Kontrola Logu

Zpráva

Wpit1 · #1 Příspěvek od **Wpit1** » 26 črc 2010 19:54

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dusan at 2010-07-26 20:51:22
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 4 GB (8%) free of 57 GB
Total RAM: 767 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:43, on 26.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Dusan\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Dusan.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 3208 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for Dusan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2007-03-14 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\Documents and Settings\Dusan\Plocha\CS servery\hl.exe"="C:\Documents and Settings\Dusan\Plocha\CS servery\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\RndLabs\BaboViolent 2\bv2.exe"="C:\Program Files\RndLabs\BaboViolent 2\bv2.exe:*:Enabled:bv2"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\CS hamachi\hl.exe"="C:\Program Files\CS hamachi\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\CS\hl.exe"="C:\Program Files\CS\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\CS digital zone\hl.exe"="C:\Program Files\CS digital zone\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Babo Violent 2\bv2.exe"="C:\Program Files\Babo Violent 2\bv2.exe:*:Enabled:bv2"
"C:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe"="C:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe:*:Enabled:GG E-Sports Platform Client"
"C:\Documents and Settings\Dusan\Plocha\WoW-enGB-Installer-downloader.exe"="C:\Documents and Settings\Dusan\Plocha\WoW-enGB-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"D:\CS\Valve\Steam\SteamApps\ufo895\counter-strike\hl.exe"="D:\CS\Valve\Steam\SteamApps\ufo895\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Ocean Technology\GG E-Sports Platform\Garena.exe"="C:\Program Files\Ocean Technology\GG E-Sports Platform\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"D:\CS\Valve\Steam\SteamApps\ufo895\condition zero\hl.exe"="D:\CS\Valve\Steam\SteamApps\ufo895\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\RndLabs\BaboViolent 2\bv2Dedicated.exe"="C:\Program Files\RndLabs\BaboViolent 2\bv2Dedicated.exe:*:Enabled:bv2Dedicated"
"C:\Program Files\BABO VIOLENT2\BaboViolent2.exe"="C:\Program Files\BABO VIOLENT2\BaboViolent2.exe:*:Enabled:BaboViolent2"
"C:\Program Files\BABO VIOLENT2\bv2.exe"="C:\Program Files\BABO VIOLENT2\bv2.exe:*:Enabled:bv2"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\CS\SteamApps\ufo895\counter-strike\hl.exe"="D:\CS\SteamApps\ufo895\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Soldat\Soldat.exe"="C:\Soldat\Soldat.exe:*:Enabled:Soldat"
"C:\Program Files\BV2\bv2.exe"="C:\Program Files\BV2\bv2.exe:*:Enabled:bv2"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\Program Files\Ventrilo\Ventrilo.exe"="E:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"E:\Program Files\call of duty 2\Call of Duty 2\CoD2MP_s.exe"="E:\Program Files\call of duty 2\Call of Duty 2\CoD2MP_s.exe:*:Disabled:CoD2MP_s"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\QIP Infium\infium.exe"="C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"E:\Program Files\Counter Strike Steam\SteamApps\ufo895\counter-strike\hl.exe"="E:\Program Files\Counter Strike Steam\SteamApps\ufo895\counter-strike\hl.exe:*:Enabled:Counter-Strike"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4689b48d-0a2d-11dd-b400-000c76bb169a}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3ebd774-17a6-11dd-b417-000c76bb169a}]
shell\Auto\command - rejoice101.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL rejoice101.exe

======File associations======

.bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"
.ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"

======List of files/folders created in the last 1 months======

2010-07-14 21:04:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-10 11:58:58 ----N---- C:\WINDOWS\system32\vxblock.dll
2010-07-10 11:58:58 ----N---- C:\WINDOWS\system32\pxwave.dll
2010-07-10 11:58:58 ----N---- C:\WINDOWS\system32\pxsfs.dll
2010-07-10 11:58:58 ----N---- C:\WINDOWS\system32\pxmas.dll
2010-07-10 11:58:58 ----N---- C:\WINDOWS\system32\pxdrv.dll
2010-07-10 11:58:58 ----N---- C:\WINDOWS\system32\pxafs.dll
2010-07-10 11:58:58 ----N---- C:\WINDOWS\system32\px.dll
2010-07-06 14:07:58 ----D---- C:\Program Files\GTA2

