Prosím o kontrolu logu
Napsal: 28 led 2011 16:50
Pri spustení systému mi na ploche nabehne okienko s hláškou "raid_tool.exe - Vstupní bod nebyl nalezen". Chcel by som Vás poprosiť o radu ako sa zbaviť tejto hlášky, prípadne ako vyriešiť problém, pre ktorý sa táto informácia na ploche objavuje.
Po preskenovaní combofix - om som dostal nasledovný log súbor:
ComboFix 11-01-27.05 - Majo 28.01.2011 16:33:59.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1463 [GMT 1:00]
Spuštěný z: c:\documents and settings\Majo\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-28 do 2011-01-28 )))))))))))))))))))))))))))))))
.
2011-01-17 16:02 . 2011-01-17 16:02 -------- d-----w- c:\program files\Pure Networks
2011-01-17 16:02 . 2011-01-17 16:02 -------- d-----w- c:\program files\WebEx
2011-01-17 16:01 . 2011-01-17 16:01 8892928 ----a-w- c:\documents and settings\All Users\Data aplikací\atscie.msi
2011-01-17 16:01 . 2009-07-07 13:48 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys
2011-01-17 16:01 . 2009-07-07 13:48 26672 ----a-w- c:\windows\system32\drivers\purendis.sys
2011-01-17 16:01 . 2011-01-17 16:01 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2011-01-17 16:01 . 2011-01-24 13:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Pure Networks
2011-01-17 16:00 . 2011-01-17 16:00 -------- d-----w- c:\program files\Linksys
2011-01-13 14:51 . 2011-01-13 14:56 -------- d-----w- c:\windows\system32\Adobe
2011-01-12 15:25 . 2011-01-12 15:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2011-01-12 13:06 . 2004-01-23 23:22 57344 ----a-w- c:\windows\drvinterface.dll
2011-01-12 13:06 . 2004-01-23 23:22 57344 ----a-w- c:\windows\system32\drvinterface.dll
2011-01-08 07:10 . 2011-01-08 07:10 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-01-08 07:10 . 2011-01-08 07:10 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-01-07 12:42 . 2011-01-07 12:42 -------- d-----w- c:\program files\Microsoft Works
2011-01-07 12:35 . 2011-01-07 12:35 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-01-07 12:34 . 2011-01-07 12:41 -------- d-----w- c:\windows\SHELLNEW
2011-01-07 12:33 . 2011-01-07 12:33 -------- d-----r- C:\MSOCache
2011-01-07 11:40 . 2011-01-07 14:34 -------- d-----w- c:\documents and settings\Majo\Data aplikací\vlc
2011-01-07 11:35 . 2011-01-07 11:35 -------- d-----w- c:\program files\VideoLAN
2011-01-06 21:16 . 2011-01-06 21:17 -------- d-----w- c:\documents and settings\Majo\Local Settings\Data aplikací\Risen
2011-01-06 21:14 . 2011-01-06 21:14 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-01-06 21:14 . 2011-01-06 21:14 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-01-06 21:05 . 2011-01-06 21:05 -------- d-----w- C:\ProgramData
2011-01-06 21:05 . 2011-01-06 21:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Electronic Arts
2011-01-06 21:01 . 2011-01-06 21:01 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2011-01-06 21:01 . 2011-01-06 21:01 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-01-06 21:01 . 2011-01-06 21:01 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-01-06 21:01 . 2011-01-06 21:06 -------- d-----w- c:\documents and settings\Majo\Data aplikací\DAEMON Tools Lite
2011-01-06 21:01 . 2011-01-06 21:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2011-01-05 22:54 . 2011-01-05 22:54 -------- d-----w- c:\documents and settings\Majo\Local Settings\Data aplikací\Criterion Games
2011-01-05 22:52 . 2011-01-05 22:52 -------- d-----w- c:\program files\Electronic Arts
2011-01-05 22:52 . 2011-01-05 22:52 1196 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-01-05 22:52 . 2011-01-05 22:52 -------- d-----w- c:\documents and settings\Majo\Local Settings\Data aplikací\Downloaded Installations
2011-01-05 19:50 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-05 19:49 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-05 15:27 . 2011-01-05 15:27 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\ATI
2011-01-05 15:26 . 2011-01-05 15:26 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\TuneUp Software
2011-01-05 15:26 . 2011-01-05 15:26 -------- d--h--w- c:\documents and settings\Acronis Agent User\Okolní tiskárny
2011-01-05 15:26 . 2011-01-05 15:26 -------- d-----w- c:\documents and settings\Acronis Agent User\Plocha
2011-01-05 15:26 . 2011-01-05 15:26 -------- d-----r- c:\documents and settings\Acronis Agent User\Nabídka Start
2011-01-05 14:52 . 2011-01-05 14:52 -------- d-sh--w- c:\documents and settings\Majo\IECompatCache
2011-01-05 14:51 . 2011-01-05 14:51 -------- d-sh--w- c:\documents and settings\Majo\PrivacIE
2011-01-04 21:08 . 2011-01-04 21:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Test Drive Unlimited
