Prosím o kontrolu logu z combofixu
Napsal: 27 úno 2013 11:22
Dobrý den!
Mám tu notebook, samovolně se začaly otevírat okna a zpomalil se. Udělal jsem přeinstalaci winXP nainstaloval jsem avasta a najednou přestal fungovat internet. Mám tušení, že se nějakej zloduch usadil na disku. Avasta jsem odinstaloval, vypl ochrany a udělal COMBOFIX. Požádal bych o kontrolu logu:
ComboFix 13-02-26.01 - hanach 01.08.2003 2:53.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.510.288 [GMT 2:00]
Spuštěný z: c:\documents and settings\hanach\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\FIX.exe
c:\documents and settings\hanach\WINDOWS
c:\windows\COM+.log
c:\windows\msmqinst.log
c:\windows\regopt.log
c:\windows\system\winspool.drv
c:\windows\system32\Cache
.
Nakažená kopie c:\windows\system32\msgsvc.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\msgsvc.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2003-07-01 do 2003-08-01 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 06:52 . 2001-10-25 11:00 29696 ----a-w- c:\windows\system32\format.com
2008-04-14 06:52 . 2001-10-25 11:00 16896 ----a-w- c:\windows\system32\more.com
2008-04-14 06:52 . 2001-10-25 11:00 12800 ----a-w- c:\windows\system32\tree.com
2008-04-14 06:52 . 2013-02-22 21:47 150528 ----a-w- c:\windows\pchealth\UploadLB\Binaries\uploadm.exe
2008-04-14 06:52 . 2001-10-25 11:00 78336 ----a-w- c:\windows\system32\tasklist.exe
2008-04-14 06:52 . 2001-10-25 11:00 77312 ----a-w- c:\windows\system32\taskkill.exe
2008-04-14 06:52 . 2001-10-25 11:00 72192 ----a-w- c:\windows\system32\systeminfo.exe
2008-04-14 06:52 . 2001-10-25 11:00 25600 ----a-w- c:\windows\system32\sort.exe
2008-04-14 06:52 . 2013-02-22 21:47 171008 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
2008-04-14 06:52 . 2013-02-22 21:47 769024 ----a-w- c:\windows\pchealth\helpctr\binaries\helpctr.exe
2008-04-14 06:52 . 2013-02-22 21:47 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2008-04-14 06:52 . 2013-02-22 21:47 18432 ----a-w- c:\windows\pchealth\helpctr\binaries\hscupd.exe
2008-04-14 06:52 . 2001-10-25 11:00 60928 ----a-w- c:\windows\system32\getmac.exe
2008-04-14 06:52 . 2001-10-25 11:00 15360 ----a-w- c:\windows\system32\help.exe
2008-04-14 06:52 . 2001-10-25 11:00 7680 ----a-w- c:\windows\system32\forcedos.exe
2008-04-14 06:52 . 2001-10-25 11:00 84992 ----a-w- c:\windows\system32\eventtriggers.exe
2008-04-14 06:52 . 2001-10-25 11:00 64000 ----a-w- c:\windows\system32\driverquery.exe
2008-04-14 06:52 . 2001-10-25 11:00 20480 ----a-w- c:\windows\system32\cacls.exe
2008-04-14 06:52 . 2001-10-25 11:00 149504 ----a-w- c:\windows\system32\bootcfg.exe
2008-04-14 06:52 . 2004-08-17 12:49 601088 ----a-w- c:\windows\system32\autochk.exe
2008-04-14 06:52 . 2001-10-25 11:00 12288 ----a-w- c:\windows\system32\attrib.exe
2008-04-14 06:52 . 2004-08-17 12:49 279040 ----a-w- c:\windows\help\tshoot.dll
2008-04-14 06:52 . 2003-07-31 23:29 11325 ------w- c:\windows\system32\drivers\vchnt5.dll
2008-04-14 06:52 . 2001-10-25 11:00 26624 ----a-w- c:\windows\system32\verifier.dll
2008-04-14 06:52 . 2001-10-25 11:00 215552 ----a-w- c:\windows\system32\wavemsp.dll
2008-04-14 06:52 . 2013-02-22 21:47 726590 ----a-w- c:\windows\srchasst\srchui.dll
2008-04-14 06:52 . 2013-02-22 21:47 58434 ----a-w- c:\windows\srchasst\srchctls.dll
2008-04-14 06:52 . 2004-08-17 12:49 33280 ----a-w- c:\windows\help\sstub.dll
2008-04-14 06:51 . 2004-08-17 12:49 34816 ----a-w- c:\windows\help\sniffpol.dll
2008-04-14 06:51 . 2004-08-17 12:49 79872 ----a-w- c:\windows\system32\raschap.dll
2008-04-14 06:51 . 2001-10-25 11:00 92672 ----a-w- c:\windows\system32\rsvpsp.dll
