Re: Kontrola logu
Napsal: 10 čer 2010 07:36
ano dostanem
Stránka 2 z 3
Re: Kontrola logu
Napsal: 10 čer 2010 18:57
Zkuste obnovu systému k datu, kdy korektně fungoval.
Re: Kontrola logu
Napsal: 10 čer 2010 19:26
kamarat dnes prisiel obnovil system aj subory ale nod zase hlasi blokovanu IP. podla mna ten co hackuje ide podla IP zajtra skusim urobit log v combofix a napisem to sem. na 100 percent tam zase bude keylogger
Re: Kontrola logu
Napsal: 10 čer 2010 20:10
OK. Log z CF dejte.
Re: Kontrola logu
Napsal: 10 čer 2010 20:29
ten dam zajtra. len dufam ze to nebude nejaky hacker co mi neda pokoj
Re: Kontrola logu
Napsal: 10 čer 2010 21:03
Uvidíme.
Re: Kontrola logu
Napsal: 11 čer 2010 07:17
tu je log z nudzoveho rezimu pred obnovou systemu
a tu je dnesny log. uz som tam vydel ako vamazuje keylogger a par veci zo zlozky c:\windows\system32\28463
Dnes planujem format HDD a nasledne nainstalovanie WINDOWSU
Kód: Vybrat vše
ComboFix 10-06-07.01 - peter 10.06.2010 18:01:46.2.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.2046.1674 [GMT 2:00]
Running from: c:\documents and settings\peter\Dokumenty\Downloads\ComboFix.exe
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 )))))))))))))))))))))))))))))))
.
2010-09-28 12:33 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-09-28 12:33 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-09-28 12:33 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-09-28 12:33 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-09-25 16:19 . 2010-09-25 16:19 -------- d-----w- c:\program files\Adobe Media Player
2010-09-25 16:17 . 2010-09-25 16:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-23 11:28 . 2010-09-23 11:28 -------- d-----w- c:\documents and settings\peter\.kbotpro
2010-06-10 15:58 . 2010-06-10 15:58 -------- d-----w- c:\windows\LastGood
2010-06-10 06:34 . 2010-06-10 06:34 -------- d-----w- c:\documents and settings\Administrator
2010-06-08 07:48 . 2010-06-08 07:48 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-06-08 05:46 . 2010-06-08 05:46 -------- d-----w- C:\VritualRoot
2010-06-08 05:43 . 2010-06-08 05:43 -------- d-----w- c:\program files\COMODO
2010-06-07 16:40 . 2010-06-07 16:40 -------- d-----w- C:\rsit
2010-06-07 16:40 . 2010-06-07 16:40 -------- d-----w- c:\program files\trend micro
2010-06-07 13:43 . 2010-06-07 13:43 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-06 18:54 . 2010-06-06 18:54 125440 ----a-w- c:\windows\Kqitaa.exe
2010-06-01 17:00 . 2010-06-01 17:00 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-01 17:00 . 2010-06-01 17:00 87824 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-06-01 17:00 . 2010-06-01 17:00 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-01 17:00 . 2010-06-01 17:00 230360 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-01 17:00 . 2010-06-01 17:00 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-05-19 06:14 . 2010-05-19 06:14 -------- d-----w- c:\documents and settings\peter\.thumbnails
2010-05-19 05:37 . 2010-05-20 15:26 -------- d-----w- c:\documents and settings\peter\.gimp-2.6
2010-05-18 06:46 . 2010-05-18 06:46 -------- d-----w- c:\program files\Sun
2010-05-18 06:26 . 2010-05-18 06:30 -------- d-----w- c:\documents and settings\peter\.SunDownloadManager
2010-05-17 14:04 . 1996-01-09 08:38 283648 ----a-w- c:\windows\uninst.exe
2010-05-17 14:04 . 2010-05-17 14:04 -------- d-----w- c:\documents and settings\peter\WINDOWS
2010-05-12 14:52 . 2010-05-12 14:52 -------- d-----w- c:\program files\Common Files\Winferno
2010-05-12 14:51 . 2006-10-09 11:06 495616 ----a-w- c:\windows\system32\WINUTIL5.DLL
2010-05-12 14:51 . 2006-05-17 06:40 393216 ----a-w- c:\windows\system32\WINLCTL5.DLL
2010-05-12 14:44 . 2010-05-12 14:45 -------- d-----w- c:\program files\botclient
2010-05-12 14:36 . 2010-05-18 07:07 -------- d-----w- c:\program files\Java
2010-05-12 12:42 . 2010-05-12 12:42 -------- d-----w- C:\.jagex_cache_32
2010-05-12 12:30 . 2010-05-12 12:30 -------- d-----w- c:\program files\Free Offers from Freeze.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 12:22 . 2009-09-26 23:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-28 07:00 . 2009-10-17 18:08 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-06-09 15:45 . 2009-09-27 17:33 17488 ----a-w- c:\windows\gdrv.sys
2010-06-09 06:46 . 2010-03-30 14:35 87 ----a-w- c:\documents and settings\peter\jagex_runescape_preferences2.dat
2010-06-09 06:07 . 2010-03-30 14:34 42 ----a-w- c:\documents and settings\peter\jagex_runescape_preferences.dat
2010-06-08 10:31 . 2010-01-26 19:08 -------- d-----w- c:\program files\Cheat Engine
2010-06-08 08:02 . 2009-09-27 18:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-18 07:07 . 2010-05-10 12:58 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-18 07:03 . 2010-04-16 11:04 -------- d-----w- c:\program files\Brothersoft
2010-05-12 14:30 . 2010-03-19 06:27 -------- d-----w- c:\program files\Nokia
2010-05-10 14:32 . 2010-04-16 11:07 -------- d-----w- c:\program files\HyperCam 3
2010-04-20 12:28 . 2010-04-20 12:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-04-20 12:28 . 2010-04-20 12:28 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-04-20 12:21 . 2010-03-19 06:31 -------- d-----w- c:\program files\PC Connectivity Solution
2010-04-19 12:11 . 2010-04-19 12:11 -------- d-----w- c:\program files\Quick Screenshot Maker
2010-04-18 19:56 . 2001-10-25 14:00 82750 ----a-w- c:\windows\system32\perfc005.dat
2010-04-18 19:56 . 2001-10-25 14:00 440984 ----a-w- c:\windows\system32\perfh005.dat
2010-04-17 22:51 . 2010-04-17 22:51 -------- d-----w- c:\program files\MSXML 4.0
2010-04-16 11:07 . 2010-04-16 11:07 -------- d-----w- c:\program files\Common Files\Solveig Multimedia
2010-04-16 11:04 . 2010-04-16 11:04 -------- d-----w- c:\program files\Conduit
2010-04-15 04:28 . 2010-04-15 04:28 -------- d-----w- c:\program files\ODEON
2010-04-13 05:38 . 2009-09-26 23:39 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-13 05:38 . 2009-09-26 23:39 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-04-12 12:45 . 2009-10-25 05:00 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-12 11:32 . 2010-04-11 16:03 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-04-11 19:43 . 2010-04-11 19:43 -------- d-----w- c:\program files\TeamViewer
2010-04-11 15:18 . 2009-09-27 17:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-31 06:00 . 2010-03-31 06:00 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-03-30 14:35 . 2010-03-30 14:35 0 ----a-w- c:\documents and settings\peter\jagex__preferences3.dat
2009-08-28 21:42 . 2009-08-28 21:42 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-08-28 21:42 . 2009-08-28 21:42 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-06-08_05.39.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-14 05:57 . 2008-08-14 05:57 74720 c:\windows\system32\drivers\adfs.sys
+ 2010-06-10 15:58 . 2007-12-21 06:21 33800 c:\windows\LastGood\system32\DRIVERS\epfwtdir.sys
+ 2010-06-10 15:58 . 2007-12-21 06:20 30216 c:\windows\LastGood\system32\DRIVERS\easdrv.sys
+ 2010-06-10 15:58 . 2007-12-21 06:19 39944 c:\windows\LastGood\system32\DRIVERS\eamon.sys
- 2010-03-30 14:34 . 2010-06-07 06:16 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2010-03-30 14:34 . 2010-06-09 05:48 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2010-03-30 14:34 . 2010-06-09 05:48 86016 c:\windows\.jagex_cache_32\runescape\jaggl.dll
- 2010-03-30 14:34 . 2010-06-07 06:16 86016 c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2010-05-14 04:28 . 2010-06-09 05:48 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll
- 2010-05-14 04:28 . 2010-06-07 06:16 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll
+ 2008-07-31 08:16 . 2008-07-31 08:16 947472 c:\windows\system32\msjava.dll
- 2010-03-05 08:13 . 2010-03-05 08:13 947472 c:\windows\system32\msjava.dll
- 2010-03-30 14:34 . 2010-06-07 06:16 831488 c:\windows\.jagex_cache_32\runescape\sw3d.dll
+ 2010-03-30 14:34 . 2010-06-09 05:48 831488 c:\windows\.jagex_cache_32\runescape\sw3d.dll
- 2010-05-14 04:28 . 2010-06-07 06:16 102400 c:\windows\.jagex_cache_32\runescape\jagdx.dll
+ 2010-05-14 04:28 . 2010-06-09 05:48 102400 c:\windows\.jagex_cache_32\runescape\jagdx.dll
- 2010-05-14 04:28 . 2010-06-07 06:16 102400 c:\windows\.jagex_cache_32\runescape\jaclib.dll
+ 2010-05-14 04:28 . 2010-06-09 05:48 102400 c:\windows\.jagex_cache_32\runescape\jaclib.dll
+ 2009-09-27 01:29 . 2010-06-09 04:03 3542504 c:\windows\system32\FNTCACHE.DAT
+ 2010-06-08 05:44 . 2010-06-08 05:44 3649536 c:\windows\Installer\c32ff.msi
+ 2010-06-08 08:07 . 2010-06-08 08:07 3573248 c:\windows\Installer\6d41ba.msi
+ 2010-06-08 08:05 . 2010-06-08 08:05 3085824 c:\windows\Installer\6d41b5.msi
+ 2010-06-08 08:04 . 2010-06-08 08:04 3285504 c:\windows\Installer\6d41af.msi
+ 2010-06-08 08:02 . 2010-06-08 08:02 3174400 c:\windows\Installer\6d41aa.msi
+ 2010-06-08 08:02 . 2010-06-08 08:02 3096064 c:\windows\Installer\6d41a5.msi
+ 2010-06-08 08:01 . 2010-06-08 08:01 4915200 c:\windows\Installer\6d4190.msi
+ 2010-06-08 08:01 . 2010-06-08 08:01 3076608 c:\windows\Installer\6d4185.msi
+ 2010-06-08 08:01 . 2010-06-08 08:01 3076608 c:\windows\Installer\6d4180.msi
+ 2010-06-08 08:00 . 2010-06-08 08:00 3117056 c:\windows\Installer\6d4175.msi
+ 2010-06-08 08:00 . 2010-06-08 08:00 3095552 c:\windows\Installer\6d4170.msi
+ 2010-06-08 07:59 . 2010-06-08 07:59 3831808 c:\windows\Installer\6d416b.msi
+ 2010-06-08 07:58 . 2010-06-08 07:58 3073536 c:\windows\Installer\6d4165.msi
+ 2010-06-08 07:58 . 2010-06-08 07:58 3074048 c:\windows\Installer\6d415f.msi
+ 2010-06-08 07:57 . 2010-06-08 07:57 3073024 c:\windows\Installer\6d4159.msi
+ 2010-06-08 07:57 . 2010-06-08 07:57 3073536 c:\windows\Installer\6d4153.msi
+ 2010-06-08 07:57 . 2010-06-08 07:57 3075072 c:\windows\Installer\6d4149.msi
