Dobrý den, předem děkuji za kontrolu logu: (včera jsem se něčím nakazil, cosi to začalo stahovat tak jsem pc odpojil od netu, projel jsem to starým combofixem, ihned jak combofix dopracoval a odstranil fůru souborů (stáhlé tollbary virem a pod) tak jsem již pc připojil k netu a stáhl aktuální combofix, ten již nic neodstranil.
Logfile of random's system information tool 1.07 (written by random/random)
Run by PC at 2010-05-29 08:42:42
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (14%) free of 15 GB
Total RAM: 639 MB (38% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:42:56, on 29.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\MSTMON_Q.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PC\Plocha\RSIT.exe
C:\Program Files\trend micro\PC.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1350WStatusDisplay] C:\WINDOWS\system32\MSTMON_Q.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Aladdin SQL Server - Unknown owner - C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9b3da640e8d4c) (gupdate1c9b3da640e8d4c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe
--
End of file - 7874 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-31 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-31 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-31 148888]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]
"RemoteControl9"=C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-02-16 87336]
"PDVD9LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [2008-10-13 50472]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2009-02-28 75048]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"KONICA MINOLTA PagePro 1350WStatusDisplay"=C:\WINDOWS\system32\MSTMON_Q.EXE [2004-11-26 167936]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-03-26 142120]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-31 2145000]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-10-23 202024]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
C:\Documents and Settings\PC\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:*:Enabled:CyberLink PowerDVD 9.0"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Opera 10 Beta\opera.exe"="C:\Program Files\Opera 10 Beta\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
======List of files/folders created in the last 1 months======
2010-05-29 08:42:42 ----D---- C:\rsit
2010-05-28 22:34:03 ----D---- C:\Program Files\ESET
2010-05-28 22:29:35 ----SHD---- C:\RECYCLER
2010-05-28 21:46:55 ----A---- C:\ComboFix.txt
2010-05-28 21:17:20 ----A---- C:\WINDOWS\zip.exe
2010-05-28 21:17:20 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-28 21:17:20 ----A---- C:\WINDOWS\SWSC.exe
2010-05-28 21:17:20 ----A---- C:\WINDOWS\SWREG.exe
2010-05-28 21:17:20 ----A---- C:\WINDOWS\sed.exe
2010-05-28 21:17:20 ----A---- C:\WINDOWS\PEV.exe
2010-05-28 21:17:20 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-28 21:17:20 ----A---- C:\WINDOWS\MBR.exe
2010-05-28 21:17:20 ----A---- C:\WINDOWS\grep.exe
2010-05-28 21:14:44 ----D---- C:\Documents and Settings\PC\Data aplikací\Dealio
2010-05-28 21:14:05 ----D---- C:\Documents and Settings\PC\Data aplikací\Search Settings
2010-05-28 21:06:04 ----D---- C:\Qoobox
2010-05-28 21:02:38 ----D---- C:\Program Files\Application Updater
2010-05-13 14:33:23 ----A---- C:\WINDOWS\system32\wshirda.dll
2010-05-13 14:33:23 ----A---- C:\WINDOWS\system32\irmon.dll
2010-05-13 14:33:23 ----A---- C:\WINDOWS\system32\irftp.exe
======List of files/folders modified in the last 1 months======
2010-05-29 08:42:55 ----D---- C:\Program Files\trend micro
2010-05-29 08:42:44 ----D---- C:\WINDOWS\temp
2010-05-29 08:41:37 ----D---- C:\Program Files\Mozilla Firefox
2010-05-29 08:39:07 ----D---- C:\WINDOWS
2010-05-29 00:20:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-28 22:35:12 ----SHD---- C:\WINDOWS\Installer
2010-05-28 22:34:56 ----D---- C:\WINDOWS\system32\drivers
2010-05-28 22:34:55 ----HD---- C:\WINDOWS\inf
2010-05-28 22:34:03 ----RD---- C:\Program Files
2010-05-28 21:44:17 ----A---- C:\WINDOWS\system.ini
2010-05-28 21:42:12 ----D---- C:\WINDOWS\system32
2010-05-28 21:42:12 ----D---- C:\WINDOWS\AppPatch