2008-04-14 06:51 . 2013-02-22 21:47 38400 ----a-w- c:\windows\pchealth\helpctr\binaries\pchsvc.dll
2008-04-14 06:51 . 2013-02-22 21:47 102912 ----a-w- c:\windows\pchealth\helpctr\binaries\pchshell.dll
2008-04-14 06:51 . 2001-10-25 11:00 74752 ----a-w- c:\windows\system32\olecli32.dll
2008-04-14 06:51 . 2001-10-25 11:00 67584 ----a-w- c:\windows\system32\ocmanage.dll
2008-04-14 06:51 . 2001-10-25 11:00 37376 ----a-w- c:\windows\system32\olecnv32.dll
2008-04-14 06:51 . 2001-10-25 11:00 17408 ----a-w- c:\windows\system32\perfnet.dll
2008-04-14 06:51 . 2001-10-25 11:00 122880 ----a-w- c:\windows\system32\oledlg.dll
2008-04-14 06:51 . 2001-10-25 11:00 64000 ----a-w- c:\windows\system32\nwapi32.dll
2008-04-14 06:51 . 2001-10-25 11:00 15360 ----a-w- c:\windows\system32\ntvdmd.dll
2008-04-14 06:51 . 2013-02-22 21:47 3166208 ----a-w- c:\windows\srchasst\msgr3en.dll
2008-04-14 06:51 . 2013-02-22 21:47 378880 ----a-w- c:\windows\pchealth\helpctr\binaries\msinfo.dll
2008-04-14 06:51 . 2001-10-25 11:00 53248 ----a-w- c:\windows\system32\mprdim.dll
2008-04-14 06:51 . 2001-10-25 11:00 927504 ----a-w- c:\windows\system32\mfc40u.dll
2008-04-14 06:51 . 2001-10-25 11:00 29696 ----a-w- c:\windows\system32\mimefilt.dll
2008-04-14 06:51 . 2001-10-25 11:00 22016 ----a-w- c:\windows\system32\ipxwan.dll
2008-04-14 06:51 . 2001-10-25 11:00 177152 ----a-w- c:\windows\system32\iprtrmgr.dll
2008-04-14 06:51 . 2001-10-25 11:00 160256 ----a-w- c:\windows\system32\ipmontr.dll
2008-04-14 06:51 . 2001-10-25 11:00 72704 ----a-w- c:\windows\system32\hlink.dll
2008-04-14 06:51 . 2001-10-25 11:00 80896 ----a-w- c:\windows\system32\fontsub.dll
2008-04-14 06:51 . 2001-10-25 11:00 157184 ----a-w- c:\windows\system32\dskquoui.dll
2008-04-14 06:51 . 2001-10-25 11:00 125952 ----a-w- c:\windows\system32\exts.dll
2008-04-14 06:51 . 2001-10-25 11:00 124416 ----a-w- c:\windows\system32\fde.dll
2008-04-14 06:51 . 2001-10-25 11:00 390656 ----a-w- c:\windows\system32\dhcpmon.dll
2008-04-14 06:51 . 2001-10-25 11:00 358400 ----a-w- c:\windows\system32\confmsp.dll
2008-04-14 06:51 . 2001-10-25 11:00 32768 ----a-w- c:\windows\system32\dispex.dll
2008-04-14 06:51 . 2001-10-25 11:00 285184 ----a-w- c:\windows\system32\dmdlgs.dll
2008-04-14 06:51 . 2001-10-25 11:00 165376 ----a-w- c:\windows\system32\datime.dll
2008-04-14 06:51 . 2001-10-25 11:00 1504768 ----a-w- c:\windows\system32\diskcopy.dll
2008-04-14 06:51 . 2001-10-25 11:00 148480 ----a-w- c:\windows\system32\cic.dll
2008-04-14 06:51 . 2004-08-17 12:49 451072 ----a-w- c:\windows\apppatch\aclayers.dll
2008-04-14 06:51 . 2004-08-17 12:49 245248 ----a-w- c:\windows\apppatch\acspecfc.dll
2008-04-14 06:51 . 2004-08-17 12:49 1852928 ----a-w- c:\windows\apppatch\acgenral.dll
2008-04-14 06:51 . 2004-08-17 12:49 141312 ----a-w- c:\windows\apppatch\aclua.dll
2008-04-14 06:51 . 2004-08-17 12:49 116224 ----a-w- c:\windows\apppatch\acxtrnal.dll
2008-04-14 06:51 . 2001-10-25 11:00 151040 ----a-w- c:\windows\system32\capesnpn.dll
2008-04-14 06:51 . 2001-10-25 11:00 123392 ----a-w- c:\windows\system32\adsnw.dll
2008-04-14 06:51 . 2007-12-27 10:34 39424 ----a-w- c:\windows\apppatch\acadproc.dll
2008-04-14 06:48 . 2001-10-25 11:00 7168 ----a-w- c:\windows\system32\kbdnec.dll
2008-04-14 05:57 . 2001-10-25 11:00 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2008-04-14 05:43 . 2001-10-25 11:00 44544 ----a-w- c:\windows\system32\drivers\fips.sys
2008-04-13 22:27 . 2001-10-25 11:00 40576 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2008-04-13 22:27 . 2001-10-25 11:00 10112 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2008-04-13 22:25 . 2001-10-25 11:00 202624 ----a-w- c:\windows\system32\drivers\rmcast.sys
