VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

r.o.s.t.a.c.k.a - kontrola logu.

https://forum.viry.cz:443/viewtopic.php?t=32968

Stránka 5 z 12

Napsal: 01 srp 2007 12:16
od JaRon
zalezi od BD http://www.bitdefender.com/site/view/co ... k=SiteHome
ak Tvoj nema FW - mozes pouzit Kerio

Napsal: 07 srp 2007 16:20
od r.o.s.t.a.c.k.a
JaRon píše:zalezi od BD http://www.bitdefender.com/site/view/co ... k=SiteHome
ak Tvoj nema FW - mozes pouzit Kerio
Tak jsem se divala a ma ho :)

Napsal: 09 srp 2007 16:53
od r.o.s.t.a.c.k.a
Zase mi to blbne - skoro se nedostanu na net, proto prosim o kontrolu... Zda se mi tam divnej jeden programek - bonjour - vubec nevim, kde se tu vzal, kazdopadne se po spusteni PC dozadoval pripojeni na net (coz jsem zakazala pres bit defendera)

Logfile of HijackThis v1.99.1
Scan saved at 17:50:18, on 9.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\Junior\Plocha\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 1815401495
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1815325906
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Napsal: 10 srp 2007 17:05
od r.o.s.t.a.c.k.a
Prosim vas je v tom logu neco spatneho? Dnes to blblo jeste vic, mam pocit, ze jsem nejakyho vira chytla :(

Napsal: 10 srp 2007 17:56
od Rudy
Log vypadá čistý. Bonjour je, pokud vím, korektní. Kontaktovala jste providera?

Napsal: 11 srp 2007 06:36
od r.o.s.t.a.c.k.a
Rudy píše:Log vypadá čistý. Bonjour je, pokud vím, korektní. Kontaktovala jste providera?
Vcera, kdyz nesel vubec... Restartovali mi modem a net jde (ale chvilema je to silene pomale - ale to neni poskytovatelem, to takhle blbne posledni dobou porad).. Ale PC je celkove zpomaleny, to neni tim... Nemuze mi ho treba zpomalovat bitdefender? Nemam se vratit ke kasperskemu radeji?

Napsal: 11 srp 2007 17:58
od Rudy
Každý rezidentní program víceméně PC zpomaluje. Vyzkoušejte jiný antivir.

Napsal: 12 srp 2007 06:37
od r.o.s.t.a.c.k.a
Rudy píše:Každý rezidentní program víceméně PC zpomaluje. Vyzkoušejte jiný antivir.
Muzete mi prosim nejaky dobry doporucit? Urcite nechci Avast a podobne. Mivala jsem Kasperskeho, mam se k nemu vratit? A jaky antispyware a firewall je k tomu nejidealnejsi? Dekuji za pomoc...

Napsal: 12 srp 2007 13:16
od Rudy
Kaspersky zkusit můžete, pokud jste s ním měla dobré zkušenosti. Patří mezi špičku. Z free AV ještě Avira, která má velmi malé nároky na systémové prostředky a solidní detekční schopnost.

Napsal: 13 srp 2007 14:08
od r.o.s.t.a.c.k.a
Rudy píše:Kaspersky zkusit můžete, pokud jste s ním měla dobré zkušenosti. Patří mezi špičku. Z free AV ještě Avira, která má velmi malé nároky na systémové prostředky a solidní detekční schopnost.
Rozhodla jsem se, ze si zatim jeste chvilku necham bitdefendera... Az bude trocha casu, zalohoju si veci a reinstaluju system + formatovani disku.. Pak si tam dam kasperskeho.. Muzu jeste poprosit o radu? Jaky firewall a antispyware je ke kasperskemu nejvhodnejsi a nepusobi problemy, jako napr. zpomalovani PC? Nejlepe v cestine, ale neni podminkou.. Dekuju

Napsal: 13 srp 2007 20:32
od Rudy
Myslím, že jako firewall Comodo (má relativně malé nároky na syst. prostředky) a jako antispy SuperAntispyware. Není zač!