2010-05-28 21:42:09 ----D---- C:\Program Files\Common Files
2010-05-28 21:37:16 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-28 21:02:42 ----D---- C:\WINDOWS\Prefetch
2010-05-28 21:02:37 ----D---- C:\WINDOWS\WinSxS
2010-05-28 21:01:53 ----D---- C:\Documents and Settings\PC\Data aplikací\FreeVideoConverter
2010-05-28 21:01:53 ----A---- C:\WINDOWS\win.ini
2010-05-28 20:49:05 ----D---- C:\Program Files\Mozilla Thunderbird
2010-05-26 20:25:36 ----D---- C:\Documents and Settings\PC\Data aplikací\ICQ
2010-05-25 22:27:43 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-16 22:38:54 ----D---- C:\Documents and Settings\PC\Data aplikací\gtk-2.0
2010-05-14 01:03:12 ----D---- C:\WINDOWS\security
2010-05-13 16:25:48 ----D---- C:\Program Files\Google
2010-05-13 14:34:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-13 14:33:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-12 13:04:42 ----A---- C:\WINDOWS\MSTMON_Q.INI
2010-05-01 23:06:10 ----D---- C:\Program Files\Opera 10 Beta
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-03-31 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-03-31 95872]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/04/19 21:48:55]; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-10-15 20747]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-03-31 140216]
R2 MLPTDR_Q;MLPTDR_Q; \??\C:\WINDOWS\system32\MLPTDR_Q.SYS []
R2 WebDriveFSD;WebDrive File System Driver; \??\C:\Program Files\NetDrive\rffsd.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 RT2500;GIGABYTE RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2004-06-10 191360]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-08-29 578304]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2008-01-24 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2008-01-24 48904]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-17 274304]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; \??\C:\Documents and Settings\PC\Local Settings\temp\{CC236973-FD53-4062-B419-847121E8EA5E}\fsgk.sys []
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\system32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-10-16 41472]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2008-01-24 28168]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2008-01-24 29192]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2008-01-24 14728]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 RFNP32;WebDrive Provider; C:\WINDOWS\system32\drivers\RFNP32.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Aladdin SQL Server;Aladdin SQL Server; C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe [2010-01-28 136192]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-03-19 144672]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-31 810120]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 99936]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-31 152984]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-03-26 545576]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-23 382248]
S2 gupdate1c9b3da640e8d4c;Google Update Service (gupdate1c9b3da640e8d4c); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-02 133104]
S2 WebDriveService;WebDrive Service; C:\Program Files\NetDrive\wdService.exe [2003-03-26 94208]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-08-25 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-31 33560]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu - RSIT
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Prosím o kontrolu logu - RSIT
Naposledy upravil(a) velda dne 29 kvě 2010 12:02, celkem upraveno 1 x.
Re: Prosím o kontrolu logu - RSIT
Omlouvám se ale byl jsem rád že jsem vůbec ten combofix měl na ploše, protože po zakázání netu již nešlo internet povolit, tak jsem musel asi 5 aktivních úkolů ukončit. zde je log z druhého testu, ten první se asi přepsal:
ComboFix 10-05-28.01 - PC 28.05.2010 21:38:37.39.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.639.353 [GMT 2:00]
Spuštěný z: c:\documents and settings\PC\Plocha\ComboFix.exe
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-28 do 2010-05-28 )))))))))))))))))))))))))))))))
.