2008-04-13 22:15 . 2001-08-17 22:03 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys
2008-04-13 22:15 . 2001-08-17 22:03 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys
2008-04-13 22:15 . 2001-08-17 22:00 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2008-04-13 22:10 . 2001-10-25 11:00 19712 ----a-w- c:\windows\system32\drivers\partmgr.sys
2008-04-13 22:06 . 2001-08-17 21:58 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2008-04-13 22:06 . 2001-08-17 21:57 14208 ----a-w- c:\windows\system32\drivers\battc.sys
2008-04-13 19:12 . 2001-10-25 11:00 16896 ----a-w- c:\windows\system32\stdole2.tlb
2007-12-27 10:39 . 2007-12-27 10:39 231424 ----a-w- c:\windows\system32\webcheck.dll
2007-04-02 16:17 . 2004-08-17 12:49 518944 ----a-w- c:\windows\system32\msexch40.dll
2003-06-06 16:12 . 2003-06-06 16:12 90112 ----a-w- c:\windows\system32\DProcess.exe
2003-05-28 13:00 . 2003-05-28 13:00 25 ----a-w- c:\windows\system32\wcfg.bat
2003-05-28 12:55 . 2003-05-28 12:55 142256 ----a-w- c:\windows\system32\TPIDITST.exe
2003-05-28 12:55 . 2003-05-28 12:55 78096 ----a-w- c:\windows\system32\TPIDI32.dll
2003-05-28 12:55 . 2003-05-28 12:55 2288 ----a-w- c:\windows\system32\TPIDI16.DLL
2007-10-26 05:59 . 2013-02-22 21:51 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-10-26 05:59 . 2013-02-22 21:51 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-10-26 05:59 . 2013-02-22 21:51 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-10-26 05:59 . 2013-02-22 21:51 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-10-26 05:59 . 2013-02-22 21:51 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"PRONoMgr.exe"="c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 86016]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-04-18 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-04-18 610304]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 65536]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-12-16 15:49 110592 ----a-w- c:\windows\system32\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^RocketDock.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-11-19 07:41 88363 ----a-r- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 06:52 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-06-30 20:40 33648 ----a-w- c:\program files\Microsoft Office 2007\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2004-10-11 11:26 286720 ----a-w- c:\progra~1\LAUNCH~1\QtZiAcer.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 18:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-23 10:52 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2003-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-23 10:51]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-23 10:51]
.
2003-08-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.70.100.1
FF - ProfilePath - c:\documents and settings\hanach\Data aplikací\Mozilla\Firefox\Profiles\t6ubd11a.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-nod32kui - c:\program files\Eset\nod32kui.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2003-08-01 03:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(1100)
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\S24EvMon.exe
c:\windows\system32\ZCfgSvc.exe
c:\windows\system32\1XConfig.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\RegSrvc.exe
c:\windows\system32\wltrysvc.exe
c:\windows\system32\bcmwltry.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2003-08-01 03:07:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2003-08-01 01:07
.
Před spuštěním: Volných bajtů: 68 517 330 944
Po spuštění: Volných bajtů: 68 528 697 344
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - CAA0F1857A004610652AFC3264C7E7AF
Předem díky za kontrolu a možnou pomoc. Jirka Bork
Mám tu notebook, samovolně se začaly otevírat okna a zpomalil se. Udělal jsem přeinstalaci winXP nainstaloval jsem avasta a najednou přestal fungovat internet. Mám tušení, že se nějakej zloduch usadil na disku. Avasta jsem odinstaloval, vypl ochrany a udělal COMBOFIX. Požádal bych o kontrolu logu:
ComboFix 13-02-26.01 - hanach 01.08.2003 2:53.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.510.288 [GMT 2:00]
Spuštěný z: c:\documents and settings\hanach\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\FIX.exe
c:\documents and settings\hanach\WINDOWS
c:\windows\COM+.log
c:\windows\msmqinst.log
c:\windows\regopt.log
c:\windows\system\winspool.drv
c:\windows\system32\Cache
.
Nakažená kopie c:\windows\system32\msgsvc.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\msgsvc.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2003-07-01 do 2003-08-01 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 06:52 . 2001-10-25 11:00 29696 ----a-w- c:\windows\system32\format.com
2008-04-14 06:52 . 2001-10-25 11:00 16896 ----a-w- c:\windows\system32\more.com
2008-04-14 06:52 . 2001-10-25 11:00 12800 ----a-w- c:\windows\system32\tree.com
2008-04-14 06:52 . 2013-02-22 21:47 150528 ----a-w- c:\windows\pchealth\UploadLB\Binaries\uploadm.exe
2008-04-14 06:52 . 2001-10-25 11:00 78336 ----a-w- c:\windows\system32\tasklist.exe
2008-04-14 06:52 . 2001-10-25 11:00 77312 ----a-w- c:\windows\system32\taskkill.exe
2008-04-14 06:52 . 2001-10-25 11:00 72192 ----a-w- c:\windows\system32\systeminfo.exe
2008-04-14 06:52 . 2001-10-25 11:00 25600 ----a-w- c:\windows\system32\sort.exe
2008-04-14 06:52 . 2013-02-22 21:47 171008 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
2008-04-14 06:52 . 2013-02-22 21:47 769024 ----a-w- c:\windows\pchealth\helpctr\binaries\helpctr.exe
2008-04-14 06:52 . 2013-02-22 21:47 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2008-04-14 06:52 . 2013-02-22 21:47 18432 ----a-w- c:\windows\pchealth\helpctr\binaries\hscupd.exe
2008-04-14 06:52 . 2001-10-25 11:00 60928 ----a-w- c:\windows\system32\getmac.exe
2008-04-14 06:52 . 2001-10-25 11:00 15360 ----a-w- c:\windows\system32\help.exe
2008-04-14 06:52 . 2001-10-25 11:00 7680 ----a-w- c:\windows\system32\forcedos.exe
2008-04-14 06:52 . 2001-10-25 11:00 84992 ----a-w- c:\windows\system32\eventtriggers.exe
2008-04-14 06:52 . 2001-10-25 11:00 64000 ----a-w- c:\windows\system32\driverquery.exe
2008-04-14 06:52 . 2001-10-25 11:00 20480 ----a-w- c:\windows\system32\cacls.exe
2008-04-14 06:52 . 2001-10-25 11:00 149504 ----a-w- c:\windows\system32\bootcfg.exe
2008-04-14 06:52 . 2004-08-17 12:49 601088 ----a-w- c:\windows\system32\autochk.exe
2008-04-14 06:52 . 2001-10-25 11:00 12288 ----a-w- c:\windows\system32\attrib.exe
2008-04-14 06:52 . 2004-08-17 12:49 279040 ----a-w- c:\windows\help\tshoot.dll
2008-04-14 06:52 . 2003-07-31 23:29 11325 ------w- c:\windows\system32\drivers\vchnt5.dll
2008-04-14 06:52 . 2001-10-25 11:00 26624 ----a-w- c:\windows\system32\verifier.dll
2008-04-14 06:52 . 2001-10-25 11:00 215552 ----a-w- c:\windows\system32\wavemsp.dll
2008-04-14 06:52 . 2013-02-22 21:47 726590 ----a-w- c:\windows\srchasst\srchui.dll
2008-04-14 06:52 . 2013-02-22 21:47 58434 ----a-w- c:\windows\srchasst\srchctls.dll
2008-04-14 06:52 . 2004-08-17 12:49 33280 ----a-w- c:\windows\help\sstub.dll
2008-04-14 06:51 . 2004-08-17 12:49 34816 ----a-w- c:\windows\help\sniffpol.dll
2008-04-14 06:51 . 2004-08-17 12:49 79872 ----a-w- c:\windows\system32\raschap.dll
