VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

poprosim o preventivnu kontrolu

https://forum.viry.cz:443/viewtopic.php?t=77513

Stránka 1 z 3

poprosim o preventivnu kontrolu

Napsal: 27 led 2009 19:52
od standape
poprosim o preventivku,pc slape dobre :D
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49:47, on 27.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\BHPS\Pmap1\bin\MapperMonService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\BHPS\JRE142\bin\javaw.exe
D:\BHPS\Gmg\bin\DBMonService.exe
D:\BHPS\Gmg\bin\TomcatMonService.exe
D:\BHPS\Gmg\bin\tbmux32.exe
C:\Program Files\BHPS\JRE142\bin\java.exe
D:\BHPS\Gmg\bin\tbkern32.exe
D:\BHPS\Gmg\bin\tbkern32.exe
D:\BHPS\Gmg\bin\tbkern32.exe
D:\BHPS\Gmg\bin\tbkern32.exe
D:\BHPS\Gmg\bin\tbkern32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Kristina\LOCALS~1\Temp\Rar$EX00.563\HijackThis.exe
C:\DOCUME~1\Kristina\LOCALS~1\Temp\Rar$EX02.641\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: pqeauto.database.dbmonitor.GMG - ProQuest Business Solutions - D:\BHPS\Gmg\bin\DBMonService.exe
O23 - Service: pqeauto.energy.mappermonitor - ProQuest Business Solutions - D:\BHPS\Pmap1\bin\MapperMonService.exe
O23 - Service: pqeauto.engine.tomcatmonitor.GMG - ProQuest Business Solutions - D:\BHPS\Gmg\bin\TomcatMonService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 5314 bytes

Re: poprosim o preventivnu kontrolu

Napsal: 27 led 2009 21:42
od furmi
zdravím,

chybí firewall, jinak ok

Re: poprosim o preventivnu kontrolu

Napsal: 03 led 2010 19:23
od standape
mozem poprosit o kontrolu PC...dakujem

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kristina at 2010-01-03 19:21:13
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 36 GB (24%) free of 151 GB
Total RAM: 2047 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:30, on 3. 1. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BHPS\JRE142\bin\javaw.exe
C:\Program Files\BHPS\Gmg\bin\DBMonService.exe
C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe
C:\Program Files\BHPS\JRE142\bin\java.exe
C:\Program Files\BHPS\Gmg\bin\tbmux32.exe
C:\Program Files\BHPS\Gmg\bin\tbkern32.exe
C:\Program Files\BHPS\Gmg\bin\tbkern32.exe
C:\Program Files\BHPS\Gmg\bin\tbkern32.exe
C:\Program Files\BHPS\Gmg\bin\tbkern32.exe
C:\Program Files\BHPS\Gmg\bin\tbkern32.exe
C:\Download\RSIT.exe
C:\Program Files\trend micro\Kristina.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Rapget.RS] C:\Program Files\RapgetRS\Rapget.RS_Public_v1.0.4.0_cz\RapgetRS.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0867553875
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: pqeauto.database.dbmonitor.GMG - ProQuest Business Solutions - C:\Program Files\BHPS\Gmg\bin\DBMonService.exe
O23 - Service: pqeauto.energy.mappermonitor - ProQuest Business Solutions - C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe
O23 - Service: pqeauto.engine.tomcatmonitor.GMG - ProQuest Business Solutions - C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe

--
End of file - 6216 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{03C5C9A8-FEF0-430C-B548-5D313CB396F6}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{2FA18DF2-0435-434C-8ECF-53F9C476D206}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-21 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-21 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-21 149280]
"VolPanel"=C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [2006-09-15 122880]
"P17Helper"=Rundll32 SPIRun.dll,RunDLLEntry []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-09-11 2054360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]
"Rapget.RS"=C:\Program Files\RapgetRS\Rapget.RS_Public_v1.0.4.0_cz\RapgetRS.exe [2009-06-19 1184936]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-04-21 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector U]
C:\Program Files\Creative\MediaSource5\CTDetctu.exe [2006-10-02 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcqu]
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe [2006-03-08 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-14 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kristina^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-10-13 393216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-07-15 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\HRY\Counter Strike Source\hl2.exe"="C:\HRY\Counter Strike Source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Kristina\temp\TeamViewer\Version5\TeamViewer.exe"="C:\Documents and Settings\Kristina\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-03 19:21:13 ----D---- C:\rsit
2010-01-03 19:21:13 ----D---- C:\Program Files\trend micro
2010-01-02 23:57:53 ----D---- C:\Program Files\Weather Watcher Live
2010-01-02 23:57:47 ----D---- C:\Documents and Settings\Kristina\Application Data\WeatherWatcherLive
2010-01-02 10:30:51 ----A---- C:\CKINFO.TXT
2010-01-02 09:38:27 ----D---- C:\Documents and Settings\All Users\Application Data\workshophdb
2010-01-02 09:38:17 ----D---- C:\Documents and Settings\All Users\Application Data\WorkshopData
2010-01-02 09:36:12 ----D---- C:\Program Files\Vivid WorkshopData ATI
2009-12-31 16:25:14 ----HD---- C:\Program Files\Zero G Registry
2009-12-31 16:09:25 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-12-31 16:03:16 ----D---- C:\Documents and Settings\All Users\Application Data\organiser
2009-12-31 15:54:40 ----D---- C:\Nový priečinok
2009-12-30 20:16:55 ----D---- C:\Program Files\ESET
2009-12-30 13:18:42 ----D---- C:\Documents and Settings\Kristina\Application Data\skypePM
2009-12-30 13:14:13 ----D---- C:\Documents and Settings\Kristina\Application Data\Skype
2009-12-30 13:13:57 ----D---- C:\Program Files\Common Files\Skype
2009-12-30 13:13:53 ----RD---- C:\Program Files\Skype
2009-12-30 13:13:47 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-12-28 10:06:52 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-12-24 16:58:28 ----RA---- C:\WINDOWS\system32\ChilkatUtil.dll
2009-12-24 16:58:28 ----RA---- C:\WINDOWS\system32\ChilkatCrypt2.dll
2009-12-24 16:58:27 ----RA---- C:\WINDOWS\system32\ChilkatCert.dll
2009-12-24 16:58:27 ----RA---- C:\WINDOWS\system32\Autoserv.exe
2009-12-24 16:54:40 ----D---- C:\Program Files\Alcohol Soft
2009-12-24 16:09:01 ----D---- C:\WINDOWS\Downloaded Installations
2009-12-20 16:16:31 ----A---- C:\WINDOWS\system32\unzip32.dll
2009-12-10 21:23:38 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-10 21:23:34 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-10 21:22:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-10 21:22:35 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-10 21:22:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

======List of files/folders modified in the last 1 months======

2010-01-03 19:21:13 ----RD---- C:\Program Files
2010-01-03 19:21:13 ----D---- C:\WINDOWS\Temp
2010-01-03 19:21:06 ----D---- C:\WINDOWS
2010-01-03 19:20:52 ----D---- C:\WINDOWS\Prefetch
2010-01-03 19:20:37 ----D---- C:\Download
2010-01-03 19:19:01 ----D---- C:\Program Files\Mozilla Firefox
2010-01-03 15:20:24 ----D---- C:\WINDOWS\system32\drivers
2010-01-03 14:14:49 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-03 10:38:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-03 10:38:22 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-03 00:02:28 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-01-02 23:58:29 ----D---- C:\WINDOWS\system32\config
2010-01-02 23:58:13 ----D---- C:\WINDOWS\system32\wbem
2010-01-02 23:58:12 ----D---- C:\WINDOWS\Registration
2010-01-02 23:57:53 ----D---- C:\WINDOWS\system32
2010-01-02 23:57:51 ----SHD---- C:\RECYCLER
2010-01-02 23:57:34 ----D---- C:\WINDOWS\system32\Restore
2010-01-02 23:54:08 ----D---- C:\Program Files\Internet Explorer
2010-01-02 23:01:52 ----D---- C:\WINDOWS\Help
2010-01-02 10:30:51 ----A---- C:\WINDOWS\win.ini
2009-12-31 16:57:24 ----SHD---- C:\WINDOWS\Installer
2009-12-31 16:57:23 ----HD---- C:\Config.Msi
2009-12-31 16:03:16 ----A---- C:\WINDOWS\Crypkey.ini
2009-12-31 10:11:07 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-31 10:11:06 ----HD---- C:\WINDOWS\inf
2009-12-31 10:11:06 ----D---- C:\Program Files\Common Files
2009-12-30 16:03:29 ----A---- C:\WINDOWS\wincmd.ini
2009-12-30 14:48:36 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-28 22:02:19 ----D---- C:\WINDOWS\security
2009-12-24 12:26:22 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-23 21:15:51 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-12-23 21:07:47 ----D---- C:\Program Files\Common Files\Adobe
2009-12-21 14:05:47 ----D---- C:\Program Files\Unlocker
2009-12-13 21:37:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-12 20:47:11 ----D---- C:\WINDOWS\Debug
2009-12-12 20:46:46 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2009-12-10 21:23:18 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-10 21:23:13 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-09-11 108792]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-09-11 96408]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2008-08-22 21638]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-09-11 116008]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-07-15 4407808]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 P17xfi;Sound Blaster X-Fi Xtreme Audio; C:\WINDOWS\system32\drivers\P17xfi.sys [2006-09-25 1173504]
R3 p17xfilt;p17xfilt; C:\WINDOWS\system32\drivers\p17xfilt.sys [2007-01-15 1663232]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-06-05 142336]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 adatadrv;Autodata Protection Service; C:\WINDOWS\system32\DRIVERS\adatadrv.sys [2009-07-01 762112]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys []
S3 anbvyw6c;anbvyw6c; C:\WINDOWS\system32\drivers\anbvyw6c.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys []
S3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys []
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SNTNLUSB;SafeNet USB SuperPro/UltraPro/HardwareKey; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2008-07-11 37088]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2009-09-14 223128]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-07-15 602112]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2008-05-08 122880]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-11 735960]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-21 153376]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 pqeauto.database.dbmonitor.GMG;pqeauto.database.dbmonitor.GMG; C:\Program Files\BHPS\Gmg\bin\DBMonService.exe [2009-08-23 73728]
R2 pqeauto.energy.mappermonitor;pqeauto.energy.mappermonitor; C:\Program Files\BHPS\Pmap1\bin\Map [2009-08-23 473]
R2 pqeauto.engine.tomcatmonitor.GMG;pqeauto.engine.tomcatmonitor.GMG; C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe [2009-08-23 69632]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-07-14 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-09-11 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: poprosim o preventivnu kontrolu

Napsal: 05 led 2010 08:04
od motji
Dobré ranko :)
:arrow: Tento program asi znáte - C:\Program Files\BHPS\Gmg

:arrow: jsou nějaké problémy s počítačem?

:arrow: Z mého podpisu stahněte Ccleaner
-nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner

záložka Registry
-klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy :arrow: udělat zálohu registrů - nemusíte
-kliknete opravit všechny problémy :arrow: ok :arrow: zavřít

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

Re: poprosim o preventivnu kontrolu

Napsal: 08 led 2010 22:15
od standape
dobry vecer tak uz je PC zdrave :) bolo tam hodne virov,asi som na nete klikol niekde kde som nemal :oops: a uz to islo

-C:\Program Files\BHPS\Gmg ano tento program poznam

-CCleaner pouzivam uz asi rok,super vecicka :thumbsup:

Re: poprosim o preventivnu kontrolu

Napsal: 08 led 2010 22:32
od motji
Takže jste ho čistil sám?

:arrow: Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT :!:
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Re: poprosim o preventivnu kontrolu

Napsal: 12 led 2010 20:50
od standape
Pekný večer,tak radšej vkladám log,pretože nieco našiel

Malwarebytes' Anti-Malware 1.44
Verzia databázy: 3550
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12. 1. 2010 20:48:31
mbam-log-2010-01-12 (20-48-25).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 117839
Uplynutý cas: 3 minute(s), 51 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 1
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 6

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\WINDOWS\Help\kfdtk.chm (Malware.Trace) -> No action taken.
C:\Documents and Settings\Kristina\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.
C:\WINDOWS\corpol.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\csrss.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\ctfmon.exe (Trojan.Agent) -> No action taken.

