Re: Prosím o kontrolu logu
Napsal: 21 kvě 2010 19:26
tady je ten další log, doufám, že tentokrát je to správně.
ComboFix 10-05-20.02 - kaktus 21.05.2010 20:06:21.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.183 [GMT 2:00]
Spuštěný z: d:\programy\MP3\DVD\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\kaktus\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *disabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
* Rezidentní štít AV je zapnutý
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV
-------\Service_mchInjDrv
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-21 do 2010-05-21 )))))))))))))))))))))))))))))))
.
2010-05-07 21:00 . 2004-08-17 22:49 389632 ----a-w- c:\windows\system32\CF19631.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-20 21:02 . 2006-08-11 18:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-20 17:28 . 2009-11-08 14:03 -------- d-----w- c:\program files\trend micro
2010-04-04 12:14 . 2008-12-20 13:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-04 12:12 . 2005-10-23 11:02 -------- d-----w- c:\program files\Java
2010-03-30 14:59 . 2009-10-29 18:17 -------- d-----w- c:\program files\ICQ6.5
2010-03-28 10:21 . 2001-10-25 14:00 74426 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 10:21 . 2001-10-25 14:00 401726 ----a-w- c:\windows\system32\perfh005.dat
2007-04-13 15:27 . 2007-04-13 15:27 220 --sh--w- c:\windows\dwin.sys
2009-05-14 16:09 . 2008-07-25 15:42 2568 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-05-07_12.09.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-21 18:16 . 2010-05-21 18:16 16384 c:\windows\temp\Perflib_Perfdata_ec.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-22 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_14\bin\jusched.exe" [2009-12-15 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2004-09-29 28672]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\programy\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- d:\programy\SUPERAntiSpyware\SASWINLO.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"AlcoholAutomount"="d:\programy\Alcohol 120\Alcohol 120% v1.9.7.6221\Alcohol 120\axcmd.exe" /automount
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"HydraVisionDesktopManager"=c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
"LanguageShortcut"="d:\programy\Cyberlink PowerDVD 7.0 Build 2211a Deluxe Advanced Edition\Cyberlink PowerDVD 7.0 Build 2211a\Language\Language.exe"
"RemoteControl"="d:\programy\Cyberlink PowerDVD 7.0 Build 2211a Deluxe Advanced Edition\Cyberlink PowerDVD 7.0 Build 2211a\PDVDServ.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SMail"="c:\documents and settings\kaktus\Dokumenty\Seznam Pošťák\Postak\Postak.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programy\\kerio 4,2,1\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Programy\\Skype\\Phone\\Skype.exe"=
"d:\\Programy\\limeware\\LimeWire\\LimeWire.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13038:TCP"= 13038:TCP:BitComet 13038 TCP
"13038:UDP"= 13038:UDP:BitComet 13038 UDP
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.7.2006 20:36 716272]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 9:21 33800]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.9.2005 12:05 286720]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.9.2005 12:05 81920]
R1 SASDIFSV;SASDIFSV;d:\programy\SUPERAntiSpyware\SASDIFSV.SYS [12.10.2009 22:24 12872]
R1 SASKUTIL;SASKUTIL;d:\programy\SUPERAntiSpyware\SASKUTIL.SYS [12.10.2009 22:24 68168]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 9:21 468224]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [5.7.2008 13:46 222968]
S2 LF30FS;LF30FS;\??\d:\programy\Lock Folder XP 3.6\LF30XP.sys --> d:\programy\Lock Folder XP 3.6\LF30XP.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [28.1.2007 18:52 16512]
S3 SASENUM;SASENUM;d:\programy\SUPERAntiSpyware\SASENUM.SYS [12.10.2009 22:24 12872]
S3 vaxscsi;vaxscsi;c:\windows\system32\Drivers\vaxscsi.sys --> c:\windows\system32\Drivers\vaxscsi.sys [?]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - MCHINJDRV
*Deregistered* - mchInjDrv
.