2008-04-14 06:51 . 2001-10-25 11:00 92672 ----a-w- c:\windows\system32\rsvpsp.dll
2008-04-14 06:51 . 2013-02-22 21:47 38400 ----a-w- c:\windows\pchealth\helpctr\binaries\pchsvc.dll
2008-04-14 06:51 . 2013-02-22 21:47 102912 ----a-w- c:\windows\pchealth\helpctr\binaries\pchshell.dll
2008-04-14 06:51 . 2001-10-25 11:00 74752 ----a-w- c:\windows\system32\olecli32.dll
2008-04-14 06:51 . 2001-10-25 11:00 67584 ----a-w- c:\windows\system32\ocmanage.dll
2008-04-14 06:51 . 2001-10-25 11:00 37376 ----a-w- c:\windows\system32\olecnv32.dll
2008-04-14 06:51 . 2001-10-25 11:00 17408 ----a-w- c:\windows\system32\perfnet.dll
2008-04-14 06:51 . 2001-10-25 11:00 122880 ----a-w- c:\windows\system32\oledlg.dll
2008-04-14 06:51 . 2001-10-25 11:00 64000 ----a-w- c:\windows\system32\nwapi32.dll
2008-04-14 06:51 . 2001-10-25 11:00 15360 ----a-w- c:\windows\system32\ntvdmd.dll
2008-04-14 06:51 . 2013-02-22 21:47 3166208 ----a-w- c:\windows\srchasst\msgr3en.dll
2008-04-14 06:51 . 2013-02-22 21:47 378880 ----a-w- c:\windows\pchealth\helpctr\binaries\msinfo.dll
2008-04-14 06:51 . 2001-10-25 11:00 53248 ----a-w- c:\windows\system32\mprdim.dll
2008-04-14 06:51 . 2001-10-25 11:00 927504 ----a-w- c:\windows\system32\mfc40u.dll
2008-04-14 06:51 . 2001-10-25 11:00 29696 ----a-w- c:\windows\system32\mimefilt.dll
2008-04-14 06:51 . 2001-10-25 11:00 22016 ----a-w- c:\windows\system32\ipxwan.dll
2008-04-14 06:51 . 2001-10-25 11:00 177152 ----a-w- c:\windows\system32\iprtrmgr.dll
2008-04-14 06:51 . 2001-10-25 11:00 160256 ----a-w- c:\windows\system32\ipmontr.dll
2008-04-14 06:51 . 2001-10-25 11:00 72704 ----a-w- c:\windows\system32\hlink.dll
2008-04-14 06:51 . 2001-10-25 11:00 80896 ----a-w- c:\windows\system32\fontsub.dll
2008-04-14 06:51 . 2001-10-25 11:00 157184 ----a-w- c:\windows\system32\dskquoui.dll
2008-04-14 06:51 . 2001-10-25 11:00 125952 ----a-w- c:\windows\system32\exts.dll
2008-04-14 06:51 . 2001-10-25 11:00 124416 ----a-w- c:\windows\system32\fde.dll
2008-04-14 06:51 . 2001-10-25 11:00 390656 ----a-w- c:\windows\system32\dhcpmon.dll
2008-04-14 06:51 . 2001-10-25 11:00 358400 ----a-w- c:\windows\system32\confmsp.dll
2008-04-14 06:51 . 2001-10-25 11:00 32768 ----a-w- c:\windows\system32\dispex.dll
2008-04-14 06:51 . 2001-10-25 11:00 285184 ----a-w- c:\windows\system32\dmdlgs.dll
2008-04-14 06:51 . 2001-10-25 11:00 165376 ----a-w- c:\windows\system32\datime.dll
2008-04-14 06:51 . 2001-10-25 11:00 1504768 ----a-w- c:\windows\system32\diskcopy.dll
2008-04-14 06:51 . 2001-10-25 11:00 148480 ----a-w- c:\windows\system32\cic.dll
2008-04-14 06:51 . 2004-08-17 12:49 451072 ----a-w- c:\windows\apppatch\aclayers.dll
2008-04-14 06:51 . 2004-08-17 12:49 245248 ----a-w- c:\windows\apppatch\acspecfc.dll
2008-04-14 06:51 . 2004-08-17 12:49 1852928 ----a-w- c:\windows\apppatch\acgenral.dll
2008-04-14 06:51 . 2004-08-17 12:49 141312 ----a-w- c:\windows\apppatch\aclua.dll
2008-04-14 06:51 . 2004-08-17 12:49 116224 ----a-w- c:\windows\apppatch\acxtrnal.dll
2008-04-14 06:51 . 2001-10-25 11:00 151040 ----a-w- c:\windows\system32\capesnpn.dll
2008-04-14 06:51 . 2001-10-25 11:00 123392 ----a-w- c:\windows\system32\adsnw.dll
2008-04-14 06:51 . 2007-12-27 10:34 39424 ----a-w- c:\windows\apppatch\acadproc.dll
2008-04-14 06:48 . 2001-10-25 11:00 7168 ----a-w- c:\windows\system32\kbdnec.dll
2008-04-14 05:57 . 2001-10-25 11:00 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2008-04-14 05:43 . 2001-10-25 11:00 44544 ----a-w- c:\windows\system32\drivers\fips.sys
2008-04-13 22:27 . 2001-10-25 11:00 40576 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2008-04-13 22:27 . 2001-10-25 11:00 10112 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2008-04-13 22:25 . 2001-10-25 11:00 202624 ----a-w- c:\windows\system32\drivers\rmcast.sys