======List of files/folders modified in the last 1 months======

2010-07-26 20:51:30 ----D---- C:\Program Files\trend micro
2010-07-26 20:51:29 ----D---- C:\Temp
2010-07-26 20:27:22 ----D---- C:\Documents and Settings\Dusan\Data aplikací\Skype
2010-07-26 20:02:01 ----D---- C:\WINDOWS\Temp
2010-07-26 17:49:41 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-07-26 13:36:20 ----D---- C:\Program Files\W3
2010-07-26 12:28:44 ----D---- C:\WINDOWS\Prefetch
2010-07-26 12:23:21 ----D---- C:\Documents and Settings\Dusan\Data aplikací\skypePM
2010-07-26 11:52:10 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-26 00:45:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-25 17:02:36 ----D---- C:\Program Files\Garena
2010-07-24 19:22:32 ----SHD---- C:\WINDOWS\Installer
2010-07-24 19:22:32 ----SHD---- C:\Config.Msi
2010-07-24 19:22:32 ----RD---- C:\Program Files
2010-07-23 12:36:38 ----D---- C:\WINDOWS
2010-07-22 16:02:51 ----D---- C:\WINDOWS\system32\drivers
2010-07-22 15:59:52 ----D---- C:\Documents and Settings\Dusan\Data aplikací\Hamachi
2010-07-22 13:35:52 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-14 21:04:50 ----HD---- C:\WINDOWS\inf
2010-07-14 21:04:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-14 21:04:40 ----D---- C:\WINDOWS\system32
2010-07-14 21:04:17 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-10 13:57:51 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-10 13:57:35 ----RSD---- C:\WINDOWS\assembly
2010-07-10 13:55:03 ----D---- C:\WINDOWS\system32\DirectX
2010-07-10 12:01:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2010-07-10 11:58:55 ----D---- C:\Program Files\DivX
2010-07-09 18:38:48 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-02 21:39:05 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-09-07 28544]
R1 prodrv03;Star Force copy protection driver v3; C:\WINDOWS\System32\drivers\prodrv03.sys [2007-08-07 115968]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-02-12 196752]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 42496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100417.002\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100417.002\navex15.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-09-07 91136]
S3 abozqoug;abozqoug; C:\WINDOWS\system32\drivers\abozqoug.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
S3 GarenaPEngine;GarenaPEngine; \??\C:\Temp\TUT95.tmp []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HwIOctl;HwIOctl; C:\WINDOWS\system32\drivers\HwIOctl.sys []
S3 Memctl;Memctl; C:\WINDOWS\system32\drivers\Memctl.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-07-27 10368]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-02-12 12944]
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-02-12 110736]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-02-12 31888]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20100415.001\symidsco.sys []
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-02-12 28304]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-02-12 24720]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-05-29 39424]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-11-21 202344]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-11-21 169576]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [2007-03-14 31424]
R2 ISSVC;IS Service; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [2007-03-05 87680]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 SymSecurePort;Symantec SecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [2007-03-05 173696]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-02-12 214672]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2007-03-14 116416]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-01-10 1160792]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 gupdate1ca6eaedcab59e4;Služba Google Update (gupdate1ca6eaedcab59e4); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-26 133104]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-19 138168]
S4 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-09-07 1151090]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]
S4 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-05-14 272024]
S4 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [2007-03-14 1816768]

-----------------EOF-----------------
Předem díky za kontrolu.

