28 ----D---- C:\WINDOWS\system32\drivers
2011-07-27 14:01:28 ----D---- C:\WINDOWS
2011-07-27 14:00:27 ----D---- C:\WINDOWS\Prefetch
2011-07-27 13:58:29 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-27 13:55:03 ----A---- C:\WINDOWS\system.ini
2011-07-27 13:54:55 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-27 13:54:36 ----D---- C:\WINDOWS\system32
2011-07-27 13:54:36 ----D---- C:\WINDOWS\AppPatch
2011-07-27 13:53:49 ----D---- C:\WINDOWS\system32\config
2011-07-27 13:52:11 ----D---- C:\Program Files\Common Files
2011-07-27 13:48:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-27 13:26:34 ----SD---- C:\WINDOWS\Tasks
2011-07-27 13:20:34 ----RASH---- C:\boot.ini
2011-07-27 12:19:37 ----D---- C:\Program Files\Counter-Strike 1.6
2011-07-27 11:44:55 ----SHD---- C:\WINDOWS\Installer
2011-07-27 11:44:55 ----D---- C:\Config.Msi
2011-07-27 11:44:53 ----D---- C:\WINDOWS\WinSxS
2011-07-27 11:44:32 ----HD---- C:\WINDOWS\inf
2011-07-27 11:44:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-27 11:44:05 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-27 11:42:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-07-27 11:36:46 ----RD---- C:\Program Files
2011-07-27 11:24:18 ----D---- C:\WINDOWS\pss
2011-07-27 11:23:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-07-27 11:23:41 ----D---- C:\Documents and Settings\Iris Moon\Data aplikací\Skype
2011-07-27 11:21:04 ----D---- C:\Documents and Settings\Iris Moon\Data aplikací\DAEMON Tools Lite
2011-07-27 11:20:52 ----D---- C:\Documents and Settings\Iris Moon\Data aplikací\uTorrent
2011-07-27 11:20:40 ----D---- C:\WINDOWS\Logs
2011-07-27 11:20:40 ----D---- C:\WINDOWS\Debug
2011-07-27 11:10:29 ----D---- C:\Program Files\Movie Maker
2011-07-27 11:09:58 ----D---- C:\Program Files\IObit
2011-07-27 11:06:15 ----D---- C:\Documents and Settings\Iris Moon\Data aplikací\IObit
2011-07-27 11:01:30 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-07-26 06:14:58 ----D---- C:\Program Files\QIP 2010
2011-07-22 07:41:29 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-21 17:05:33 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-07-16 09:39:19 ----D---- C:\VLC
2011-07-16 09:11:07 ----D---- C:\Documents and Settings\Iris Moon\Data aplikací\vlc
2011-07-14 03:00:49 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-02 06:03:44 ----D---- C:\Program Files\Mozilla Firefox
2011-07-01 09:27:54 ----SD---- C:\Documents and Settings\Iris Moon\Data aplikací\Microsoft
2011-06-30 03:29:40 ----RSD---- C:\WINDOWS\assembly
2011-06-30 03:22:54 ----D---- C:\WINDOWS\Microsoft.NET
2011-06-30 03:18:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-08 7967712]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 apf001;apf001; \??\C:\Program Files\Softnyx\RakionIS\Bin\apf001.sys []
S3 ByakkoDriver;ByakkoDriver; \??\C:\Program Files\Games Pirate\Cabal Reloaded\Byakko.K32 []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 LLRING0;LLRING0; \??\C:\Program Files\FlareMuSeason5Episode4\MuGuard\llck.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\IRISMO~1\LOCALS~1\Temp\mbr.sys []
S3 npkcrypt;npkcrypt; \??\c:\Program Files\Lineage II\system\npkcrypt.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vtany;vtany; \??\C:\WINDOWS\vtany.sys []
S3 xhunter1;xhunter1; \??\C:\WINDOWS\xhunter1.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2011-05-25 154728]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
CF:
ComboFix 11-07-27.01 - Iris Moon 27.07.2011 13:49:11.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.432 [GMT 2:00]
Spuštěný z: c:\documents and settings\Iris Moon\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Iris Moon\Plocha\CFScript.txt
.