2008-04-13 22:15 . 2001-08-17 22:03 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys
2008-04-13 22:15 . 2001-08-17 22:03 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys
2008-04-13 22:15 . 2001-08-17 22:00 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2008-04-13 22:10 . 2001-10-25 11:00 19712 ----a-w- c:\windows\system32\drivers\partmgr.sys
2008-04-13 22:06 . 2001-08-17 21:58 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2008-04-13 22:06 . 2001-08-17 21:57 14208 ----a-w- c:\windows\system32\drivers\battc.sys
2008-04-13 19:12 . 2001-10-25 11:00 16896 ----a-w- c:\windows\system32\stdole2.tlb
2007-12-27 10:39 . 2007-12-27 10:39 231424 ----a-w- c:\windows\system32\webcheck.dll
2007-04-02 16:17 . 2004-08-17 12:49 518944 ----a-w- c:\windows\system32\msexch40.dll
2003-06-06 16:12 . 2003-06-06 16:12 90112 ----a-w- c:\windows\system32\DProcess.exe
2003-05-28 13:00 . 2003-05-28 13:00 25 ----a-w- c:\windows\system32\wcfg.bat
2003-05-28 12:55 . 2003-05-28 12:55 142256 ----a-w- c:\windows\system32\TPIDITST.exe
2003-05-28 12:55 . 2003-05-28 12:55 78096 ----a-w- c:\windows\system32\TPIDI32.dll
2003-05-28 12:55 . 2003-05-28 12:55 2288 ----a-w- c:\windows\system32\TPIDI16.DLL
2007-10-26 05:59 . 2013-02-22 21:51 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-10-26 05:59 . 2013-02-22 21:51 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-10-26 05:59 . 2013-02-22 21:51 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-10-26 05:59 . 2013-02-22 21:51 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-10-26 05:59 . 2013-02-22 21:51 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"PRONoMgr.exe"="c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 86016]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-04-18 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-04-18 610304]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 65536]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-12-16 15:49 110592 ----a-w- c:\windows\system32\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^RocketDock.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-11-19 07:41 88363 ----a-r- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 06:52 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-06-30 20:40 33648 ----a-w- c:\program files\Microsoft Office 2007\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2004-10-11 11:26 286720 ----a-w- c:\progra~1\LAUNCH~1\QtZiAcer.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 18:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-23 10:52 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2003-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-23 10:51]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-23 10:51]
.
2003-08-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.70.100.1
FF - ProfilePath - c:\documents and settings\hanach\Data aplikací\Mozilla\Firefox\Profiles\t6ubd11a.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-nod32kui - c:\program files\Eset\nod32kui.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2003-08-01 03:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(1100)
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\S24EvMon.exe
c:\windows\system32\ZCfgSvc.exe
c:\windows\system32\1XConfig.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\RegSrvc.exe
c:\windows\system32\wltrysvc.exe
c:\windows\system32\bcmwltry.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2003-08-01 03:07:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2003-08-01 01:07
.
Před spuštěním: Volných bajtů: 68 517 330 944
Po spuštění: Volných bajtů: 68 528 697 344
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - CAA0F1857A004610652AFC3264C7E7AF
Předem díky za kontrolu a možnou pomoc. Jirka Bork