Re: poprosim o preventivnu kontrolu

Napsal: 12 led 2010 21:38
od motji
Vše smažte :)

:arrow: Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna :!:

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem

Re: poprosim o preventivnu kontrolu

Napsal: 13 led 2010 18:31
od standape
páči sa môj log:
-ale nevedel som ho spustit pod ADMIN. pretoze neviem heslo :(


ComboFix 10-01-12.05 - Kristina . 01. 2010 18:26:57.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1521 [GMT 1:00]
Running from: c:\documents and settings\Kristina\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\accwiz.exe
c:\windows\alg.exe
c:\windows\CISVC.exe
c:\windows\cleanmgr.exe
c:\windows\cmd.exe
c:\windows\cmmon32.exe
c:\windows\cmstp.exe
c:\windows\comres.dll
c:\windows\conime.exe
c:\windows\desk.cpl

.
((((((((((((((((((((((((( Files Created from 2009-12-13 to 2010-01-13 )))))))))))))))))))))))))))))))
.

2010-01-13 11:07 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 19:42 . 2010-01-12 19:42 -------- d-----w- c:\documents and settings\Kristina\Application Data\Malwarebytes
2010-01-12 19:42 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-12 19:42 . 2010-01-12 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-12 19:42 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-12 19:42 . 2010-01-12 19:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-11 15:52 . 2010-01-11 15:52 -------- d-----w- c:\documents and settings\Kristina\Local Settings\Application Data\Identities
2010-01-06 09:01 . 2010-01-06 09:01 152576 ----a-w- c:\documents and settings\Kristina\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-06 08:59 . 2010-01-06 08:59 79488 ----a-w- c:\documents and settings\Kristina\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-05 19:35 . 2010-01-05 19:35 -------- d-----w- c:\documents and settings\Kristina\Local Settings\Application Data\WMTools Downloaded Files
2010-01-03 18:21 . 2010-01-10 10:42 -------- d-----w- c:\program files\trend micro
2010-01-02 22:58 . 2010-01-02 22:58 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-02 22:57 . 2010-01-02 22:57 -------- d-----w- c:\program files\Weather Watcher Live
2010-01-02 22:57 . 2010-01-06 15:34 -------- d-----w- c:\documents and settings\Kristina\Application Data\WeatherWatcherLive
2010-01-02 22:14 . 2010-01-03 12:12 -------- d-----w- c:\documents and settings\Kristina\DoctorWeb
2010-01-02 08:48 . 2010-01-02 08:48 4 ----a-w- c:\windows\vx86036.dat
2009-12-31 15:40 . 2009-12-31 15:40 -------- d-----w- c:\documents and settings\All Users\CrypKey
2009-12-31 15:25 . 2009-12-31 15:31 -------- d--h--w- c:\program files\Zero G Registry
2009-12-31 15:09 . 2010-01-02 09:32 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-31 15:03 . 2010-01-02 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\organiser
2009-12-31 15:03 . 2008-12-01 08:06 102 ----a-w- c:\documents and settings\All Users\Application Data\organiser\StartServer.Bat
2009-12-31 15:00 . 2009-12-31 15:00 -------- d--h--w- c:\documents and settings\Kristina\InstallAnywhere
2009-12-30 19:16 . 2009-12-30 19:16 -------- d-----w- c:\program files\ESET
2009-12-30 12:18 . 2010-01-13 16:46 -------- d-----w- c:\documents and settings\Kristina\Application Data\skypePM
2009-12-30 12:18 . 2009-12-30 12:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-30 12:14 . 2010-01-13 17:21 -------- d-----w- c:\documents and settings\Kristina\Application Data\Skype
2009-12-30 12:13 . 2009-12-30 12:13 -------- d-----w- c:\program files\Common Files\Skype
2009-12-30 12:13 . 2009-12-31 15:57 -------- d-----r- c:\program files\Skype
2009-12-30 12:13 . 2009-12-30 12:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-30 12:05 . 2009-12-31 12:01 -------- d-----w- c:\documents and settings\Kristina\temp
2009-12-28 09:06 . 2009-12-28 09:06 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-12-24 15:58 . 2007-04-20 01:05 660384 ----a-r- c:\windows\system32\ChilkatUtil.dll
2009-12-24 15:58 . 2007-04-20 01:04 926624 ----a-r- c:\windows\system32\ChilkatCrypt2.dll
2009-12-24 15:58 . 2007-10-09 16:11 436736 ----a-r- c:\windows\system32\Autoserv.exe
2009-12-24 15:58 . 2007-04-20 01:04 856992 ----a-r- c:\windows\system32\ChilkatCert.dll
2009-12-24 15:54 . 2009-12-24 15:54 -------- d-----w- c:\program files\Alcohol Soft
2009-12-24 15:11 . 2008-07-11 06:05 37088 ----a-w- c:\windows\system32\drivers\SNTNLUSB.SYS
2009-12-24 15:09 . 2009-12-24 15:09 -------- d-----w- c:\windows\Downloaded Installations
2009-12-24 15:01 . 2009-07-01 14:43 762112 ----a-r- c:\windows\system32\drivers\adatadrv.sys
2009-12-20 15:16 . 2004-05-27 00:32 102400 ----a-w- c:\windows\system32\unzip32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 16:23 . 2009-08-21 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-06 09:01 . 2009-08-20 18:29 -------- d-----w- c:\program files\Java
2010-01-02 22:02 . 2004-08-04 12:00 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-12-24 11:26 . 2009-08-20 11:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-23 20:07 . 2009-08-20 18:27 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-21 13:05 . 2009-08-23 17:58 -------- d-----w- c:\program files\Unlocker
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-11 09:45 . 2009-08-25 17:16 1 ----a-w- c:\documents and settings\Kristina\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-22 14:45 . 2009-10-22 14:45 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rapget.RS"="c:\program files\RapgetRS\Rapget.RS_Public_v1.0.4.0_cz\RapgetRS.exe" [2009-06-19 1184936]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-09-15 122880]
"P17Helper"="SPIRun.dll" [2006-07-03 10752]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kristina^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Kristina\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:21 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-04-21 15:03 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:42 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector U]
2006-10-02 15:03 188416 ------w- c:\program files\Creative\MediaSource5\CTDetctu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 21:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcqu]
2006-03-08 06:56 278528 ------w- c:\program files\Creative\MediaSource5\MtdAcqu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-07-14 19:25 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\HRY\\Counter Strike Source\\hl2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 mrdd;Marvell Removable Disk Control Driver;c:\windows\system32\drivers\mrdd.sys [21. 8. 2009 9:32 18984]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11. 9. 2009 7:23 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11. 9. 2009 7:26 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11. 9. 2009 7:24 735960]
R2 pqeauto.database.dbmonitor.GMG;pqeauto.database.dbmonitor.GMG;c:\program files\BHPS\Gmg\bin\DBMonService.exe -sn"pqeauto.database.dbmonitor.GMG" -f"c:\program files\BHPS\Gmg\bin\DBMonitorCmds.ini" --> c:\program files\BHPS\Gmg\bin\DBMonService.exe -snpqeauto.database.dbmonitor.GMG [?]
R2 pqeauto.energy.mappermonitor;pqeauto.energy.mappermonitor;c:\program files\BHPS\Pmap1\bin\MapperMonService.exe -sn"pqeauto.energy.mappermonitor" -f"c:\program files\BHPS\Pmap1\bin\MapperMonitorCmds.ini" --> c:\program files\BHPS\Pmap1\bin\MapperMonService.exe -snpqeauto.energy.mappermonitor [?]
R2 pqeauto.engine.tomcatmonitor.GMG;pqeauto.engine.tomcatmonitor.GMG;c:\program files\BHPS\Gmg\bin\TomcatMonService.exe -sn"pqeauto.engine.tomcatmonitor.GMG" --> c:\program files\BHPS\Gmg\bin\TomcatMonService.exe -snpqeauto.engine.tomcatmonitor.GMG [?]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys --> c:\windows\system32\DRIVERS\mv61xx.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23. 8. 2009 20:27 721904]
S3 adatadrv;Autodata Protection Service;c:\windows\system32\drivers\adatadrv.sys [24. 12. 2009 16:01 762112]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys --> c:\windows\system32\drivers\Ambfilt.sys [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [14. 9. 2009 16:53 223128]
.
Contents of the 'Scheduled Tasks' folder

2010-01-13 c:\windows\Tasks\User_Feed_Synchronization-{03C5C9A8-FEF0-430C-B548-5D313CB396F6}.job
- c:\windows\system32\msfeedssync.exe [2009-08-20 02:31]

2010-01-13 c:\windows\Tasks\User_Feed_Synchronization-{2FA18DF2-0435-434C-8ECF-53F9C476D206}.job
- c:\windows\system32\msfeedssync.exe [2009-08-20 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\ylaa4xgw.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npImgrPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 18:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-01-13 18:30:27
ComboFix-quarantined-files.txt 2010-01-13 17:30