+ 2010-06-08 07:56 . 2010-06-08 07:56 3089408 c:\windows\Installer\6d4144.msi
+ 2010-06-08 07:56 . 2010-06-08 07:56 3078656 c:\windows\Installer\6d413f.msi
+ 2010-06-08 07:55 . 2010-06-08 07:55 3146240 c:\windows\Installer\6d413a.msi
+ 2010-06-08 07:55 . 2010-06-08 07:55 3150848 c:\windows\Installer\6d4135.msi
+ 2010-06-08 07:55 . 2010-06-08 07:55 3083776 c:\windows\Installer\6d4130.msi
+ 2010-06-08 07:54 . 2010-06-08 07:54 3087360 c:\windows\Installer\6d412b.msi
+ 2010-06-08 07:54 . 2010-06-08 07:54 3186176 c:\windows\Installer\6d4126.msi
+ 2010-06-08 07:53 . 2010-06-08 07:53 3094016 c:\windows\Installer\6d4121.msi
+ 2010-06-08 07:53 . 2010-06-08 07:53 3073024 c:\windows\Installer\6d411c.msi
+ 2010-06-08 07:52 . 2010-06-08 07:52 3273216 c:\windows\Installer\6d4116.msi
+ 2010-06-08 07:51 . 2010-06-08 07:51 3110912 c:\windows\Installer\6d4110.msi
+ 2010-06-08 07:50 . 2010-06-08 07:50 3178496 c:\windows\Installer\6d410b.msi
+ 2010-06-08 07:49 . 2010-06-08 07:49 3076096 c:\windows\Installer\6d4106.msi
+ 2010-06-08 07:49 . 2010-06-08 07:49 3079680 c:\windows\Installer\6d4101.msi
+ 2010-06-08 07:49 . 2010-06-08 07:49 3228160 c:\windows\Installer\6d40fc.msi
+ 2010-06-08 07:48 . 2010-06-08 07:48 3070976 c:\windows\Installer\6d40f7.msi
+ 2010-06-08 07:46 . 2010-06-08 07:46 3174400 c:\windows\Installer\6d40f2.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-05-18 2515552]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
2010-05-18 07:03 2515552 ----a-w- c:\program files\Brothersoft\tbBro1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-05-18 2515552]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-05-18 2515552]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-02 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-07 21686568]
"Google Update"="c:\documents and settings\peter\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-04-19 136176]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-25 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-25 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-25 136192]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-05 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-06 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-06 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1384.0\mswinext.exe" [2010-02-17 243032]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-25 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera 10.20 Alpha\\opera.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Hry\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ODEON\\JAF\\JCOP.EXE"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Hry\\Split Second\\SplitSecond.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R1 HMFAxCore46691b2fe72383a3b643d95081ef1d95;HMFAxCore46691b2fe72383a3b643d95081ef1d95;c:\windows\system32\drivers\HMFAxCore46691b2fe72383a3b643d95081ef1d95.sys [24.10.2009 15:47 24064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.9.2009 19:37 691696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1.6.2010 19:00 230360]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1.6.2010 19:00 25240]
S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [27.9.2009 1:51 68136]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1.3.2010 16:15 135664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20.4.2010 14:21 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20.4.2010 14:21 8320]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-06-09 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]
2010-09-26 c:\windows\Tasks\AdobeAAMUpdater-1.0-PETER-505BF0206-peter.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-25 16:05]
2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 14:15]
2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 14:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.www.daemon-search.com/default
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\peter\Data aplikací\Mozilla\Firefox\Profiles\pxn5ncqo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF2DF&PC=DCF2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF2DF&PC=DCF2&q=
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - component: c:\program files\MSN Toolbar\Platform\5.0.1384.0\Firefox\components\DomBridge.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1547161642-1614895754-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:79,6d,2e,bb,92,2e,9b,e1,4b,35,72,a4,57,53,31,1f,79,c3,51,c2,02,
a9,a7,56,e7,d3,1e,29,9b,8c,c7,4b,19,96,28,2e,89,eb,aa,09,74,85,42,ea,ce,dd,\
"rkeysecu"=hex:36,f3,d5,91,21,54,86,40,16,b7,dd,00,c7,11,c5,a0
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(244)
c:\windows\system32\guard32.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'lsass.exe'(300)
c:\windows\system32\guard32.dll
- - - - - - - > 'explorer.exe'(1404)
c:\windows\system32\guard32.dll
.
Completion time: 2010-06-10 18:12:02
ComboFix-quarantined-files.txt 2010-06-10 16:12
ComboFix2.txt 2010-06-08 05:40
Pre-Run: Volných bajtů: 50 640 437 248
Post-Run: Volných bajtů: 51 480 211 456
- - End Of File - - 2BED1D8C11C8CFC28FF2C784B2FD7DD4
Kód: Vybrat vše
ComboFix 10-06-07.01 - peter 11.06.2010 8:02.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.2046.1671 [GMT 2:00]
Running from: c:\documents and settings\peter\Dokumenty\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Cheat Engine\dbk32.sys
c:\windows\system32\28463
c:\windows\system32\28463\AKV.exe
c:\windows\system32\28463\JYSY.exe
c:\windows\system32\28463\NRMF.exe
c:\windows\system32\28463\VQNY.exe
c:\windows\system32\Sys
c:\windows\system32\Sys\AKV.exe
c:\windows\system32\Sys\YTSW.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
-------\Service_SSHNAS
((((((((((((((((((((((((( Files Created from 2010-05-11 to 2010-06-11 )))))))))))))))))))))))))))))))
.
2010-09-28 12:33 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-09-28 12:33 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-09-28 12:33 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-09-28 12:33 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-09-25 16:19 . 2010-09-25 16:19 -------- d-----w- c:\program files\Adobe Media Player
2010-09-25 16:17 . 2010-09-25 16:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-23 11:28 . 2010-09-23 11:28 -------- d-----w- c:\documents and settings\peter\.kbotpro
2010-06-10 17:40 . 2010-06-10 17:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-10 17:39 . 2010-06-10 17:39 -------- d-----w- c:\program files\Winferno
2010-06-10 17:39 . 2010-06-10 17:39 -------- d-----w- c:\program files\RS2Botv2
2010-06-10 15:59 . 2010-06-10 17:37 -------- d-----w- C:\ComboFix(2)
2010-06-10 06:34 . 2010-06-10 17:37 -------- d-----w- c:\documents and settings\Administrator\Šablony
2010-06-10 06:34 . 2010-06-10 17:37 -------- d-----w- c:\documents and settings\Administrator\Data aplikací
2010-06-10 06:34 . 2010-06-10 17:37 -------- d-s---w- c:\documents and settings\Administrator
2010-06-08 07:48 . 2010-06-08 07:48 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-06-08 05:43 . 2010-06-08 05:43 -------- d-----w- c:\program files\COMODO
2010-06-07 16:40 . 2010-06-10 17:40 -------- d-----w- c:\program files\trend micro
2010-06-07 16:40 . 2010-06-07 16:40 -------- d-----w- C:\rsit
2010-06-06 18:54 . 2010-06-06 18:54 125440 ----a-w- c:\windows\Kqitaa.exe
2010-05-19 06:14 . 2010-05-19 06:14 -------- d-----w- c:\documents and settings\peter\.thumbnails
2010-05-19 05:37 . 2010-05-20 15:26 -------- d-----w- c:\documents and settings\peter\.gimp-2.6
2010-05-18 06:46 . 2010-05-18 06:46 -------- d-----w- c:\program files\Sun
2010-05-18 06:26 . 2010-05-18 06:30 -------- d-----w- c:\documents and settings\peter\.SunDownloadManager
2010-05-17 14:04 . 1996-01-09 08:38 283648 ----a-w- c:\windows\uninst.exe
2010-05-17 14:04 . 2010-05-17 14:04 -------- d-----w- c:\documents and settings\peter\WINDOWS
2010-05-12 14:52 . 2010-05-12 14:52 -------- d-----w- c:\program files\Common Files\Winferno
2010-05-12 14:51 . 2006-10-09 11:06 495616 ----a-w- c:\windows\system32\WINUTIL5.DLL
2010-05-12 14:51 . 2006-05-17 06:40 393216 ----a-w- c:\windows\system32\WINLCTL5.DLL
2010-05-12 14:44 . 2010-05-12 14:45 -------- d-----w- c:\program files\botclient
2010-05-12 14:36 . 2010-05-18 07:07 -------- d-----w- c:\program files\Java
2010-05-12 12:42 . 2010-05-12 12:42 -------- d-----w- C:\.jagex_cache_32
2010-05-12 12:30 . 2010-05-12 12:30 -------- d-----w- c:\program files\Free Offers from Freeze.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 12:22 . 2009-09-26 23:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-28 07:00 . 2009-10-17 18:08 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-06-11 06:08 . 2009-09-27 17:33 17488 ----a-w- c:\windows\gdrv.sys
2010-06-11 06:06 . 2010-01-26 19:08 -------- d-----w- c:\program files\Cheat Engine
2010-06-09 06:46 . 2010-03-30 14:35 87 ----a-w- c:\documents and settings\peter\jagex_runescape_preferences2.dat
2010-06-09 06:07 . 2010-03-30 14:34 42 ----a-w- c:\documents and settings\peter\jagex_runescape_preferences.dat
2010-06-08 08:02 . 2009-09-27 18:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-18 07:07 . 2010-05-10 12:58 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-18 07:03 . 2010-04-16 11:04 -------- d-----w- c:\program files\Brothersoft
2010-05-12 14:30 . 2010-03-19 06:27 -------- d-----w- c:\program files\Nokia
2010-05-10 14:32 . 2010-04-16 11:07 -------- d-----w- c:\program files\HyperCam 3
2010-04-20 12:28 . 2010-04-20 12:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-04-20 12:28 . 2010-04-20 12:28 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-04-20 12:21 . 2010-03-19 06:31 -------- d-----w- c:\program files\PC Connectivity Solution
2010-04-19 12:11 . 2010-04-19 12:11 -------- d-----w- c:\program files\Quick Screenshot Maker
2010-04-18 19:56 . 2001-10-25 14:00 82750 ----a-w- c:\windows\system32\perfc005.dat
2010-04-18 19:56 . 2001-10-25 14:00 440984 ----a-w- c:\windows\system32\perfh005.dat
2010-04-17 22:51 . 2010-04-17 22:51 -------- d-----w- c:\program files\MSXML 4.0
2010-04-16 11:07 . 2010-04-16 11:07 -------- d-----w- c:\program files\Common Files\Solveig Multimedia
2010-04-16 11:04 . 2010-04-16 11:04 -------- d-----w- c:\program files\Conduit
2010-04-15 04:28 . 2010-04-15 04:28 -------- d-----w- c:\program files\ODEON