Napsal: 18 dub 2008 18:57
od r.o.s.t.a.c.k.a
Prosím o kontrolu logu, mám nějaký vir - nebo spíš několik virů.. Nevím, s čím se mi dostaly do PC, nějaký "malware"...
Jedna drobnost, nevím, jestli to může být virem způsobeno, ale je to divné - cca před týdnem jsme s přítelem postřehli, že se nám kompletně změnilo písmo (maličko odlišný typ a drobnější).. Projevilo se to na ploše u popisků ikonek, v total commanderovi, na internetu, zkrátka všude máme jiné písmo.. Ale žádné nastavení jsme neměnili.. Projížděla jsem včera i dnes PC antivirem, sice to něco našlo, ale nejde to smazat, pouze hodit do karantény a když jsem se tam dívala, jsou tam jen 2 soubory, i když jsem jich do karantény dala více..

Logfile of HijackThis v1.99.1
Scan saved at 19:53:43, on 18.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Programs\DAEMON Tools\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Programs\Adobe Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\QIP\qip.exe
c:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Secure] C:\WINDOWS\WindowsUpdates.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programs\Adobe Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [16 move] C:\DOCUME~1\Nanina\DATAAP~1\ROADBE~1\Fork eq sixth.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programs\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Napsal: 18 dub 2008 19:01
od Rudy
Fixněte v HijackThis:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
O4 - HKLM\..\Run: [Secure] C:\WINDOWS\WindowsUpdates.exe
O4 - HKCU\..\Run: [16 move] C:\DOCUME~1\Nanina\DATAAP~1\ROADBE~1\Fork eq sixth.exe

Restartujte PC a dejte log z ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe . Chybí firewall.

Napsal: 18 dub 2008 19:15
od r.o.s.t.a.c.k.a
Hotovo... Můžete mi poradit nějaký opravdu kvalitní (nejlépe free) firewall? Pokud možno v češtině, aby bylo snadné ho nastavit... Hodilo by se mi něco, co kontroluje PC neustále...Děkuji.. :)

ComboFix 08-04-17.1 - Nanina 2008-04-18 20:09:50.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.675 [GMT 2:00]
Running from: c:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Nanina\Data aplikací\inst.exe
C:\WINDOWS\assys.dll
C:\WINDOWS\ffnsys.dll
C:\WINDOWS\gstcore.dll
C:\WINDOWS\mfnsys.dll
C:\WINDOWS\rsczsys.dll
C:\WINDOWS\snsys.dll
C:\WINDOWS\system32\micr0st.dll
C:\WINDOWS\uawin.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))
.

2008-04-18 20:06 . 2008-04-18 20:06 <DIR> d-------- C:\backups
2008-04-18 20:04 . 2008-04-18 20:04 1,770,815 --a------ C:\ComboFix.exe
2008-04-18 19:53 . 2005-02-16 11:06 218,112 --a------ C:\HijackThis.exe
2008-04-18 13:09 . 2008-04-18 13:09 <DIR> d-------- C:\Program Files\QIP
2008-04-16 17:37 . 2008-04-16 17:45 <DIR> d-------- C:\Downloads
2008-04-15 15:06 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-15 15:06 . 2008-01-10 13:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-15 04:20 . 2008-04-15 04:20 8 --a------ C:\Documents and Settings\Nanina\Data aplikací\NMM-MetaData.db
2008-04-15 04:20 . 2008-04-15 04:20 8 --a------ C:\Documents and Settings\Nanina\Data aplikací\NMM-MetaData.db
2008-04-15 04:20 . 2008-04-15 04:20 8 --a------ C:\Documents and Settings\Nanina\Data aplikací\NMM-MetaData.db
2008-04-13 10:07 . 2008-04-13 10:23 <DIR> d-------- C:\Program Files\ModTheSims2.com
2008-04-13 06:51 . 2008-04-13 06:51 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-04-13 06:51 . 2008-04-13 06:51 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-04-13 06:51 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-04-07 21:17 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-04-07 21:17 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-04-07 21:17 . 2008-04-07 21:17 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-07 21:17 . 2008-04-07 21:17 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-07 21:15 . 2008-04-07 21:15 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-07 21:15 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-07 21:15 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-07 21:15 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-04-07 21:15 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-04-07 21:15 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-04-07 21:15 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-03-29 22:25 . 2008-04-10 13:33 <DIR> d-------- C:\Documents and Settings\BORDEL KUA
2008-03-25 12:21 . 2008-03-25 12:21 <DIR> d-------- C:\Program Files\Rockstar Games
2008-03-25 12:20 . 2008-04-07 08:17 <DIR> d-------- C:\== Image ===
2008-03-21 14:10 . 2008-03-21 14:33 <DIR> d-------- C:\Documents and Settings\Eden