2010-05-28 19:02 . 2010-05-28 19:02 -------- d-----w- c:\program files\Application Updater
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-28 18:49 . 2009-03-05 21:53 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-05-13 14:25 . 2009-04-02 21:31 -------- d-----w- c:\program files\Google
2010-05-13 12:34 . 2001-10-25 14:00 68736 ----a-w- c:\windows\system32\perfc005.dat
2010-05-13 12:34 . 2001-10-25 14:00 389664 ----a-w- c:\windows\system32\perfh005.dat
2010-05-01 21:06 . 2009-08-08 20:21 -------- d-----w- c:\program files\Opera 10 Beta
2010-04-18 11:49 . 2009-02-27 17:36 -------- d-----w- c:\program files\iTunes
2010-04-18 11:48 . 2009-03-29 21:39 -------- d-----w- c:\program files\iPod
2010-04-18 11:46 . 2009-02-27 17:33 -------- d-----w- c:\program files\QuickTime
2010-04-18 11:44 . 2008-10-30 18:19 -------- d-----w- c:\program files\Apple Software Update
2010-04-18 11:40 . 2010-04-18 11:40 -------- d-----w- c:\program files\Bonjour
2010-04-18 11:40 . 2008-10-30 18:18 -------- d-----w- c:\program files\Common Files\Apple
2010-04-15 13:01 . 2010-04-15 13:01 -------- d-----w- c:\program files\DigiDNA
2010-04-13 08:23 . 2010-04-13 08:23 -------- d-----w- c:\program files\Tools
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-31 148888]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WebDriveTray"="c:\program files\NetDrive\netdrive.exe" [2003-04-14 294912]
"KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2004-11-26 167936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\PC\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera 10 Beta\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/04/19 21:48];c:\program files\CyberLink\PowerDVD9\000.fcl [28.2.2009 19:40 87536]
R2 Aladdin SQL Server;Aladdin SQL Server;c:\program files\Aladdin\Aladdin SQL Server\AladdinSQL.exe [9.1.2010 13:00 136192]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [22.7.2003 9:44 18848]
R2 WebDriveFSD;WebDrive File System Driver;c:\program files\NetDrive\rffsd.sys [18.3.2010 14:43 67032]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys --> c:\windows\system32\Drivers\fsbts.sys [?]
S2 gupdate1c9b3da640e8d4c;Google Update Service (gupdate1c9b3da640e8d4c);c:\program files\Google\Update\GoogleUpdate.exe [2.4.2009 23:31 133104]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\documents and settings\PC\Local Settings\temp\{CC236973-FD53-4062-B419-847121E8EA5E}\fsgk.sys --> c:\documents and settings\PC\Local Settings\temp\{CC236973-FD53-4062-B419-847121E8EA5E}\fsgk.sys [?]
S4 RFNP32;WebDrive Provider; [x]
.
Obsah adresáře 'Naplánované úlohy'
2010-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 21:31]
2010-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 21:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\s8nuchba.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npwmsdrm.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-28 21:44
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
Celkový čas: 2010-05-28 21:46:55
ComboFix-quarantined-files.txt 2010-05-28 19:46
ComboFix2.txt 2010-05-28 19:33
Před spuštěním: 2 422 575 104
Po spuštění: 2 413 424 640
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
- - End Of File - - F84A84780A046FBF5D04E892CB1C013C
ComboFix 10-05-28.01 - PC 28.05.2010 21:38:37.39.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.639.353 [GMT 2:00]
Spuštěný z: c:\documents and settings\PC\Plocha\ComboFix.exe
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-28 do 2010-05-28 )))))))))))))))))))))))))))))))
.
2010-05-28 19:02 . 2010-05-28 19:02 -------- d-----w- c:\program files\Application Updater
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-28 18:49 . 2009-03-05 21:53 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-05-13 14:25 . 2009-04-02 21:31 -------- d-----w- c:\program files\Google
2010-05-13 12:34 . 2001-10-25 14:00 68736 ----a-w- c:\windows\system32\perfc005.dat
2010-05-13 12:34 . 2001-10-25 14:00 389664 ----a-w- c:\windows\system32\perfh005.dat
2010-05-01 21:06 . 2009-08-08 20:21 -------- d-----w- c:\program files\Opera 10 Beta
2010-04-18 11:49 . 2009-02-27 17:36 -------- d-----w- c:\program files\iTunes
2010-04-18 11:48 . 2009-03-29 21:39 -------- d-----w- c:\program files\iPod
2010-04-18 11:46 . 2009-02-27 17:33 -------- d-----w- c:\program files\QuickTime
2010-04-18 11:44 . 2008-10-30 18:19 -------- d-----w- c:\program files\Apple Software Update
2010-04-18 11:40 . 2010-04-18 11:40 -------- d-----w- c:\program files\Bonjour
2010-04-18 11:40 . 2008-10-30 18:18 -------- d-----w- c:\program files\Common Files\Apple
2010-04-15 13:01 . 2010-04-15 13:01 -------- d-----w- c:\program files\DigiDNA
2010-04-13 08:23 . 2010-04-13 08:23 -------- d-----w- c:\program files\Tools
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-31 148888]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WebDriveTray"="c:\program files\NetDrive\netdrive.exe" [2003-04-14 294912]
"KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2004-11-26 167936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\PC\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera 10 Beta\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/04/19 21:48];c:\program files\CyberLink\PowerDVD9\000.fcl [28.2.2009 19:40 87536]
R2 Aladdin SQL Server;Aladdin SQL Server;c:\program files\Aladdin\Aladdin SQL Server\AladdinSQL.exe [9.1.2010 13:00 136192]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [22.7.2003 9:44 18848]
R2 WebDriveFSD;WebDrive File System Driver;c:\program files\NetDrive\rffsd.sys [18.3.2010 14:43 67032]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys --> c:\windows\system32\Drivers\fsbts.sys [?]