2010-04-13 05:38 . 2009-09-26 23:39 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-13 05:38 . 2009-09-26 23:39 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-04-12 12:45 . 2009-10-25 05:00 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-12 11:32 . 2010-04-11 16:03 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-04-11 15:18 . 2009-09-27 17:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-31 06:00 . 2010-03-31 06:00 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-03-30 14:35 . 2010-03-30 14:35 0 ----a-w- c:\documents and settings\peter\jagex__preferences3.dat
2009-08-28 21:42 . 2009-08-28 21:42 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-08-28 21:42 . 2009-08-28 21:42 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-05-18 2515552]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
2010-05-18 07:03 2515552 ----a-w- c:\program files\Brothersoft\tbBro1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-05-18 2515552]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-05-18 2515552]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-02 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-07 21686568]
"Google Update"="c:\documents and settings\peter\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-04-19 136176]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-25 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-25 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-25 136192]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-05 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-06 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-06 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1384.0\mswinext.exe" [2010-02-17 243032]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-25 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera 10.20 Alpha\\opera.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Hry\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ODEON\\JAF\\JCOP.EXE"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Hry\\Split Second\\SplitSecond.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.9.2009 19:37 691696]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 8:21 33800]
R1 HMFAxCore46691b2fe72383a3b643d95081ef1d95;HMFAxCore46691b2fe72383a3b643d95081ef1d95;c:\windows\system32\drivers\HMFAxCore46691b2fe72383a3b643d95081ef1d95.sys [24.10.2009 15:47 24064]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 8:21 468224]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [27.9.2009 1:51 68136]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1.3.2010 16:15 135664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20.4.2010 14:21 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20.4.2010 14:21 8320]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-06-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]
2010-09-26 c:\windows\Tasks\AdobeAAMUpdater-1.0-PETER-505BF0206-peter.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-25 16:05]
2010-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 14:15]
2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 14:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.www.daemon-search.com/default
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\peter\Data aplikací\Mozilla\Firefox\Profiles\pxn5ncqo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF2DF&PC=DCF2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF2DF&PC=DCF2&q=
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - component: c:\program files\MSN Toolbar\Platform\5.0.1384.0\Firefox\components\DomBridge.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\5.0.1384.0\npwinext.dll
FF - plugin: c:\program files\Opera 10.20 Alpha\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10.20 Alpha\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera 10.20 Alpha\program\plugins\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-11 08:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spom.sys >>UNKNOWN [0x8A6CA938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7e74cb8
\Driver\atapi -> atapi.sys @ 0xb7e09b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb7d12bb0
PacketIndicateHandler -> NDIS.sys @ 0xb7d01a0d
SendHandler -> NDIS.sys @ 0xb7d15b40
user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1547161642-1614895754-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:79,6d,2e,bb,92,2e,9b,e1,4b,35,72,a4,57,53,31,1f,79,c3,51,c2,02,
a9,a7,56,e7,d3,1e,29,9b,8c,c7,4b,19,96,28,2e,89,eb,aa,09,74,85,42,ea,ce,dd,\
"rkeysecu"=hex:36,f3,d5,91,21,54,86,40,16,b7,dd,00,c7,11,c5,a0
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3756)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\documents and settings\peter\Local Settings\Data aplikací\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-06-11 08:12:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-11 06:12
ComboFix2.txt 2010-06-08 05:40
Pre-Run: Volných bajtů: 50 189 463 552
Post-Run: Volných bajtů: 50 069 913 600
- - End Of File - - 10564E25EFB30D6BF5BD889BAD0D4E57
Dnes planujem format HDD a nasledne nainstalovanie WINDOWSU
Re: Kontrola logu
Napsal: 11 čer 2010 14:48
poprosim o kontrolu logov 
Re: Kontrola logu
Napsal: 11 čer 2010 18:08
1. Soubory:
2. Udělejte test na rootkit pomocí IceSword: http://www.viry.cz/forum/viewtopic.php?f=29&t=11394 . Dejte logy Process a KernelModule.
otestujte online na www.virustotal.com .c:\windows\Kqitaa.exe
c:\windows\system32\drivers\HMFAxCore46691b2fe72383a3b643d95081ef1d95.sys
2. Udělejte test na rootkit pomocí IceSword: http://www.viry.cz/forum/viewtopic.php?f=29&t=11394 . Dejte logy Process a KernelModule.