file zipped: c:\windows\system32\SET118.tmp
file zipped: c:\windows\system32\SET119.tmp
file zipped: c:\windows\system32\SET11B.tmp
file zipped: c:\windows\system32\SET11D.tmp
file zipped: c:\windows\system32\SET120.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET118.tmp
c:\windows\system32\SET119.tmp
c:\windows\system32\SET11B.tmp
c:\windows\system32\SET11D.tmp
c:\windows\system32\SET120.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XDVA383
-------\Service_XDva383
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-27 do 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-27 09:44 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll
2011-07-27 09:42 . 2011-07-27 09:42 -------- d-----w- c:\windows\LastGood.Tmp
2011-07-27 09:36 . 2011-07-27 09:37 -------- d-----w- C:\rsit
2011-07-27 09:36 . 2011-07-27 09:37 -------- d-----w- c:\program files\trend micro
2011-07-27 09:19 . 2011-07-27 09:20 -------- d-----w- c:\program files\CCleaner
2011-07-25 15:48 . 2011-07-27 04:28 -------- d-----w- c:\program files\AnthariaMU
2011-07-18 16:10 . 2002-03-15 13:25 53248 ----a-w- c:\windows\system32\AnimatedGif.ocx
2011-07-18 16:10 . 1998-06-23 21:00 115016 ----a-w- c:\windows\system32\MSINET.OCX
2011-07-18 16:10 . 2009-05-09 23:32 380928 ----a-w- c:\windows\system32\actskin4.ocx
2011-07-02 04:03 . 2011-07-02 04:03 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-02 04:03 . 2011-07-02 04:03 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-01 07:27 . 2011-07-01 07:27 -------- d-----w- c:\documents and settings\Iris Moon\Local Settings\Data aplikací\Identities
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 06:09 . 2011-06-15 14:59 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 06:09 . 2011-06-15 14:58 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2011-06-15 14:58 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 06:09 . 2011-06-15 14:58 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2011-06-15 14:59 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 06:09 . 2011-06-15 14:58 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-05-25 06:09 . 2011-06-15 14:58 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:09 . 2011-06-15 14:58 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-25 06:09 . 2011-06-15 14:58 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-25 06:09 . 2011-06-15 14:58 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-02 15:32 . 2011-01-18 19:42 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-18 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-02 04:03 . 2011-04-08 18:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-27_11.25.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-18 12:00 . 2011-03-11 14:10 471552 c:\windows\AppPatch\aclayers.dll
- 2004-08-18 12:00 . 2009-11-21 16:03 471552 c:\windows\AppPatch\aclayers.dll
+ 2004-08-18 12:00 . 2011-04-25 18:17 3100672 c:\windows\system32\mshtml.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Iris Moon^Nabídka Start^Programy^Po spuštění^AnthariaMU.lnk]
backup=c:\windows\pss\AnthariaMU.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-03-24 15:57 136176 ----atw- c:\documents and settings\Iris Moon\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Warcraft III\\Warcraft III\\Warcraft III.exe"=
"c:\\Documents and Settings\\Iris Moon\\Local Settings\\Data aplikací\\Kamuse\\KCSTrayDownloader\\KCSTrayDownloaderEngine.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57194:TCP"= 57194:TCP:Pando Media Booster
"57194:UDP"= 57194:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6882:TCP"= 6882:TCP:League of Legends Launcher
"6882:UDP"= 6882:UDP:League of Legends Launcher
"6913:TCP"= 6913:TCP:League of Legends Launcher
"6913:UDP"= 6913:UDP:League of Legends Launcher
"6971:TCP"= 6971:TCP:League of Legends Launcher
"6971:UDP"= 6971:UDP:League of Legends Launcher
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [27.7.2011 11:32 353168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 apf001;apf001;\??\c:\program files\Softnyx\RakionIS\Bin\apf001.sys --> c:\program files\Softnyx\RakionIS\Bin\apf001.sys [?]
S3 ByakkoDriver;ByakkoDriver;\??\c:\program files\Games Pirate\Cabal Reloaded\Byakko.K32 --> c:\program files\Games Pirate\Cabal Reloaded\Byakko.K32 [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 LLRING0;LLRING0;\??\c:\program files\FlareMuSeason5Episode4\MuGuard\llck.sys --> c:\program files\FlareMuSeason5Episode4\MuGuard\llck.sys [?]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-27 c:\windows\Tasks\ASC4_AutoCare.job
- c:\program files\IObit\Advanced SystemCare 4\AutoCare.exe [2011-07-27 12:46]
.
2011-07-27 c:\windows\Tasks\ASC4_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-07-27 12:46]
.
.
------- Doplňkový sken -------
.
uStart Page = my.daemon-search.com
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\documents and settings\Iris Moon\Data aplikací\Mozilla\Firefox\Profiles\k2deg59s.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.mydtzone.com/startpage
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-27 13:55
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ByakkoDriver]
"ImagePath"="\??\c:\program files\Games Pirate\Cabal Reloaded\Byakko.K32"
.
Celkový čas: 2011-07-27 13:59:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-27 11:59
ComboFix2.txt 2011-07-27 11:27
.
Před spuštěním: Volných bajtů: 131 237 875 712
Po spuštění: Volných bajtů: 131 147 825 152
.
- - End Of File - - 89C46372BBD702E37B1DB03152D4EB20
Nahr nˇ probŘhlo ŁspŘçnŘ
Logfile of random's system information tool 1.09 (written by random/random)
Run by Iris Moon at 2011-07-27 14:02:46
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 125 GB (82%) free of 153 GB
Total RAM: 1023 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:03:02, on 27.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Iris Moon\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Iris Moon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 2761 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\ASC4_AutoCare.job
C:\WINDOWS\tasks\ASC4_AutoUpdate.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Iris Moon\Data aplikací\Mozilla\Firefox\Profiles\k2deg59s.default
prefs.js - "browser.startup.homepage" - "http://www.mydtzone.com/startpage"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, plugin2@gameplaylabs.com:2.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =685749&p="
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nexon.net/NxGame]
"Description"=Nexon Game Controller
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Webzen.com/NPGameWebStarter]
"Description"=Webzen Game Controller
"Path"=C:\Program Files\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml
C:\Documents and Settings\Iris Moon\Data aplikací\Mozilla\Firefox\Profiles\k2deg59s.default\extensions\
plugin2@gameplaylabs.com
{20a82645-c095-46ed-80e3-08825760534b}
{ea614400-e918-4741-9a97-7a972ff7c30b}
C:\Documents and Settings\Iris Moon\Data aplikací\Mozilla\Firefox\Profiles\k2deg59s.default\searchplugins\
daemon-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-18 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-05-25 13895272]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"=C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe [2011-05-28 412560]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Iris Moon\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-03-24 136176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Iris Moon^Nabídka Start^Programy^Po spuštění^AnthariaMU.lnk]
C:\PROGRA~1\ANTHAR~1\ANTHAR~1.EXE [2011-04-13 880640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoInstrumentation"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\QIP 2010\qip.exe"="C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Warcraft III\Warcraft III\Warcraft III.exe"="C:\Warcraft III\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Documents and Settings\Iris Moon\Local Settings\Data aplikací\Kamuse\KCSTrayDownloader\KCSTrayDownloaderEngine.exe"="C:\Documents and Settings\Iris Moon\Local Settings\Data aplikací\Kamuse\KCSTrayDownloader\KCSTrayDownloaderEngine.exe:*:Enabled:KCSTrayDownloaderEngine"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
======List of files/folders created in the last 1 month======
2011-07-27 14:01:28 ----D---- C:\WINDOWS\temp
2011-07-27 13:59:42 ----A---- C:\ComboFix.txt
2011-07-27 13:57:20 ----SHD---- C:\RECYCLER
2011-07-27 13:20:34 ----A---- C:\Boot.bak
2011-07-27 13:20:28 ----RASHD---- C:\cmdcons
2011-07-27 13:17:26 ----A---- C:\WINDOWS\zip.exe
2011-07-27 13:17:26 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-07-27 13:17:26 ----A---- C:\WINDOWS\SWSC.exe
2011-07-27 13:17:26 ----A---- C:\WINDOWS\SWREG.exe
2011-07-27 13:17:26 ----A---- C:\WINDOWS\sed.exe
2011-07-27 13:17:26 ----A---- C:\WINDOWS\PEV.exe
2011-07-27 13:17:26 ----A---- C:\WINDOWS\NIRCMD.exe
2011-07-27 13:17:26 ----A---- C:\WINDOWS\MBR.exe
2011-07-27 13:17:26 ----A---- C:\WINDOWS\grep.exe
2011-07-27 13:17:19 ----D---- C:\WINDOWS\ERDNT
2011-07-27 13:17:15 ----D---- C:\Qoobox
2011-07-27 11:44:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2544521$
2011-07-27 11:43:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2530548$
2011-07-27 11:43:19 ----A---- C:\WINDOWS\imsins.BAK
2011-07-27 11:43:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2492386$
2011-07-27 11:36:46 ----D---- C:\rsit
2011-07-27 11:36:46 ----D---- C:\Program Files\trend micro
2011-07-27 11:19:59 ----D---- C:\Program Files\CCleaner
2011-07-25 17:48:03 ----D---- C:\Program Files\AnthariaMU
2011-07-14 03:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-14 03:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-06-30 03:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
======List of files/folders modified in the last 1 month======
2011-07-27 14:01:28 ----D---- C:\WINDOWS\system32\drivers
2011-07-27 14:01:28 ----D---- C:\WINDOWS
2011-07-27 14:00:27 ----D---- C:\WINDOWS\Prefetch
2011-07-27 13:58:29 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-27 13:55:03 ----A---- C:\WINDOWS\system.ini
2011-07-27 13:54:55 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-27 13:54:36 ----D---- C:\WINDOWS\system32
2011-07-27 13:54:36 ----D---- C:\WINDOWS\AppPatch
2011-07-27 13:53:49 ----D---- C:\WINDOWS\system32\config
2011-07-27 13:52:11 ----D---- C:\Program Files\Common Files
2011-07-27 13:48:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-27 13:26:34 ----SD---- C:\WINDOWS\Tasks
2011-07-27 13:20:34 ----RASH---- C:\boot.ini
2011-07-27 12:19:37 ----D---- C:\Program Files\Counter-Strike 1.6
2011-07-27 11:44:55 ----SHD---- C:\WINDOWS\Installer
2011-07-27 11:44:55 ----D---- C:\Config.Msi
2011-07-27 11:44:53 ----D---- C:\WINDOWS\WinSxS
2011-07-27 11:44:32 ----HD---- C:\WINDOWS\inf
2011-07-27 11:44:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-27 11:44:05 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-27 11:42:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-07-27 11:36:46 ----RD---- C:\Program Files
2011-07-27 11:24:18 ----D---- C:\WINDOWS\pss
2011-07-27 11:23:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-07-27 11:23:41 ----D---- C:\Documents and Settings\Iris Moon\Data aplikací\Skype
2011-07-27 11:21:04 ----D---- C:\Documents and Settings\Iris Moon\Data aplikací\DAEMON Tools Lite
2011-07-27 11:20:52 ----D---- C:\Documents and Settings\Iris Moon\Data aplikací\uTorrent
2011-07-27 11:20:40 ----D---- C:\WINDOWS\Logs
2011-07-27 11:20:40 ----D---- C:\WINDOWS\Debug
2011-07-27 11:10:29 ----D---- C:\Program Files\Movie Maker
2011-07-27 11:09:58 ----D---- C:\Program Files\IObit
2011-07-27 11:06:15 ----D---- C:\Documents and Settings\Iris Moon\Data aplikací\IObit
2011-07-27 11:01:30 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-07-26 06:14:58 ----D---- C:\Program Files\QIP 2010
2011-07-22 07:41:29 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-21 17:05:33 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-07-16 09:39:19 ----D---- C:\VLC
2011-07-16 09:11:07 ----D---- C:\Documents and Settings\Iris Moon\Data aplikací\vlc
2011-07-14 03:00:49 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-02 06:03:44 ----D---- C:\Program Files\Mozilla Firefox
2011-07-01 09:27:54 ----SD---- C:\Documents and Settings\Iris Moon\Data aplikací\Microsoft
2011-06-30 03:29:40 ----RSD---- C:\WINDOWS\assembly
2011-06-30 03:22:54 ----D---- C:\WINDOWS\Microsoft.NET
2011-06-30 03:18:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-08 7967712]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 apf001;apf001; \??\C:\Program Files\Softnyx\RakionIS\Bin\apf001.sys []
S3 ByakkoDriver;ByakkoDriver; \??\C:\Program Files\Games Pirate\Cabal Reloaded\Byakko.K32 []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 LLRING0;LLRING0; \??\C:\Program Files\FlareMuSeason5Episode4\MuGuard\llck.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\IRISMO~1\LOCALS~1\Temp\mbr.sys []
S3 npkcrypt;npkcrypt; \??\c:\Program Files\Lineage II\system\npkcrypt.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vtany;vtany; \??\C:\WINDOWS\vtany.sys []
S3 xhunter1;xhunter1; \??\C:\WINDOWS\xhunter1.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2011-05-25 154728]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu
Log již vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu
Ok, mockrát děkuji za pomoc
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu
Rádo se stalo!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?