S2 gupdate1c9b3da640e8d4c;Google Update Service (gupdate1c9b3da640e8d4c);c:\program files\Google\Update\GoogleUpdate.exe [2.4.2009 23:31 133104]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\documents and settings\PC\Local Settings\temp\{CC236973-FD53-4062-B419-847121E8EA5E}\fsgk.sys --> c:\documents and settings\PC\Local Settings\temp\{CC236973-FD53-4062-B419-847121E8EA5E}\fsgk.sys [?]
S4 RFNP32;WebDrive Provider; [x]
.
Obsah adresáře 'Naplánované úlohy'
2010-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 21:31]
2010-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 21:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\s8nuchba.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npwmsdrm.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-28 21:44
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
Celkový čas: 2010-05-28 21:46:55
ComboFix-quarantined-files.txt 2010-05-28 19:46
ComboFix2.txt 2010-05-28 19:33
Před spuštěním: 2 422 575 104
Po spuštění: 2 413 424 640
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
- - End Of File - - F84A84780A046FBF5D04E892CB1C013C
Re: Prosím o kontrolu logu - RSIT
oh tak to ja jsem Combofix odinstaloval tak to asi bylo odstraneno - složka tam není. Jinak k těm složkám, aladina znám je to účetní program, /Netdrive/ odstranit (vím že mi začal systém psát že při starti Firefoxu (kde byl ten nádherný Tollbar že v této složce nelze zpustit nějakou knihovnu) Combofix to odstranil a pak už bylo PC OK, a tool bar už tam nebyl, Application Updater není něco od Apple? Pokud nemůžete 100% určit, tak vás chápu, příště logy budu kopírovat, zatím vám děkuju 
.Re: Prosím o kontrolu logu - RSIT
c:\program files\NetDrive\rffsd.sys:
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.30.00 2010.05.29 -
AntiVir 8.2.1.242 2010.05.28 -
Antiy-AVL 2.0.3.7 2010.05.26 -
Authentium 5.2.0.5 2010.05.29 -
Avast 4.8.1351.0 2010.05.29 -
Avast5 5.0.332.0 2010.05.29 -
AVG 9.0.0.787 2010.05.29 -
BitDefender 7.2 2010.05.29 -
CAT-QuickHeal 10.00 2010.05.29 -
ClamAV 0.96.0.3-git 2010.05.29 -
Comodo 4945 2010.05.29 -
DrWeb 5.0.2.03300 2010.05.29 -
eSafe 7.0.17.0 2010.05.27 -
eTrust-Vet 35.2.7519 2010.05.29 -
F-Prot 4.6.0.103 2010.05.29 -
F-Secure 9.0.15370.0 2010.05.29 -
Fortinet 4.1.133.0 2010.05.29 -
GData 21 2010.05.29 -
Ikarus T3.1.1.84.0 2010.05.29 -
Jiangmin 13.0.900 2010.05.28 -
Kaspersky 7.0.0.125 2010.05.29 -
McAfee 5.400.0.1158 2010.05.29 -
McAfee-GW-Edition 2010.1 2010.05.29 Heuristic.BehavesLike.Win32.Rootkit.H
Microsoft 1.5802 2010.05.29 -
NOD32 5154 2010.05.28 -
Norman 6.04.12 2010.05.29 -
nProtect 2010-05-29.01 2010.05.29 -
Panda 10.0.2.7 2010.05.29 -
PCTools 7.0.3.5 2010.05.29 -
Prevx 3.0 2010.05.29 -
Rising 22.49.05.04 2010.05.29 -
Sophos 4.53.0 2010.05.29 -
Sunbelt 6374 2010.05.29 -
Symantec 20101.1.0.89 2010.05.29 -
TheHacker 6.5.2.0.288 2010.05.27 -