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 15:52 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\uTorrent
2008-04-16 15:52 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\uTorrent
2008-04-16 15:52 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\uTorrent
2008-04-15 16:50 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\Vso
2008-04-15 16:50 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\Vso
2008-04-15 16:50 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\Vso
2008-04-15 13:06 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-13 04:51 --------- d-----w C:\Program Files\Common Files\Nokia
2008-04-13 04:50 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Installations
2008-04-07 19:15 --------- d-----w C:\Program Files\Nokia
2008-03-26 09:01 --------- d-----w C:\Program Files\totalcmd
2008-03-25 10:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 17:14 --------- d-----w C:\Program Files\DVD Flick
2008-03-17 17:14 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\DVD Flick
2008-03-17 17:14 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\DVD Flick
2008-03-17 17:14 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\DVD Flick
2008-03-15 06:23 --------- d-----w C:\Program Files\AllToAVI
2008-03-14 18:12 --------- d-----w C:\Program Files\SMPlayer
2008-03-14 06:52 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\IObit
2008-03-14 06:52 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\IObit
2008-03-14 06:52 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\IObit
2008-03-14 06:51 --------- d-----w C:\Program Files\IObit
2008-03-08 08:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-05 18:44 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\Nokia
2008-03-05 18:44 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\Nokia
2008-03-05 18:44 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\Nokia
2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-02 21:28 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\Talkback
2008-03-02 21:28 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\Talkback
2008-03-02 21:28 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\Talkback
2008-03-02 21:27 99,970 ----a-w C:\WINDOWS\UninstallFirefox.exe
2008-03-02 12:58 69,632 ----a-w C:\WINDOWS\AutoUpdateWin31.dll
2008-03-02 12:58 32,768 ----a-w C:\WINDOWS\AutoUpdateWin33.exe
2008-02-29 20:17 --------- d-----w C:\Program Files\MagicISO
2008-02-28 20:22 --------- d-----w C:\Documents and Settings\LocalService\Data aplikací\Ahead
2008-02-28 09:44 --------- d-----w C:\Program Files\SlySoft
2008-02-23 13:03 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\PC Suite
2008-02-23 13:03 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\PC Suite
2008-02-23 13:03 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\PC Suite
2008-02-20 06:14 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-02-01 13:17 90,624 ----a-w C:\WINDOWS\system32\nmwcdcls.dll
2007-12-22 08:39 81,920 ----a-w C:\Documents and Settings\Nanina\Data aplikací\ezpinst.exe
2007-12-22 08:39 81,920 ----a-w C:\Documents and Settings\Nanina\Data aplikací\ezpinst.exe
2007-12-22 08:39 81,920 ----a-w C:\Documents and Settings\Nanina\Data aplikací\ezpinst.exe
2007-12-22 08:39 47,360 ----a-w C:\Documents and Settings\Nanina\Data aplikací\pcouffin.sys
2007-12-22 08:39 47,360 ----a-w C:\Documents and Settings\Nanina\Data aplikací\pcouffin.sys
2007-12-22 08:39 47,360 ----a-w C:\Documents and Settings\Nanina\Data aplikací\pcouffin.sys
2007-09-13 20:47 66,936 --sha-w C:\WINDOWS\hrinfo_0.drv
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 11:12 139264]
"DAEMON Tools Lite"="C:\Programs\DAEMON Tools\daemon.exe" [2007-12-29 14:05 486856]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-10-16 12:24 47104 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-17 13:07 262401]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 08:33 45056]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 15:49 110592 C:\WINDOWS\system32\bthprops.cpl]
"Adobe Reader Speed Launcher"="C:\Programs\Adobe Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programs\\QIP\\qip.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-04-17 13:07]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-04-17 13:07]
R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler;"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe" [2008-04-17 13:07]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-18 18:00:00 C:\WINDOWS\Tasks\B1F60F8290A1801E.job"
- c:\docume~1\nanina\dataap~1\roadbe~1\blah software wave.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 20:11:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


folder error: C:\DOCUME~1\Nanina\LOCALS~1\Temp\

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-18 20:13:54
ComboFix-quarantined-files.txt 2008-04-18 18:13:37

Adresářů: 13, Volných bajtů: 27,114,795,008
Adresářů: 18, Volných bajtů: 27,161,812,992

Napsal: 18 dub 2008 21:18
od r.o.s.t.a.c.k.a
Je tedy už PC čistý, nebo mám smazat ještě něco?
Všechny časy jsou v UTC+01:00
Stránka 5 z 12

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz