prosím kontrolu

[gasperakdavid]

ComboFix 10-03-04.01 - správce 04.03.2010 19:55:35.19.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3071.2503 [GMT 1:00]
Spuštěný z: c:\documents and settings\správce\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\SIntf16.dll

----- BITS: Možné infikované stránky -----

hxxp://pdisp01.c-wss.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-04 do 2010-03-04 )))))))))))))))))))))))))))))))
.

V tomto časovém úseku nebyly vytvořeny žádné nové soubory.

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 19:00 . 2009-01-24 20:55 -------- d-----w- c:\program files\BitComet
2010-03-04 16:44 . 2009-01-30 15:18 -------- d-----w- c:\program files\World of Warcraft
2010-02-05 17:33 . 2010-01-31 18:15 -------- d-----w- c:\program files\EA SPORTS
2010-02-01 19:44 . 2009-02-06 17:41 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-01 19:44 . 2009-02-06 17:40 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-01 15:00 . 2009-11-16 20:11 -------- d-----w- c:\program files\Rockstar Games
2010-02-01 14:58 . 2009-01-07 18:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-31 18:15 . 2010-01-31 18:15 476 ----a-w- c:\windows\eReg.dat
2010-01-27 16:09 . 2010-01-18 19:49 -------- d-----w- c:\program files\Opera
2010-01-12 10:18 . 2001-09-20 13:00 84030 ----a-w- c:\windows\system32\perfc005.dat
2010-01-12 10:18 . 2001-09-20 13:00 440828 ----a-w- c:\windows\system32\perfh005.dat
2010-01-10 11:40 . 2009-07-16 09:13 -------- d-----w- c:\program files\free-downloads.net
2010-01-10 11:40 . 2009-03-14 08:57 -------- d-----w- c:\program files\BS_Player
2009-10-05 17:34 . 2009-12-09 15:20 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2010-01-10 2166296]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-01-10 2166296]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2010-01-10 11:41 2166296 ----a-w- c:\program files\free-downloads.net\tbfre0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-01-10 11:41 2166296 ----a-w- c:\program files\BS_Player\tbBS_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-01-10 2166296]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2010-01-10 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-01-10 2166296]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2010-01-10 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2009-01-20 2523960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-09 17021440]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^správce^Nabídka Start^Programy^Po spuštění^hamachi.lnk]
path=c:\documents and settings\správce\Nabídka Start\Programy\Po spuštění\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
2009-01-20 06:37 2523960 ----a-w- c:\program files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9619:TCP"= 9619:TCP:BitComet 9619 TCP
"9619:UDP"= 9619:UDP:BitComet 9619 UDP

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18.8.2008 13:27 35168]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 9:16 472280]
R2 NTPCI;NTPCI;c:\windows\system32\drivers\ntpci.sys [7.1.2009 19:59 3712]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [7.1.2009 19:59 48600]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [7.1.2009 19:59 43608]
R3 st3bus28;st3bus28;c:\windows\system32\drivers\st3bus28.sys [28.12.2002 12:16 8416]
R3 st3mp28;st3mp28;c:\windows\system32\drivers\st3mp28.sys [28.12.2002 12:16 95328]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.7.2009 10:29 721904]
.
.
------- Doplňkový sken -------
.
uStart Page = start.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Zobrazit originál
TCP: {22302C12-BEE6-4A94-B96B-462209BC1229} = 192.168.2.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-Auslogics BoostSpeed 4 - c:\program files\Auslogics\Auslogics BoostSpeed\boostspeed.exe
MSConfigStartUp-ICQ - c:\program files\ICQ6.5\ICQ.exe



**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="E35A195278B993B856AED828599246FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A2D97226D213B555A6A0AC4980AC7933C557C9E3425C8140AAA4C544B79DB70E455518678E86A6FCA118BF42B6DF1D1464DF394FDECB3A6EBB98E9E5E9DA9CC4D82C0FE5F7F918B206D4BF2FF6B28663BC438265513598F75994EB91A030CCCD5B13D20270875D0C2C4C16099CC7540906F867802FF521725FAA35A45F2DC355E4579A3E9188896A10A95F98EFE3D43ABFA58E4B92E1F789E81F97D033CE221BD5FC7C7175C9574271CB9DFA3E41FA42292903C79740EAFBDAECC31B298BACF4D0B9F6C4BC0CA21ED3C7B69CD80E5A7EC791B24BE1CB671F5841535E54C9C8C8BDF7E8B90B84EB198064F34413ECAEE1E4A4F07D15B3FED74F7CC0C8CBE50594C6D518A0075C5967831D81894673D5720E5B72DADC996BA2EAB56BDA2AB00FE8DBA72BA15D3033CBAC2071D5CFAA50CA1461D135E517068E1EB417E98D6DBCE7AFF12FB63D11662090533A6B8D1346198C178F31E1B5CD3F9F796A22995404CCB97115AF5A8483D1064D33DCE71C7F1E4F928B4786F4E5EB693371FE73128261B592B12EEC83BF63AAD81C92452D6B32FA9A0EC40DC794DE39C89B5447C47707A1783DA9AF7BF368DEF514C7139F99BEEFABC04A3414C5F791D2BB464203C6324179526D624C1D8A4559A20C4142C24253F7314B3CB5872C399F0ACD98D2F7EA9B21739749CB5C08C76830C345D6BF4F8FE25312EBFC0DFE38B0213B8031B74DFB2D839A2C42F5B190400AA696930E0BCF84FC3B0C2BAD8F5FBA022FB30E55897090CC3DD5ED536C91AFE040B322CFB106AAE737EB78638BBE298D1F72CDC4E34E70791B967E02317DBA4BF01B20CA0FE8D333CA5A0ECD352E960ED47DC61E35AA291CA2C299310E4D98C26B53206A076EB7E08EAF8C30E446D6AB6E9C481DE9E249A6962F59B7A33DB4A3B8E4A8B90F57BBD770C408EF86656F78DD1A8EA2811311F38DBAC88CA84D2EB1B3DAB26CB222FDE1AFF5841A982F1866E74550B0102179BEF1C3E94EE4C15A0F0CC7ACD80F94CE2EE0277FDBAD09BFCD27F03470BE33ABA8042EB23D35A2BE46C6BE7977D63832CDEEBCE608EE9B87E98A72562E4934873555E08A3D8C3C18C539596EE750DAE1B995A09E9695574659D024C7D880531E4D4C484FD8EE1ED4DE9233D4E9560C4949643FFCA2726D832092E68B054805363D24D3D13C761D9945CF6EEB6556A20A3D418BCCE967537DA5B81C1A6A197ECBB46CF6563850D03E94C5AF65E2523676B5E4FB4ECF6DC3A53580A9DEE37E3B8A4907A99842BD16CB481B1E6691E0A499BB5C8832DB8EBD227EFBFBBAF2997B5772AB674272130D8443CDE78A422D0F"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1208)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-03-04 20:01:37
ComboFix-quarantined-files.txt 2010-03-04 19:01

Před spuštěním: Volných bajtů: 157 029 146 624
Po spuštění: Volných bajtů: 157 006 118 912

- - End Of File - - BEE642175F6721F7BCE801E76424AC69

[Rudy]

3 položky smazány, zbytek logu vypadá čistý.

[gasperakdavid]

diky

[Rudy]

Není zač!