TrendMicro 9.120.0.1004 2010.05.29 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.29 -
VBA32 3.12.12.5 2010.05.29 -
ViRobot 2010.5.20.2326 2010.05.28 -
VirusBuster 5.0.27.0 2010.05.29 -
Rozšiřující informace
File size: 67032 bytes
MD5...: facf0e05c492c381fc24e2fa7aa80bce
SHA1..: 10895c6dcf4d0e85567d195c0112821176a1cb18
SHA256: 7afea56fc8bed77dabe6ae83f89c76bffe4c0389d277f941e1fd9c2e643405ae
ssdeep: 1536:gdH0EHzIikKbpUNZpA2xraVkEFAzD3QDnt7sxMI7jY4Ny:gdH0EHzIIbpUN
ZpFxraVFAzDQDtIVE
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x75f4
timedatestamp.....: 0x3de53bce (Wed Nov 27 21:40:30 2002)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x260 0xa436 0xa440 6.13 45abbaa89518e5705d9bd894b166090f
.data 0xa6a0 0x680 0x680 0.01 e9347a51f9c6aa7b793dee656f75c489
INIT 0xad20 0x7be 0x7c0 5.32 b113d0687688de4ef26b4698ad132634
.reloc 0xb4e0 0xbd8 0xbe0 5.16 cb0780a248c72f8bb709940908086879
( 2 imports )
> ntoskrnl.exe: IofCompleteRequest, KeGetCurrentThread, IoRemoveShareAccess, CcUninitializeCacheMap, CcPurgeCacheSection, MmFlushImageSection, CcFlushCache, MmForceSectionClosed, ExAcquireResourceExclusiveLite, sprintf, IoCheckShareAccess, IoSetShareAccess, wcsstr, RtlAppendUnicodeToString, memmove, DbgPrint, RtlInitUnicodeString, MmMapLockedPages, ExAcquireResourceSharedLite, KeQuerySystemTime, ExInitializeResourceLite, ExDeleteResourceLite, _wcsicmp, ZwClose, ObReferenceObjectByHandle, ZwCreateFile, ObOpenObjectByPointer, ZwQueryInformationFile, ZwSetInformationFile, ObfDereferenceObject, ZwReadFile, ZwWriteFile, RtlLargeIntegerDivide, KeEnterCriticalRegion, ExReleaseResourceForThreadLite, ExQueueWorkItem, IoCreateDevice, IoDeleteSymbolicLink, IoDeleteDevice, IoUnregisterShutdownNotification, IoCreateSymbolicLink, ExAllocatePoolWithTag, ExFreePool, ExInitializeZone, KeInitializeSpinLock, IoGetTopLevelIrp, KeBugCheckEx, IoIsOperationSynchronous, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, CcMdlWriteComplete, CcMdlReadComplete, RtlEqualUnicodeString, RtlAnsiStringToUnicodeString, RtlUnicodeStringToAnsiString, ZwQueryValueKey, ZwOpenKey, KeInitializeMutex, _stricmp, IoUnregisterFileSystem, FsRtlDeregisterUncProvider, ZwUnmapViewOfSection, KeWaitForSingleObject, KeSetEvent, ZwMapViewOfSection, ZwOpenSection, RtlUnwind, IoSetTopLevelIrp, KeLeaveCriticalRegion, FsRtlRegisterUncProvider, IoRegisterFileSystem
> HAL.dll: KfAcquireSpinLock, KfReleaseSpinLock, KeGetCurrentIrql
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Application Updater - je od Spigot, Inc. jinak ten toolbar přesně nevím (byl jsem naprsto vystražený, hned jsem vytrhl kabel od netu), ale instaloval jsem program free video converter myslím 2.7 (zašrhl jsem že ten toolbar neinstalovat) www.studna.cz/koyote-free-video-converter-p-14162.html , a zadruhé ten NetDrive je na připojení FTP ale ten již nevyužívám tak jsem to dnes odinstaloval.