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-19 19:30 . 2008-02-22 20:22 588704 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-11-19 19:25 . 2008-02-22 20:22 162432 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-11-19 18:34 . 2010-05-06 15:06 737280 ----a-w- c:\windows\iun6002.exe
2010-11-18 18:15 . 2008-02-22 19:45 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2002-09-20 18:04 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:23 . 2002-09-20 18:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2002-09-20 18:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:23 . 2002-09-20 18:04 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-03 12:25 . 2010-05-06 17:15 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-10-25 14:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PtiuPbmd"="ptipbm.dll" [2003-01-15 24576]
"TWCU"="c:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" [2009-08-14 569427]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-11-29 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"BackupAndRecoveryMonitor.exe"="c:\program files\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe" [2009-11-28 1520152]
"AcronisTimounterMonitor"="c:\program files\Common Files\Acronis\Timounter\TimounterMonitor.exe" [2009-11-28 957048]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-28 382384]
"TrayMonitor.exe"="c:\program files\Acronis\TrayMonitor\TrayMonitor.exe" [2009-11-28 842248]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2004-10-11 589824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2011-01-24 472112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" silent loginmode=4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"LiveMonitor"=c:\program files\MSI\Live Update 3\LMonitor.exe
"VIARaidUtl"=c:\program files\VIA\RAID\raid_tool.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"e:\\Games\\Burnout Paradise\\BurnoutLauncher.exe"=
"e:\\Games\\Burnout Paradise\\BurnoutConfigTool.exe"=
"e:\\Games\\Burnout Paradise\\BurnoutParadise.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Games\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.1.2011 22:01 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 8:03 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 8:04 735960]
R2 MMS;Acronis Managed Machine Service;c:\program files\Acronis\BackupAndRecovery\mms.exe [28.11.2009 3:49 4285680]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [6.5.2010 13:10 1668352]
S2 AcronisAgent;Acronis Remote Agent;c:\program files\Common Files\Acronis\Agent\agent.exe [28.11.2009 3:55 1865560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;"e:\program files\TuneUp 2010\TuneUpUtilitiesService32.exe" --> e:\program files\TuneUp 2010\TuneUpUtilitiesService32.exe [?]
S2 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [12.5.2010 21:02 52888]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\e:\program files\TuneUp 2010\TuneUpUtilitiesDriver32.sys --> e:\program files\TuneUp 2010\TuneUpUtilitiesDriver32.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - {DB7FBFE3-82CB-49E0-9C41-39C2A80B4966} - c:\progra~1\EUROTR~1\e2003i.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Majo\Data aplikací\Mozilla\Firefox\Profiles\1ga6g9y2.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.ssl - true
FF - user.js: network.http.pipelining.maxrequests - 8
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-TuneUp Utilities - e:\program files\TuneUp 2010\TUInstallHelper.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-28 16:38
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Data aplikací\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:0000041b
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{A32D29EB-F9F5-4F35-87F5-B638F818B0B0}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.474.0"
"UniqueId"="000271FA4BE6C76C"
"ScannerBuild"=dword:00001bc7
"ScannerVersionId"=dword:000013f6
"ScannerVersion"="Open window for status."
"FixId"=dword:00000007
"ei2"=hex(b):6c,29,15,25,e4,33,95,48
"ei1"=hex(b):00,11,09,95,71,9c,00,00
"ei3"=hex(b):d6,b5,be,4c,00,00,00,00
"ei4"=dword:00000001
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1844)
c:\windows\system32\athgina.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(2020)
c:\windows\System32\athgina.dll
- - - - - - - > 'explorer.exe'(2960)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-01-28 16:40:01
ComboFix-quarantined-files.txt 2011-01-28 15:39
Před spuštěním: Volných bajtů: 19 154 018 304
Po spuštění: Volných bajtů: 22 545 256 448
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 3565EAC22D29969C9C391C1BD5B26C94
Po preskenovaní combofix - om som dostal nasledovný log súbor:
ComboFix 11-01-27.05 - Majo 28.01.2011 16:33:59.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1463 [GMT 1:00]
Spuštěný z: c:\documents and settings\Majo\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-28 do 2011-01-28 )))))))))))))))))))))))))))))))
.
2011-01-17 16:02 . 2011-01-17 16:02 -------- d-----w- c:\program files\Pure Networks
2011-01-17 16:02 . 2011-01-17 16:02 -------- d-----w- c:\program files\WebEx
2011-01-17 16:01 . 2011-01-17 16:01 8892928 ----a-w- c:\documents and settings\All Users\Data aplikací\atscie.msi
2011-01-17 16:01 . 2009-07-07 13:48 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys
2011-01-17 16:01 . 2009-07-07 13:48 26672 ----a-w- c:\windows\system32\drivers\purendis.sys
2011-01-17 16:01 . 2011-01-17 16:01 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2011-01-17 16:01 . 2011-01-24 13:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Pure Networks
2011-01-17 16:00 . 2011-01-17 16:00 -------- d-----w- c:\program files\Linksys
2011-01-13 14:51 . 2011-01-13 14:56 -------- d-----w- c:\windows\system32\Adobe
2011-01-12 15:25 . 2011-01-12 15:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2011-01-12 13:06 . 2004-01-23 23:22 57344 ----a-w- c:\windows\drvinterface.dll
2011-01-12 13:06 . 2004-01-23 23:22 57344 ----a-w- c:\windows\system32\drvinterface.dll
2011-01-08 07:10 . 2011-01-08 07:10 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-01-08 07:10 . 2011-01-08 07:10 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-01-07 12:42 . 2011-01-07 12:42 -------- d-----w- c:\program files\Microsoft Works
2011-01-07 12:35 . 2011-01-07 12:35 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-01-07 12:34 . 2011-01-07 12:41 -------- d-----w- c:\windows\SHELLNEW
2011-01-07 12:33 . 2011-01-07 12:33 -------- d-----r- C:\MSOCache
2011-01-07 11:40 . 2011-01-07 14:34 -------- d-----w- c:\documents and settings\Majo\Data aplikací\vlc
2011-01-07 11:35 . 2011-01-07 11:35 -------- d-----w- c:\program files\VideoLAN
2011-01-06 21:16 . 2011-01-06 21:17 -------- d-----w- c:\documents and settings\Majo\Local Settings\Data aplikací\Risen
2011-01-06 21:14 . 2011-01-06 21:14 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-01-06 21:14 . 2011-01-06 21:14 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-01-06 21:05 . 2011-01-06 21:05 -------- d-----w- C:\ProgramData
2011-01-06 21:05 . 2011-01-06 21:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Electronic Arts
2011-01-06 21:01 . 2011-01-06 21:01 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2011-01-06 21:01 . 2011-01-06 21:01 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-01-06 21:01 . 2011-01-06 21:01 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-01-06 21:01 . 2011-01-06 21:06 -------- d-----w- c:\documents and settings\Majo\Data aplikací\DAEMON Tools Lite
2011-01-06 21:01 . 2011-01-06 21:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2011-01-05 22:54 . 2011-01-05 22:54 -------- d-----w- c:\documents and settings\Majo\Local Settings\Data aplikací\Criterion Games
2011-01-05 22:52 . 2011-01-05 22:52 -------- d-----w- c:\program files\Electronic Arts
2011-01-05 22:52 . 2011-01-05 22:52 1196 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-01-05 22:52 . 2011-01-05 22:52 -------- d-----w- c:\documents and settings\Majo\Local Settings\Data aplikací\Downloaded Installations
2011-01-05 19:50 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-05 19:49 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-05 15:27 . 2011-01-05 15:27 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\ATI
2011-01-05 15:26 . 2011-01-05 15:26 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\TuneUp Software
2011-01-05 15:26 . 2011-01-05 15:26 -------- d--h--w- c:\documents and settings\Acronis Agent User\Okolní tiskárny
2011-01-05 15:26 . 2011-01-05 15:26 -------- d-----w- c:\documents and settings\Acronis Agent User\Plocha
2011-01-05 15:26 . 2011-01-05 15:26 -------- d-----r- c:\documents and settings\Acronis Agent User\Nabídka Start
2011-01-05 14:52 . 2011-01-05 14:52 -------- d-sh--w- c:\documents and settings\Majo\IECompatCache
2011-01-05 14:51 . 2011-01-05 14:51 -------- d-sh--w- c:\documents and settings\Majo\PrivacIE
2011-01-04 21:08 . 2011-01-04 21:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Test Drive Unlimited
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-19 19:30 . 2008-02-22 20:22 588704 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-11-19 19:25 . 2008-02-22 20:22 162432 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-11-19 18:34 . 2010-05-06 15:06 737280 ----a-w- c:\windows\iun6002.exe