#2 Příspěvek od **Rudy** » 26 črc 2010 20:23

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Wpit1 · #3 Příspěvek od **Wpit1** » 26 črc 2010 21:50

ComboFix 10-07-24.06 - Dusan 26.07.2010 22:38:10.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.767.423 [GMT 2:00]
Spuštěný z: c:\documents and settings\Dusan\Dokumenty\Downloads\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *disabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dusan\DokumentyIbX3Rq_save2pc.exe
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\MSVCP71.DLL
c:\program files\RelevantKnowledge\MSVCR71.DLL
c:\program files\RelevantKnowledge\rlservice.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-26 do 2010-07-26 )))))))))))))))))))))))))))))))
.

2010-07-26 20:43 . 2010-07-26 20:43 53248 ----a-w- c:\temp\catchme.dll
2010-07-26 15:50 . 2010-07-26 20:42 -------- d-----w- c:\temp\div39.tmp
2010-07-26 15:50 . 2010-07-26 15:50 -------- d-----w- c:\temp\WPDNSE
2010-07-26 09:47 . 2010-07-26 09:47 -------- d-----w- c:\temp\scoped_dir15034
2010-07-26 09:47 . 2010-07-26 09:47 -------- d-----w- c:\temp\scoped_dir13306
2010-07-26 09:44 . 2010-07-26 20:42 -------- d-----w- c:\temp\div38.tmp
2010-07-26 09:33 . 2010-07-26 20:42 -------- d-----w- c:\temp\div37.tmp
2010-07-25 21:11 . 2010-07-25 21:11 -------- d-----w- c:\temp\scoped_dir29114
2010-07-25 21:11 . 2010-07-25 21:11 -------- d-----w- c:\temp\scoped_dir29110
2010-07-25 12:13 . 2010-07-26 20:42 -------- d-----w- c:\temp\div36.tmp
2010-07-24 16:06 . 2010-07-26 20:42 -------- d-----w- c:\temp\div35.tmp
2010-07-23 11:05 . 2010-07-23 11:05 -------- d-----w- c:\temp\scoped_dir6977
2010-07-23 11:05 . 2010-07-23 11:05 -------- d-----w- c:\temp\scoped_dir1422
2010-07-23 10:36 . 2010-07-26 20:42 -------- d-----w- c:\temp\div34.tmp
2010-07-22 13:40 . 2010-07-22 13:40 -------- d-----w- c:\temp\scoped_dir29061
2010-07-22 13:40 . 2010-07-22 13:40 -------- d-----w- c:\temp\scoped_dir11797
2010-07-22 08:36 . 2010-07-26 20:42 -------- d-----w- c:\temp\div33.tmp
2010-07-21 08:52 . 2010-07-21 08:52 -------- d-----w- c:\temp\scoped_dir918
2010-07-21 08:52 . 2010-07-21 08:52 -------- d-----w- c:\temp\scoped_dir29405
2010-07-21 08:47 . 2010-07-26 20:42 -------- d-----w- c:\temp\div32.tmp
2010-07-20 09:21 . 2010-07-20 09:21 -------- d-----w- c:\temp\scoped_dir19359
2010-07-20 09:21 . 2010-07-20 09:21 -------- d-----w- c:\temp\scoped_dir15184
2010-07-20 09:12 . 2010-07-26 20:42 -------- d-----w- c:\temp\div31.tmp
2010-07-19 09:12 . 2010-07-19 09:12 -------- d-----w- c:\temp\scoped_dir8196
2010-07-19 09:12 . 2010-07-19 09:12 -------- d-----w- c:\temp\scoped_dir30296
2010-07-19 09:00 . 2010-07-26 20:42 -------- d-----w- c:\temp\div30.tmp
2010-07-18 11:47 . 2010-07-26 20:42 -------- d-----w- c:\temp\div2F.tmp
2010-07-17 10:30 . 2010-07-17 10:30 -------- d-----w- c:\temp\scoped_dir5575