Re: Kontrola logu
Napsal: 11 čer 2010 19:57
no tak Kqitaa.exe
a HMFAxCore46691b2fe72383a3b643d95081ef1d95.sys
Kód: Vybrat vše
Antivirus Verze Poslední aktualizace Výsledek
a-squared 5.0.0.26 2010.06.11 Trojan-Downloader.Win32.CodecPack!IK
AhnLab-V3 2010.06.11.00 2010.06.11 Win-Trojan/Agent.125440.CI
AntiVir 8.2.2.6 2010.06.11 TR/Dldr.CodecPa.lzn
Antiy-AVL 2.0.3.7 2010.06.11 Trojan/Win32.CodecPack.gen
Authentium 5.2.0.5 2010.06.11 W32/FakeAlert.GX2.gen!Eldorado
Avast 4.8.1351.0 2010.06.11 Win32:Renos-PN
Avast5 5.0.332.0 2010.06.11 Win32:Renos-PN
AVG 9.0.0.787 2010.06.11 Crypt.WSF
BitDefender 7.2 2010.06.11 -
CAT-QuickHeal 10.00 2010.06.11 TrojanDownloader.CodecPack.lz
ClamAV 0.96.0.3-git 2010.06.11 -
Comodo 5059 2010.06.11 -
DrWeb 5.0.2.03300 2010.06.11 Trojan.DownLoad2.1754
eSafe 7.0.17.0 2010.06.10 -
eTrust-Vet 36.1.7629 2010.06.11 Win32/Renos.C!generic
F-Prot 4.6.0.103 2010.06.11 W32/FakeAlert.GX2.gen!Eldorado
F-Secure 9.0.15370.0 2010.06.11 Suspicious:W32/Malware!Gemini
Fortinet 4.1.133.0 2010.06.11 -
GData 21 2010.06.11 Win32:Renos-PN
Ikarus T3.1.1.84.0 2010.06.11 Trojan-Downloader.Win32.CodecPack
Jiangmin 13.0.900 2010.06.11 TrojanDownloader.CodecPack.cp
Kaspersky 7.0.0.125 2010.06.11 Trojan-Downloader.Win32.CodecPack.lzn
McAfee 5.400.0.1158 2010.06.11 Downloader-CEW.e
McAfee-GW-Edition 2010.1 2010.06.11 Heuristic.BehavesLike.Win32.Obfuscated.B
Microsoft 1.5802 2010.06.11 TrojanDownloader:Win32/Renos.LX
NOD32 5191 2010.06.11 a variant of Win32/Kryptik.EUL
Norman 6.04.12 2010.06.11 -
nProtect 2010-06-11.01 2010.06.11 -
Panda 10.0.2.7 2010.06.11 Suspicious file
PCTools 7.0.3.5 2010.06.11 Downloader.Generic
Prevx 3.0 2010.06.11 High Risk Cloaked Malware
Rising 22.51.04.04 2010.06.11 -
Sophos 4.54.0 2010.06.11 Mal/TDSSPack-Q
Sunbelt 6435 2010.06.11 -
Symantec 20101.1.0.89 2010.06.11 Downloader
TheHacker 6.5.2.0.297 2010.06.11 -
TrendMicro 9.120.0.1004 2010.06.11 TROJ_RENOS.SMAA
TrendMicro-HouseCall 9.120.0.1004 2010.06.11 TROJ_RENOS.SMAA
VBA32 3.12.12.5 2010.06.11 Trojan-Downloader.Win32.CodecPack.lzn
ViRobot 2010.6.11.3881 2010.06.11 -
VirusBuster 5.0.27.0 2010.06.11 Trojan.Renos.Gen!Pac.22Kód: Vybrat vše
Soubor již byl testován:
MD5: e83af7a288831fab229b3851f4ea1f1d
Poprvé zaslán: 2009.05.19 12:39:40 UTC
Datum: 2010.03.24 19:25:51 UTC [>78D]
Výsledky: 0/42
Stálý odkaz: analisis/19754f4da00ddd7a582dfe07db0614289fe45522b8c1c0321c9ba36555068c47-1269458751Re: Kontrola logu
Napsal: 11 čer 2010 20:02
Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFSCript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
c:\windows\Kqitaa.exe
Re: Kontrola logu
Napsal: 11 čer 2010 20:07
tu su logy toho IceSwordu
Dal som ten script na combo fix restartlo mi PC a zase skenoval PC. Malo to tak byt??
