kontrola logu - plugin-container

[komaj]

ComboFix 11-06-16.02 - Pol 17.06.2011 18:35:27.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2812.1487 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pol\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Pol\Plocha\Setup.exe
c:\windows\system32\ICON.ico
G:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-17 do 2011-06-17 )))))))))))))))))))))))))))))))
.
.
2011-06-17 05:09 . 2011-06-17 05:09 -------- d-----w- c:\documents and settings\Pol\Local Settings\Data aplikací\Western_Digital
2011-06-17 05:09 . 2011-06-17 05:09 -------- d-----w- c:\documents and settings\Pol\Data aplikací\Western Digital
2011-06-17 05:09 . 2011-06-17 05:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Western Digital
2011-06-17 05:09 . 2011-06-17 05:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ServiceTest
2011-06-17 05:09 . 2011-06-17 05:09 -------- d-----w- c:\program files\Western Digital
2011-06-17 05:08 . 2011-06-17 05:08 -------- d-----w- c:\documents and settings\Pol\Local Settings\Data aplikací\Western Digital
2011-06-17 05:07 . 2009-02-13 09:02 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2011-05-26 11:11 . 2011-05-26 11:11 86016 ----a-w- c:\windows\system32\NtDirect.dll
2011-05-20 18:52 . 2011-05-20 18:52 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-20 18:52 . 2011-05-20 18:52 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-20 18:52 . 2011-05-20 18:52 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-20 18:52 . 2011-05-20 18:52 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-20 18:52 . 2011-05-20 18:52 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-20 18:52 . 2011-05-20 18:52 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-20 18:52 . 2011-05-20 18:52 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-20 18:52 . 2011-05-20 18:52 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-17 05:07 . 2011-05-14 07:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-16 17:36 . 2004-07-17 09:36 28400 ----a-w- c:\windows\system32\drivers\secdrv.sys
2011-04-16 15:04 . 2011-04-16 15:04 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-16 15:04 . 2011-04-16 15:04 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-05-20 18:52 . 2011-05-20 18:52 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2001-09-20 12:00 . 15AFB5576C32CC292E5DD469D96B4909 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-29 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 144920]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2010-05-05 251392]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\Pol\Nabˇdka Start\Programy\Po spuçtŘnˇ\
J dro Pl novaźe Łloh SolidWorks.lnk - c:\program files\SolidWorks\swScheduler\swBOEngine.exe [2007-9-9 488728]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-5 494920]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NinjaTrader 7\\bin\\NinjaTrader.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"f:\\HRY\\AOA2\\empires2.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31.12.2010 14:24 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 15:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 15:24 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 15:23 727720]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [29.12.2010 22:06 22016]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [21.1.2010 16:24 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 8:58 20480]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [29.12.2010 23:26 22784]
R3 vHidDev;Razer Gaming Device;c:\windows\system32\drivers\vHidDev.sys [29.12.2010 23:15 5760]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [20.9.2001 14:00 3584]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.12.2010 23:49 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [29.12.2010 23:02 1691480]
S3 etdrv;etdrv;c:\windows\etdrv.sys [29.12.2010 22:09 17488]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29.12.2010 23:49 136176]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [29.12.2010 22:06 29440]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [29.12.2010 22:06 17536]
S3 slicedisk.sys;slicedisk.sys;\??\c:\windows\system32\slicedisk.sys --> c:\windows\system32\slicedisk.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [17.6.2011 7:07 11520]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-29 21:49]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-29 21:49]
.
2011-06-17 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Pol\Data aplikací\Mozilla\Firefox\Profiles\wevl8gep.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=cs&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-OpenAL - c:\program files\OpenAL\oalinst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-17 18:36
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2011-06-17 18:37:27
ComboFix-quarantined-files.txt 2011-06-17 16:37
.
Před spuštěním: Volných bajtů: 62 915 571 712
Po spuštění: Volných bajtů: 66 076 344 320
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - ACBAF9FBE3F4BBE55086FB92B51B9DE0

[Rudy]

Především v logu vidím cracklý NOD. Odinstalujte a použijte nějaké free řešení: http://www.viry.cz/forum/viewforum.php?f=29 . Pak budeme pokračovat.