2010-07-17 10:30 . 2010-07-17 10:30 -------- d-----w- c:\temp\scoped_dir10242
2010-07-17 09:15 . 2010-07-26 20:42 -------- d-----w- c:\temp\div2E.tmp
2010-07-16 19:41 . 2010-07-16 19:41 -------- d-----w- c:\temp\scoped_dir28115
2010-07-16 19:41 . 2010-07-16 19:41 -------- d-----w- c:\temp\scoped_dir25668
2010-07-16 10:41 . 2010-07-26 20:42 -------- d-----w- c:\temp\div2D.tmp
2010-07-16 10:17 . 2010-07-16 10:17 -------- d-----w- c:\temp\scoped_dir25964
2010-07-16 10:17 . 2010-07-16 10:17 -------- d-----w- c:\temp\scoped_dir15882
2010-07-16 07:05 . 2010-07-16 07:05 -------- d-----w- c:\temp\scoped_dir28552
2010-07-16 07:05 . 2010-07-16 07:05 -------- d-----w- c:\temp\scoped_dir10939
2010-07-16 06:58 . 2010-07-26 20:42 -------- d-----w- c:\temp\div2C.tmp
2010-07-15 07:30 . 2010-07-26 20:42 -------- d-----w- c:\temp\div2B.tmp
2010-07-14 08:12 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-14 08:10 . 2010-07-26 20:42 -------- d-----w- c:\temp\div29.tmp
2010-07-13 14:40 . 2010-07-26 20:42 -------- d-----w- c:\temp\div28.tmp
2010-07-13 09:04 . 2010-07-26 20:42 -------- d-----w- c:\temp\div27.tmp
2010-07-12 09:00 . 2010-07-26 20:42 -------- d-----w- c:\temp\div26.tmp
2010-07-11 15:56 . 2010-07-26 20:42 -------- d-----w- c:\temp\div24.tmp
2010-07-11 10:03 . 2010-07-26 20:42 -------- d-----w- c:\temp\div23.tmp
2010-07-10 09:58 . 2010-06-09 23:01 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-07-10 09:58 . 2010-06-09 23:01 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-07-10 09:58 . 2010-06-09 23:01 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-07-10 09:58 . 2010-06-09 23:01 133616 ------w- c:\windows\system32\pxafs.dll
2010-07-10 09:56 . 2010-07-26 20:42 -------- d-----w- c:\temp\div2A.tmp
2010-07-10 09:55 . 2010-07-26 20:42 -------- d-----w- c:\temp\div25.tmp
2010-07-10 09:54 . 2010-07-26 20:42 -------- d-----w- c:\temp\div22.tmp
2010-07-09 16:09 . 2010-07-26 20:42 -------- d-----w- c:\temp\div21.tmp
2010-07-08 09:28 . 2010-07-26 20:42 -------- d-----w- c:\temp\div20.tmp
2010-07-07 08:21 . 2010-07-26 20:42 -------- d-----w- c:\temp\div1F.tmp
2010-07-06 12:07 . 2010-07-06 12:09 -------- d-----w- c:\program files\GTA2
2010-07-06 09:19 . 2010-07-26 20:42 -------- d-----w- c:\temp\div1E.tmp
2010-07-05 06:21 . 2010-07-26 20:42 -------- d-----w- c:\temp\div1D.tmp
2010-07-04 09:19 . 2010-07-26 20:42 -------- d-----w- c:\temp\div1C.tmp
2010-07-03 14:51 . 2010-07-26 20:42 -------- d-----w- c:\temp\chrome_6071
2010-07-03 14:50 . 2010-07-26 20:42 -------- d-----w- c:\temp\div1B.tmp
2010-07-01 07:57 . 2010-07-26 20:42 -------- d-----w- c:\temp\div1A.tmp
2010-06-30 20:33 . 2010-07-26 20:42 -------- d-----w- c:\temp\div19.tmp
2010-06-30 08:37 . 2010-07-26 20:42 -------- d-----w- c:\temp\div18.tmp
2010-06-29 14:52 . 2010-07-26 20:42 -------- d-----w- c:\temp\div17.tmp