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.30.00 2010.05.29 -
AntiVir 8.2.1.242 2010.05.28 -
Antiy-AVL 2.0.3.7 2010.05.26 -
Authentium 5.2.0.5 2010.05.29 -
Avast 4.8.1351.0 2010.05.29 -
Avast5 5.0.332.0 2010.05.29 -
AVG 9.0.0.787 2010.05.29 -
BitDefender 7.2 2010.05.29 -
CAT-QuickHeal 10.00 2010.05.29 -
ClamAV 0.96.0.3-git 2010.05.29 -
Comodo 4945 2010.05.29 -
DrWeb 5.0.2.03300 2010.05.29 -
eSafe 7.0.17.0 2010.05.27 -
eTrust-Vet 35.2.7519 2010.05.29 -
F-Prot 4.6.0.103 2010.05.29 -
F-Secure 9.0.15370.0 2010.05.29 -
Fortinet 4.1.133.0 2010.05.29 -
GData 21 2010.05.29 -
Ikarus T3.1.1.84.0 2010.05.29 -
Jiangmin 13.0.900 2010.05.28 -
Kaspersky 7.0.0.125 2010.05.29 -
McAfee 5.400.0.1158 2010.05.29 -
McAfee-GW-Edition 2010.1 2010.05.29 Heuristic.BehavesLike.Win32.Rootkit.H
Microsoft 1.5802 2010.05.29 -
NOD32 5154 2010.05.28 -
Norman 6.04.12 2010.05.29 -
nProtect 2010-05-29.01 2010.05.29 -
Panda 10.0.2.7 2010.05.29 -
PCTools 7.0.3.5 2010.05.29 -
Prevx 3.0 2010.05.29 -
Rising 22.49.05.04 2010.05.29 -
Sophos 4.53.0 2010.05.29 -
Sunbelt 6374 2010.05.29 -
Symantec 20101.1.0.89 2010.05.29 -
TheHacker 6.5.2.0.288 2010.05.27 -
TrendMicro 9.120.0.1004 2010.05.29 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.29 -
VBA32 3.12.12.5 2010.05.29 -
ViRobot 2010.5.20.2326 2010.05.28 -
VirusBuster 5.0.27.0 2010.05.29 -
Rozšiřující informace
File size: 67032 bytes
MD5...: facf0e05c492c381fc24e2fa7aa80bce
SHA1..: 10895c6dcf4d0e85567d195c0112821176a1cb18
SHA256: 7afea56fc8bed77dabe6ae83f89c76bffe4c0389d277f941e1fd9c2e643405ae
ssdeep: 1536:gdH0EHzIikKbpUNZpA2xraVkEFAzD3QDnt7sxMI7jY4Ny:gdH0EHzIIbpUN
ZpFxraVFAzDQDtIVE
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x75f4
timedatestamp.....: 0x3de53bce (Wed Nov 27 21:40:30 2002)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x260 0xa436 0xa440 6.13 45abbaa89518e5705d9bd894b166090f
.data 0xa6a0 0x680 0x680 0.01 e9347a51f9c6aa7b793dee656f75c489
INIT 0xad20 0x7be 0x7c0 5.32 b113d0687688de4ef26b4698ad132634
.reloc 0xb4e0 0xbd8 0xbe0 5.16 cb0780a248c72f8bb709940908086879
( 2 imports )
> ntoskrnl.exe: IofCompleteRequest, KeGetCurrentThread, IoRemoveShareAccess, CcUninitializeCacheMap, CcPurgeCacheSection, MmFlushImageSection, CcFlushCache, MmForceSectionClosed, ExAcquireResourceExclusiveLite, sprintf, IoCheckShareAccess, IoSetShareAccess, wcsstr, RtlAppendUnicodeToString, memmove, DbgPrint, RtlInitUnicodeString, MmMapLockedPages, ExAcquireResourceSharedLite, KeQuerySystemTime, ExInitializeResourceLite, ExDeleteResourceLite, _wcsicmp, ZwClose, ObReferenceObjectByHandle, ZwCreateFile, ObOpenObjectByPointer, ZwQueryInformationFile, ZwSetInformationFile, ObfDereferenceObject, ZwReadFile, ZwWriteFile, RtlLargeIntegerDivide, KeEnterCriticalRegion, ExReleaseResourceForThreadLite, ExQueueWorkItem, IoCreateDevice, IoDeleteSymbolicLink, IoDeleteDevice, IoUnregisterShutdownNotification, IoCreateSymbolicLink, ExAllocatePoolWithTag, ExFreePool, ExInitializeZone, KeInitializeSpinLock, IoGetTopLevelIrp, KeBugCheckEx, IoIsOperationSynchronous, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, CcMdlWriteComplete, CcMdlReadComplete, RtlEqualUnicodeString, RtlAnsiStringToUnicodeString, RtlUnicodeStringToAnsiString, ZwQueryValueKey, ZwOpenKey, KeInitializeMutex, _stricmp, IoUnregisterFileSystem, FsRtlDeregisterUncProvider, ZwUnmapViewOfSection, KeWaitForSingleObject, KeSetEvent, ZwMapViewOfSection, ZwOpenSection, RtlUnwind, IoSetTopLevelIrp, KeLeaveCriticalRegion, FsRtlRegisterUncProvider, IoRegisterFileSystem