2010-11-18 18:15 . 2008-02-22 19:45 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2002-09-20 18:04 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:23 . 2002-09-20 18:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2002-09-20 18:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:23 . 2002-09-20 18:04 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-03 12:25 . 2010-05-06 17:15 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-10-25 14:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PtiuPbmd"="ptipbm.dll" [2003-01-15 24576]
"TWCU"="c:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" [2009-08-14 569427]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-11-29 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"BackupAndRecoveryMonitor.exe"="c:\program files\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe" [2009-11-28 1520152]
"AcronisTimounterMonitor"="c:\program files\Common Files\Acronis\Timounter\TimounterMonitor.exe" [2009-11-28 957048]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-28 382384]
"TrayMonitor.exe"="c:\program files\Acronis\TrayMonitor\TrayMonitor.exe" [2009-11-28 842248]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2004-10-11 589824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2011-01-24 472112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" silent loginmode=4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"LiveMonitor"=c:\program files\MSI\Live Update 3\LMonitor.exe
"VIARaidUtl"=c:\program files\VIA\RAID\raid_tool.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"e:\\Games\\Burnout Paradise\\BurnoutLauncher.exe"=
"e:\\Games\\Burnout Paradise\\BurnoutConfigTool.exe"=
"e:\\Games\\Burnout Paradise\\BurnoutParadise.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Games\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.1.2011 22:01 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 8:03 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 8:04 735960]
R2 MMS;Acronis Managed Machine Service;c:\program files\Acronis\BackupAndRecovery\mms.exe [28.11.2009 3:49 4285680]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [6.5.2010 13:10 1668352]
S2 AcronisAgent;Acronis Remote Agent;c:\program files\Common Files\Acronis\Agent\agent.exe [28.11.2009 3:55 1865560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;"e:\program files\TuneUp 2010\TuneUpUtilitiesService32.exe" --> e:\program files\TuneUp 2010\TuneUpUtilitiesService32.exe [?]
S2 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [12.5.2010 21:02 52888]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\e:\program files\TuneUp 2010\TuneUpUtilitiesDriver32.sys --> e:\program files\TuneUp 2010\TuneUpUtilitiesDriver32.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - {DB7FBFE3-82CB-49E0-9C41-39C2A80B4966} - c:\progra~1\EUROTR~1\e2003i.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Majo\Data aplikací\Mozilla\Firefox\Profiles\1ga6g9y2.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.ssl - true
FF - user.js: network.http.pipelining.maxrequests - 8
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-TuneUp Utilities - e:\program files\TuneUp 2010\TUInstallHelper.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-28 16:38
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Data aplikací\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:0000041b
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{A32D29EB-F9F5-4F35-87F5-B638F818B0B0}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.474.0"
"UniqueId"="000271FA4BE6C76C"
"ScannerBuild"=dword:00001bc7
"ScannerVersionId"=dword:000013f6
"ScannerVersion"="Open window for status."
"FixId"=dword:00000007
"ei2"=hex(b):6c,29,15,25,e4,33,95,48
"ei1"=hex(b):00,11,09,95,71,9c,00,00
"ei3"=hex(b):d6,b5,be,4c,00,00,00,00
"ei4"=dword:00000001
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1844)
c:\windows\system32\athgina.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(2020)
c:\windows\System32\athgina.dll
- - - - - - - > 'explorer.exe'(2960)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-01-28 16:40:01
ComboFix-quarantined-files.txt 2011-01-28 15:39
Před spuštěním: Volných bajtů: 19 154 018 304
Po spuštění: Volných bajtů: 22 545 256 448
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 3565EAC22D29969C9C391C1BD5B26C94