2010-06-28 19:40 . 2010-07-26 20:42 -------- d-----w- c:\temp\div16.tmp
2010-06-27 16:32 . 2010-07-26 20:42 -------- d-----w- c:\temp\div15.tmp
2010-06-27 07:18 . 2010-07-26 20:42 -------- d-----w- c:\temp\div14.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-26 20:18 . 2007-07-26 12:39 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-26 20:17 . 2007-07-26 12:44 40 ----a-w- c:\windows\system32\profile.dat
2010-07-26 18:51 . 2010-04-18 17:01 -------- d-----w- c:\program files\trend micro
2010-07-26 11:36 . 2007-10-26 13:39 -------- d-----w- c:\program files\W3
2010-07-25 15:02 . 2008-06-28 13:51 -------- d-----w- c:\program files\Garena
2010-07-10 11:57 . 2007-07-27 05:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-10 09:58 . 2010-06-10 16:16 -------- d-----w- c:\program files\DivX
2010-06-23 21:57 . 2006-03-02 12:00 82486 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 21:57 . 2006-03-02 12:00 437672 ----a-w- c:\windows\system32\perfh005.dat
2010-06-14 14:31 . 2007-07-26 11:47 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 14:20 . 2010-06-13 14:20 -------- d-----w- c:\program files\Common Files\Skype
2010-06-10 19:54 . 2010-06-10 19:54 -------- d-----w- c:\program files\Norton Security Scan
2010-06-10 19:54 . 2010-06-10 19:54 -------- d-----w- c:\program files\NortonInstaller
2010-06-10 19:34 . 2010-06-10 19:34 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-10 17:08 . 2010-06-10 16:52 -------- d-----w- c:\program files\Rising Research
2010-06-09 23:01 . 2010-06-10 19:35 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2010-06-10 19:35 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-05-04 17:18 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:18 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:18 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-05-02 08:09 . 2006-03-02 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2008-10-28 16:39 . 2010-04-18 16:43 241664 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
2004-03-11 11:27 . 2008-09-21 15:44 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\RndLabs\\BaboViolent 2\\bv2.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\Garena.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\RndLabs\\BaboViolent 2\\bv2Dedicated.exe"=
"c:\\Program Files\\BABO VIOLENT2\\BaboViolent2.exe"=
"c:\\Program Files\\BABO VIOLENT2\\bv2.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Soldat\\Soldat.exe"=
"c:\\Program Files\\BV2\\bv2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"e:\\Program Files\\call of duty 2\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"e:\\Program Files\\Counter Strike Steam\\SteamApps\\ufo895\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard Downloader
"13029:TCP"= 13029:TCP:BitComet 13029 TCP
"13029:UDP"= 13029:UDP:BitComet 13029 UDP

R1 prodrv03;Star Force copy protection driver v3;c:\windows\system32\drivers\prodrv03.sys [7.8.2007 20:35 115968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [28.8.2009 17:06 102448]
S3 GarenaPEngine;GarenaPEngine;\??\c:\temp\TUT95.tmp --> c:\temp\TUT95.tmp [?]
S3 HwIOctl;HwIOctl; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [18.4.2010 20:23 38224]
S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [14.3.2007 19:48 116416]
S4 gupdate1ca6eaedcab59e4;Služba Google Update (gupdate1ca6eaedcab59e4);c:\program files\Google\Update\GoogleUpdate.exe [26.11.2009 17:41 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.4.2008 19:53 717296]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 15:40]

2010-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 15:40]

2010-07-25 c:\windows\Tasks\Norton Security Scan for Dusan.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-10 07:48]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
FF - ProfilePath - c:\documents and settings\Dusan\Data aplikací\Mozilla\Firefox\Profiles\fhe9zq6m.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com?o=14780&l=dis
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: e:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Babo Violent 2_is1 - c:\program files\Babo Violent 2\unins000.exe
AddRemove- 2573_is1 - c:\program files\ICQ5.1\unins000.exe
AddRemove-Icy Tower_is1 - c:\games\icytower1.3\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-26 22:43
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\temp\TUT95.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
Celkový čas: 2010-07-26 22:47:34
ComboFix-quarantined-files.txt 2010-07-26 20:47

Před spuštěním: 5 105 696 768
Po spuštění: 5 610 086 400

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - E06AE99A54136171C4F4E1F33953C6EF

#4 Příspěvek od **Rudy** » 26 črc 2010 22:36

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4689b48d-0a2d-11dd-b400-000c76bb169a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3ebd774-17a6-11dd-b417-000c76bb169a}]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Wpit1 · #5 Příspěvek od **Wpit1** » 27 črc 2010 08:31

Udělal jsem to, ale program Combofix nic dalšího nesmazal. Proto zde přikládám Log který mi z toho vyšel. Možná jsem si toho jen nevšiml.

ComboFix 10-07-24.06 - Dusan 27.07.2010 9:19.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.767.361 [GMT 2:00]
Spuštěný z: c:\documents and settings\Dusan\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Dusan\Plocha\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *disabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-06-27 do 2010-07-27 )))))))))))))))))))))))))))))))
.

2010-07-27 07:25 . 2010-07-27 07:25 53248 -c--a-w- c:\temp\catchme.dll
2010-07-27 07:19 . 2010-07-27 07:19 -------- dc----w- c:\temp\WPDNSE
2010-07-10 09:58 . 2010-06-09 23:01 9072 -c----w- c:\windows\system32\drivers\cdr4_xp.sys
2010-07-10 09:58 . 2010-06-09 23:01 45648 -c----w- c:\windows\system32\drivers\PxHelp20.sys
2010-07-10 09:58 . 2010-06-09 23:01 9200 -c----w- c:\windows\system32\drivers\cdralw2k.sys
2010-07-10 09:58 . 2010-06-09 23:01 133616 -c----w- c:\windows\system32\pxafs.dll
2010-07-06 12:07 . 2010-07-26 21:19 -------- dc----w- c:\program files\GTA2

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-27 07:03 . 2007-07-26 12:39 -------- dc----w- c:\program files\Common Files\Symantec Shared
2010-07-27 07:01 . 2007-07-26 12:44 40 ----a-w- c:\windows\system32\profile.dat
2010-07-26 21:36 . 2006-03-02 12:00 82540 -c--a-w- c:\windows\system32\perfc005.dat
2010-07-26 21:36 . 2006-03-02 12:00 437726 -c--a-w- c:\windows\system32\perfh005.dat
2010-07-26 21:30 . 2007-07-27 05:45 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-07-26 21:28 . 2008-08-28 18:16 -------- dc----w- c:\program files\ElastoMania111
2010-07-26 21:21 . 2008-12-12 16:01 -------- dc----w- c:\program files\icytower1.3
2010-07-26 21:17 . 2008-09-27 20:38 -------- dc----w- c:\program files\Miranda IM
2010-07-26 21:15 . 2008-03-29 08:46 -------- dc----w- c:\program files\freebird
2010-07-26 21:12 . 2009-06-28 10:31 -------- dc----w- c:\program files\Skype Recorder
2010-07-26 18:51 . 2010-04-18 17:01 -------- dc----w- c:\program files\trend micro
2010-07-26 11:36 . 2007-10-26 13:39 -------- dc----w- c:\program files\W3
2010-07-25 15:02 . 2008-06-28 13:51 -------- dc----w- c:\program files\Garena
2010-07-10 09:58 . 2010-06-10 16:16 -------- dc----w- c:\program files\DivX
2010-06-14 14:31 . 2007-07-26 11:47 744448 -c--a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 14:20 . 2010-06-13 14:20 -------- dc----w- c:\program files\Common Files\Skype
2010-06-10 19:54 . 2010-06-10 19:54 -------- dc----w- c:\program files\Norton Security Scan
2010-06-10 19:54 . 2010-06-10 19:54 -------- dc----w- c:\program files\NortonInstaller
2010-06-10 19:34 . 2010-06-10 19:34 -------- dc----w- c:\program files\Common Files\DivX Shared
2010-06-10 17:08 . 2010-06-10 16:52 -------- dc----w- c:\program files\Rising Research
2010-06-09 23:01 . 2010-06-10 19:35 126448 -c----w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2010-06-10 19:35 123888 -c----w- c:\windows\system32\pxcpyi64.exe
2010-05-04 17:18 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:18 . 2006-03-02 12:00 78336 -c--a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:18 . 2006-03-02 12:00 17408 -c----w- c:\windows\system32\corpol.dll
2010-05-02 08:09 . 2006-03-02 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2008-10-28 16:39 . 2010-04-18 16:43 241664 -c--a-w- c:\program files\Uninstall Ask Toolbar.dll
2004-03-11 11:27 . 2008-09-21 15:44 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\RndLabs\\BaboViolent 2\\bv2.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\Garena.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\RndLabs\\BaboViolent 2\\bv2Dedicated.exe"=
"c:\\Program Files\\BABO VIOLENT2\\BaboViolent2.exe"=
"c:\\Program Files\\BABO VIOLENT2\\bv2.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\BV2\\bv2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\call of duty 2\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"e:\\Program Files\\Counter Strike Steam\\SteamApps\\ufo895\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard Downloader
"13029:TCP"= 13029:TCP:BitComet 13029 TCP
"13029:UDP"= 13029:UDP:BitComet 13029 UDP

R1 prodrv03;Star Force copy protection driver v3;c:\windows\system32\drivers\prodrv03.sys [7.8.2007 20:35 115968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [28.8.2009 17:06 102448]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.4.2008 19:53 717296]
S3 GarenaPEngine;GarenaPEngine;\??\c:\temp\TUT95.tmp --> c:\temp\TUT95.tmp [?]
S3 HwIOctl;HwIOctl; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [18.4.2010 20:23 38224]
S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [14.3.2007 19:48 116416]
S4 gupdate1ca6eaedcab59e4;Služba Google Update (gupdate1ca6eaedcab59e4);c:\program files\Google\Update\GoogleUpdate.exe [26.11.2009 17:41 133104]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 15:40]

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 15:40]

2010-07-25 c:\windows\Tasks\Norton Security Scan for Dusan.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-10 07:48]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
FF - ProfilePath - c:\documents and settings\Dusan\Data aplikací\Mozilla\Firefox\Profiles\fhe9zq6m.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com?o=14780&l=dis
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-27 09:25
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\temp\TUT95.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(696)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-07-27 09:28:00
ComboFix-quarantined-files.txt 2010-07-27 07:27
ComboFix2.txt 2010-07-27 07:15
ComboFix3.txt 2010-07-26 20:47

Před spuštěním: Volných bajtů: 12 541 652 992
Po spuštění: Volných bajtů: 12 550 352 896

- - End Of File - - A23D6215B655AFAD059ECC203645417D

#6 Příspěvek od **Rudy** » 27 črc 2010 09:58

Log vypadá čistý. Smazané registry klíče CF nevypisuje.

Wpit1 · #7 Příspěvek od **Wpit1** » 27 črc 2010 17:45

Tak tím pádem díky moc.

#8 Příspěvek od **Rudy** » 27 črc 2010 17:48

Nemáte zač!

VIRY.CZ

Kontrola Logu

Kontrola Logu

Re: Kontrola Logu

Re: Kontrola Logu

Re: Kontrola Logu

Re: Kontrola Logu

Re: Kontrola Logu

Re: Kontrola Logu

Re: Kontrola Logu