Obsah adresáře 'Naplánované úlohy'
2010-05-07 c:\windows\Tasks\1-Click Maintenance.job
- d:\programy\Tune Up\TuneUp 2006\SystemOptimizer.exe [2005-09-21 22:11]
2010-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: Compare Prices with &Dealio - c:\program files\Dealio\kb103\res\DealioSearch.html
IE: Download with &Shareaza - c:\program files\Shareaza\Plugins\RazaWebHook.dll/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {0B5D4FF4-4A58-4986-8FCA-64FD6CD9FD98} = 10.10.2.10,80.82.144.94
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\kaktus\Data aplikací\Mozilla\Firefox\Profiles\7u30veno.Nepojmenovaný\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: d:\programy\adobe reader\Reader\browser\nppdf32.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-(Default) - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-21 20:16
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x823C91F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf857afc3
\Driver\ACPI -> ACPI.sys @ 0xf83d8cb8
\Driver\atapi -> 0x8235d1f8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004
ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004
ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(580)
d:\programy\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3732)
c:\windows\System32\shdoclc.dll
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
d:\programy\Tune Up\TuneUp 2006\WinStylerThemeSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SYSTEM32\astsrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
d:\programy\kerio 4,2,1\Personal Firewall 4\kpf4ss.exe
d:\programy\kerio 4,2,1\Personal Firewall 4\kpf4gui.exe
c:\windows\system32\PSIService.exe
c:\program files\Cyberlink\Shared Files\RichVideo.exe
d:\programy\Alcohol 120\Alcohol 120% v1.9.7.6221\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
d:\programy\kerio 4,2,1\Personal Firewall 4\kpf4gui.exe
.
**************************************************************************
.
Celkový čas: 2010-05-21 20:23:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-21 18:22
ComboFix2.txt 2010-05-20 22:39
ComboFix3.txt 2010-05-20 19:43
ComboFix4.txt 2010-05-20 18:11
ComboFix5.txt 2010-05-21 18:04
Před spuštěním: 2 777 161 728
Po spuštění: 2 771 451 904
- - End Of File - - 88AD7FE359557494C27DB8586B9E8BCA
ComboFix 10-05-20.02 - kaktus 21.05.2010 20:06:21.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.183 [GMT 2:00]
Spuštěný z: d:\programy\MP3\DVD\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\kaktus\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *disabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
* Rezidentní štít AV je zapnutý
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV
-------\Service_mchInjDrv
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-21 do 2010-05-21 )))))))))))))))))))))))))))))))
.
2010-05-07 21:00 . 2004-08-17 22:49 389632 ----a-w- c:\windows\system32\CF19631.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-20 21:02 . 2006-08-11 18:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-20 17:28 . 2009-11-08 14:03 -------- d-----w- c:\program files\trend micro
2010-04-04 12:14 . 2008-12-20 13:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-04 12:12 . 2005-10-23 11:02 -------- d-----w- c:\program files\Java
2010-03-30 14:59 . 2009-10-29 18:17 -------- d-----w- c:\program files\ICQ6.5
2010-03-28 10:21 . 2001-10-25 14:00 74426 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 10:21 . 2001-10-25 14:00 401726 ----a-w- c:\windows\system32\perfh005.dat
2007-04-13 15:27 . 2007-04-13 15:27 220 --sh--w- c:\windows\dwin.sys
2009-05-14 16:09 . 2008-07-25 15:42 2568 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-05-07_12.09.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-21 18:16 . 2010-05-21 18:16 16384 c:\windows\temp\Perflib_Perfdata_ec.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-22 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_14\bin\jusched.exe" [2009-12-15 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2004-09-29 28672]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\programy\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- d:\programy\SUPERAntiSpyware\SASWINLO.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"AlcoholAutomount"="d:\programy\Alcohol 120\Alcohol 120% v1.9.7.6221\Alcohol 120\axcmd.exe" /automount
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"HydraVisionDesktopManager"=c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
"LanguageShortcut"="d:\programy\Cyberlink PowerDVD 7.0 Build 2211a Deluxe Advanced Edition\Cyberlink PowerDVD 7.0 Build 2211a\Language\Language.exe"
"RemoteControl"="d:\programy\Cyberlink PowerDVD 7.0 Build 2211a Deluxe Advanced Edition\Cyberlink PowerDVD 7.0 Build 2211a\PDVDServ.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SMail"="c:\documents and settings\kaktus\Dokumenty\Seznam Pošťák\Postak\Postak.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programy\\kerio 4,2,1\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Programy\\Skype\\Phone\\Skype.exe"=
"d:\\Programy\\limeware\\LimeWire\\LimeWire.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13038:TCP"= 13038:TCP:BitComet 13038 TCP
"13038:UDP"= 13038:UDP:BitComet 13038 UDP
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.7.2006 20:36 716272]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 9:21 33800]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.9.2005 12:05 286720]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.9.2005 12:05 81920]
R1 SASDIFSV;SASDIFSV;d:\programy\SUPERAntiSpyware\SASDIFSV.SYS [12.10.2009 22:24 12872]
R1 SASKUTIL;SASKUTIL;d:\programy\SUPERAntiSpyware\SASKUTIL.SYS [12.10.2009 22:24 68168]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 9:21 468224]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [5.7.2008 13:46 222968]
S2 LF30FS;LF30FS;\??\d:\programy\Lock Folder XP 3.6\LF30XP.sys --> d:\programy\Lock Folder XP 3.6\LF30XP.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [28.1.2007 18:52 16512]
S3 SASENUM;SASENUM;d:\programy\SUPERAntiSpyware\SASENUM.SYS [12.10.2009 22:24 12872]
S3 vaxscsi;vaxscsi;c:\windows\system32\Drivers\vaxscsi.sys --> c:\windows\system32\Drivers\vaxscsi.sys [?]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - MCHINJDRV
*Deregistered* - mchInjDrv
.
Obsah adresáře 'Naplánované úlohy'
2010-05-07 c:\windows\Tasks\1-Click Maintenance.job
- d:\programy\Tune Up\TuneUp 2006\SystemOptimizer.exe [2005-09-21 22:11]
2010-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: Compare Prices with &Dealio - c:\program files\Dealio\kb103\res\DealioSearch.html
IE: Download with &Shareaza - c:\program files\Shareaza\Plugins\RazaWebHook.dll/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {0B5D4FF4-4A58-4986-8FCA-64FD6CD9FD98} = 10.10.2.10,80.82.144.94
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\kaktus\Data aplikací\Mozilla\Firefox\Profiles\7u30veno.Nepojmenovaný\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: d:\programy\adobe reader\Reader\browser\nppdf32.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-(Default) - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-21 20:16
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x823C91F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf857afc3
\Driver\ACPI -> ACPI.sys @ 0xf83d8cb8
\Driver\atapi -> 0x8235d1f8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004
ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004
ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(580)
d:\programy\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3732)
c:\windows\System32\shdoclc.dll
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
d:\programy\Tune Up\TuneUp 2006\WinStylerThemeSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SYSTEM32\astsrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
d:\programy\kerio 4,2,1\Personal Firewall 4\kpf4ss.exe
d:\programy\kerio 4,2,1\Personal Firewall 4\kpf4gui.exe
c:\windows\system32\PSIService.exe
c:\program files\Cyberlink\Shared Files\RichVideo.exe
d:\programy\Alcohol 120\Alcohol 120% v1.9.7.6221\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
d:\programy\kerio 4,2,1\Personal Firewall 4\kpf4gui.exe
.
**************************************************************************
.
Celkový čas: 2010-05-21 20:23:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-21 18:22
ComboFix2.txt 2010-05-20 22:39
ComboFix3.txt 2010-05-20 19:43
ComboFix4.txt 2010-05-20 18:11
ComboFix5.txt 2010-05-21 18:04
Před spuštěním: 2 777 161 728
Po spuštění: 2 771 451 904
- - End Of File - - 88AD7FE359557494C27DB8586B9E8BCA