> HAL.dll: KfAcquireSpinLock, KfReleaseSpinLock, KeGetCurrentIrql
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Application Updater - je od Spigot, Inc. jinak ten toolbar přesně nevím (byl jsem naprsto vystražený, hned jsem vytrhl kabel od netu), ale instaloval jsem program free video converter myslím 2.7 (zašrhl jsem že ten toolbar neinstalovat) www.studna.cz/koyote-free-video-converter-p-14162.html , a zadruhé ten NetDrive je na připojení FTP ale ten již nevyužívám tak jsem to dnes odinstaloval.
Re: Prosím o kontrolu logu - RSIT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:56:54, on 29.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\MSTMON_Q.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1350WStatusDisplay] C:\WINDOWS\system32\MSTMON_Q.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Aladdin SQL Server - Unknown owner - C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9b3da640e8d4c) (gupdate1c9b3da640e8d4c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
--
End of file - 7373 bytes
Scan saved at 19:56:54, on 29.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\MSTMON_Q.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1350WStatusDisplay] C:\WINDOWS\system32\MSTMON_Q.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Aladdin SQL Server - Unknown owner - C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9b3da640e8d4c) (gupdate1c9b3da640e8d4c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
--
End of file - 7373 bytes
Re: Prosím o kontrolu logu - RSIT
Čau, pc je vpohodě, procesů tak jako vždy. Asi jsem spanikařil, ale opravdu než jsem něco mohl dělat tak jsem musel ručně zavřít asi 2-3 procesi které tam nemají co dělat, potom jsem si řekl že povolím net a rychle stáhnu combofix. Ovšem net nešel povolit, tak jsem si otevřel úlohy a kuknu a při povolování jeden úkol hlásila aktivitu, tak jsem tu ručně ukončil a ihned sem net povolil. Ovšem odkaz na combofix nefungoval, proto jsem použil starý combofix, ale pak jsem vklidu našel nový. Asi to byla shoda náhod, nebo zrovna měli na stránce vývojáři vir. Používám Nod 32 ovšem ten den mi skončila testovací verze, už jsem si stáhl novou testovací verzi. Jo a ten combofix odstranil asi 70 souborů, ale hodně jich bylo právě z toho toolbaru. Myslím si pokud ta nic nevidíš tak že to bude zase OK, rozhodně ti děkuju a příště budu logy ukládat.
Re: Prosím o kontrolu logu - RSIT
Já čistím pc každý týden, někdy 2x za týden ccleanerem, ano combofix vždy odinstaluji. Myslím že to bude vše, a doufám že tu brzo nebudu otravovat znovu díky za tvůj čas.
díky za tvůj čas.
Přispějete na provoz fóra?