Inakten Kqitaa.exe mi uz nasiel Nod a dal hodo karanteny a vymazal som ho
Kód: Vybrat vše
Process:
System Idle Process
System
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Documents and Settings\peter\Local Settings\Data aplikacˇ\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\smss.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Documents and Settings\peter\Local Settings\Data aplikacˇ\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\csrss.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\peter\Local Settings\Data aplikacˇ\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Documents and Settings\peter\Local Settings\Data aplikacˇ\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Gigabyte\EasySaver\essvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TUProgSt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\TuneUpDefragService.exe
C:\Documents and Settings\peter\Local Settings\Data aplikacˇ\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\peter\Local Settings\Data aplikacˇ\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\peter\Local Settings\Data aplikacˇ\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\peter\Local Settings\Data aplikacˇ\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
C:\Documents and Settings\peter\Local Settings\Data aplikacˇ\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\peter\Local Settings\Data aplikacˇ\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\alg.exe
C:\Documents and Settings\peter\Local Settings\Data aplikacˇ\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1384.0\mswinext.exe
C:\DOCUME~1\peter\LOCALS~1\temp\Rar$EX00.297\IceSword122en\IceSword.exe
Kód: Vybrat vše
Kernel Module:
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
spfs.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SCSIPORT.SYS
ACPI.sys
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rtnicxp.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\a026le3o.SYS
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\vsb.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\HMFAxCore46691b2fe72383a3b643d95081ef1d95.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\epfwtdir.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\System32\Drivers\PQNTDrv.SYS
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\easdrv.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\eamon.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\gdrv.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll
\Program Files\DAEMON Tools Lite\Engine.dll
C:\WINDOWS\System32\Drivers\sptd.sys
Inakten Kqitaa.exe mi uz nasiel Nod a dal hodo karanteny a vymazal som ho
Re: Kontrola logu
Napsal: 11 čer 2010 21:07
OK. Rootkit v systému není. Ještě poprosím o poslední log z CF.
Re: Kontrola logu
Napsal: 12 čer 2010 13:38
tu je log z CF
Kód: Vybrat vše
ComboFix 10-06-07.01 - peter 12.06.2010 14:26:20.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.2046.1579 [GMT 2:00]
Running from: c:\documents and settings\peter\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2010-05-12 to 2010-06-12 )))))))))))))))))))))))))))))))
.
2010-09-28 12:33 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-09-28 12:33 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-09-28 12:33 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-09-28 12:33 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-09-25 16:19 . 2010-09-25 16:19 -------- d-----w- c:\program files\Adobe Media Player
2010-09-25 16:17 . 2010-09-25 16:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-23 11:28 . 2010-09-23 11:28 -------- d-----w- c:\documents and settings\peter\.kbotpro
2010-06-10 17:40 . 2010-06-10 17:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-10 17:39 . 2010-06-10 17:39 -------- d-----w- c:\program files\Winferno
2010-06-10 17:39 . 2010-06-10 17:39 -------- d-----w- c:\program files\RS2Botv2
2010-06-10 15:59 . 2010-06-10 17:37 -------- d-----w- C:\ComboFix(2)
2010-06-10 06:34 . 2010-06-10 17:37 -------- d-----w- c:\documents and settings\Administrator\Šablony
2010-06-10 06:34 . 2010-06-10 17:37 -------- d-----w- c:\documents and settings\Administrator\Data aplikací
2010-06-10 06:34 . 2010-06-10 17:37 -------- d-s---w- c:\documents and settings\Administrator
2010-06-08 07:48 . 2010-06-08 07:48 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-06-08 05:43 . 2010-06-08 05:43 -------- d-----w- c:\program files\COMODO
2010-06-07 16:40 . 2010-06-10 17:40 -------- d-----w- c:\program files\trend micro
2010-06-07 16:40 . 2010-06-07 16:40 -------- d-----w- C:\rsit
2010-05-19 06:14 . 2010-05-19 06:14 -------- d-----w- c:\documents and settings\peter\.thumbnails
2010-05-19 05:37 . 2010-05-20 15:26 -------- d-----w- c:\documents and settings\peter\.gimp-2.6
2010-05-18 06:46 . 2010-05-18 06:46 -------- d-----w- c:\program files\Sun
2010-05-18 06:26 . 2010-05-18 06:30 -------- d-----w- c:\documents and settings\peter\.SunDownloadManager
2010-05-17 14:04 . 1996-01-09 08:38 283648 ----a-w- c:\windows\uninst.exe
2010-05-17 14:04 . 2010-05-17 14:04 -------- d-----w- c:\documents and settings\peter\WINDOWS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 12:22 . 2009-09-26 23:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-28 07:00 . 2009-10-17 18:08 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-06-12 12:25 . 2009-09-27 17:33 17488 ----a-w- c:\windows\gdrv.sys
2010-06-11 17:38 . 2001-10-25 14:00 82750 ----a-w- c:\windows\system32\perfc005.dat
2010-06-11 17:38 . 2001-10-25 14:00 440984 ----a-w- c:\windows\system32\perfh005.dat
2010-06-11 06:06 . 2010-01-26 19:08 -------- d-----w- c:\program files\Cheat Engine
2010-06-09 06:46 . 2010-03-30 14:35 87 ----a-w- c:\documents and settings\peter\jagex_runescape_preferences2.dat
2010-06-09 06:07 . 2010-03-30 14:34 42 ----a-w- c:\documents and settings\peter\jagex_runescape_preferences.dat
2010-06-08 08:02 . 2009-09-27 18:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-18 07:07 . 2010-05-10 12:58 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-18 07:07 . 2010-05-12 14:36 -------- d-----w- c:\program files\Java
2010-05-18 07:03 . 2010-04-16 11:04 -------- d-----w- c:\program files\Brothersoft
2010-05-12 14:52 . 2010-05-12 14:52 -------- d-----w- c:\program files\Common Files\Winferno
2010-05-12 14:45 . 2010-05-12 14:44 -------- d-----w- c:\program files\botclient
2010-05-12 14:30 . 2010-03-19 06:27 -------- d-----w- c:\program files\Nokia
2010-05-12 12:30 . 2010-05-12 12:30 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-05-10 14:32 . 2010-04-16 11:07 -------- d-----w- c:\program files\HyperCam 3
2010-05-02 08:09 . 2004-08-17 13:44 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 12:28 . 2010-04-20 12:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-04-20 12:28 . 2010-04-20 12:28 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-04-20 12:21 . 2010-03-19 06:31 -------- d-----w- c:\program files\PC Connectivity Solution
2010-04-20 05:32 . 2004-08-17 13:48 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 12:11 . 2010-04-19 12:11 -------- d-----w- c:\program files\Quick Screenshot Maker
2010-04-17 22:51 . 2010-04-17 22:51 -------- d-----w- c:\program files\MSXML 4.0
2010-04-16 16:08 . 2004-08-17 13:49 668160 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:08 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-16 11:07 . 2010-04-16 11:07 -------- d-----w- c:\program files\Common Files\Solveig Multimedia
2010-04-16 11:04 . 2010-04-16 11:04 -------- d-----w- c:\program files\Conduit
2010-04-15 04:28 . 2010-04-15 04:28 -------- d-----w- c:\program files\ODEON
2010-04-13 05:38 . 2009-09-26 23:39 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-13 05:38 . 2009-09-26 23:39 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-04-12 12:45 . 2009-10-25 05:00 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-12 11:32 . 2010-04-11 16:03 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-04-11 15:18 . 2009-09-27 17:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-31 06:00 . 2010-03-31 06:00 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-03-30 14:35 . 2010-03-30 14:35 0 ----a-w- c:\documents and settings\peter\jagex__preferences3.dat
2009-08-28 21:42 . 2009-08-28 21:42 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-08-28 21:42 . 2009-08-28 21:42 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-06-11_19.18.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-12 12:25 . 2010-06-12 12:25 16384 c:\windows\temp\Perflib_Perfdata_e8.dat
+ 2010-06-12 12:25 . 2010-06-12 12:25 16384 c:\windows\temp\Perflib_Perfdata_104.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-05-18 2515552]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
2010-05-18 07:03 2515552 ----a-w- c:\program files\Brothersoft\tbBro1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-05-18 2515552]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-05-18 2515552]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-02 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-07 21686568]
"Google Update"="c:\documents and settings\peter\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-04-19 136176]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-25 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-25 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-25 136192]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-05 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-06 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-06 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1384.0\mswinext.exe" [2010-02-17 243032]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-25 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera 10.20 Alpha\\opera.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Hry\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ODEON\\JAF\\JCOP.EXE"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Hry\\Split Second\\SplitSecond.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 8:21 33800]
R1 HMFAxCore46691b2fe72383a3b643d95081ef1d95;HMFAxCore46691b2fe72383a3b643d95081ef1d95;c:\windows\system32\drivers\HMFAxCore46691b2fe72383a3b643d95081ef1d95.sys [24.10.2009 15:47 24064]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 8:21 468224]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [27.9.2009 1:51 68136]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.9.2009 19:37 691696]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1.3.2010 16:15 135664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20.4.2010 14:21 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20.4.2010 14:21 8320]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-06-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]
2010-09-26 c:\windows\Tasks\AdobeAAMUpdater-1.0-PETER-505BF0206-peter.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-25 16:05]
2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 14:15]
2010-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 14:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.www.daemon-search.com/default
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\peter\Data aplikací\Mozilla\Firefox\Profiles\pxn5ncqo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF2DF&PC=DCF2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF2DF&PC=DCF2&q=
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - component: c:\program files\MSN Toolbar\Platform\5.0.1384.0\Firefox\components\DomBridge.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\5.0.1384.0\npwinext.dll
FF - plugin: c:\program files\Opera 10.20 Alpha\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10.20 Alpha\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera 10.20 Alpha\program\plugins\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-12 14:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1547161642-1614895754-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:79,6d,2e,bb,92,2e,9b,e1,4b,35,72,a4,57,53,31,1f,79,c3,51,c2,02,
a9,a7,56,e7,d3,1e,29,9b,8c,c7,4b,19,96,28,2e,89,eb,aa,09,74,85,42,ea,ce,dd,\
"rkeysecu"=hex:36,f3,d5,91,21,54,86,40,16,b7,dd,00,c7,11,c5,a0
.
Completion time: 2010-06-12 14:33:52
ComboFix-quarantined-files.txt 2010-06-12 12:33
ComboFix2.txt 2010-06-11 19:20
ComboFix3.txt 2010-06-11 06:12
ComboFix4.txt 2010-06-08 05:40
Pre-Run: Volných bajtů: 49 230 131 200
Post-Run: Volných bajtů: 49 194 602 496
- - End Of File - - 1F390B958EF0939F3AB12A0E6160A057
Re: Kontrola logu
Napsal: 12 čer 2010 17:31
Log již vypadá čistý. Nastala nějaká zmjěna?