Pre-Run: 25 379 012 608 bytes free
Post-Run: 27 000 094 720 bytes free

- - End Of File - - 2531581755D4108F4A1567A3BDEC3AEE

Re: poprosim o preventivnu kontrolu

Napsal: 13 led 2010 22:10
od motji
:arrow: Start - ovládací panely - možnosti složky - zobrazení - odkrýt skryté a systémové soubory

:arrow: Dejte soubor otestovat na http://www.virustotal.com

c:\windows\vx86036.dat
c:\program files\BHPS\Gmg\bin\DBMonService.exe
c:\windows\system32\drivers\mrdd.sys

Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
Sem vložte link s výsledky.

Re: poprosim o preventivnu kontrolu

Napsal: 13 led 2010 22:31
od standape
prvy:

File vx86036.dat received on 2010.01.13 21:23:19 (UTC)
Current status: finished
Result: 0/40 (0.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.5.0.48 2010.01.13 -
AhnLab-V3 5.0.0.2 2010.01.13 -
AntiVir 7.9.1.134 2010.01.13 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.13 -
Avast 4.8.1351.0 2010.01.13 -
AVG 9.0.0.725 2010.01.13 -
BitDefender 7.2 2010.01.13 -
CAT-QuickHeal 10.00 2010.01.13 -
ClamAV 0.94.1 2010.01.13 -
Comodo 3572 2010.01.13 -
DrWeb 5.0.1.12222 2010.01.13 -
eSafe 7.0.17.0 2010.01.13 -
eTrust-Vet 35.2.7235 2010.01.13 -
F-Prot 4.5.1.85 2010.01.13 -
F-Secure 9.0.15370.0 2010.01.13 -
Fortinet 4.0.14.0 2010.01.13 -
GData 19 2010.01.13 -
Ikarus T3.1.1.80.0 2010.01.13 -
Jiangmin 13.0.900 2010.01.13 -
K7AntiVirus 7.10.946 2010.01.13 -
Kaspersky 7.0.0.125 2010.01.13 -
McAfee 5860 2010.01.13 -
McAfee+Artemis 5860 2010.01.13 -
McAfee-GW-Edition 6.8.5 2010.01.13 -
Microsoft 1.5302 2010.01.13 -
NOD32 4768 2010.01.13 -
Norman 6.04.03 2010.01.13 -
nProtect 2009.1.8.0 2010.01.13 -
Panda 10.0.2.2 2010.01.13 -
PCTools 7.0.3.5 2010.01.13 -
Rising 22.30.02.06 2010.01.13 -
Sophos 4.49.0 2010.01.13 -
Sunbelt 3.2.1858.2 2010.01.13 -
Symantec 20091.2.0.41 2010.01.13 -
TheHacker 6.5.0.3.149 2010.01.13 -
TrendMicro 9.120.0.1004 2010.01.13 -
VBA32 3.12.12.1 2010.01.13 -
ViRobot 2010.1.13.2134 2010.01.13 -
VirusBuster 5.0.21.0 2010.01.13 -
Additional information
File size: 4 bytes
MD5 : 8837f1b553afcad13b91a7413b85572b
SHA1 : dd57c26748d346e4b16d57697238852e63d2f4f2
SHA256: 146335417ed587af29a0dff01315b067d739f84d9f8c86c33b52f1303f0e4d4c
TrID : File type identification
Unknown!
ssdeep: -
PEiD : -
RDS : NSRL Reference Data Set
-

treti:

File E868B87528CA25AC4AA2007EB358C700B1A48CEB.sys received on 2009.06.06 21:06:58 (UTC)
Current status: finished
Result: 0/40 (0.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.06.04 -
AhnLab-V3 5.0.0.2 2009.06.05 -
AntiVir 7.9.0.180 2009.06.06 -
Antiy-AVL 2.0.3.1 2009.06.05 -
Authentium 5.1.2.4 2009.06.06 -
Avast 4.8.1335.0 2009.06.06 -
AVG 8.5.0.339 2009.06.06 -
BitDefender 7.2 2009.06.06 -
CAT-QuickHeal 10.00 2009.06.06 -
ClamAV 0.94.1 2009.06.06 -
Comodo 1203 2009.06.06 -
DrWeb 5.0.0.12182 2009.06.06 -
eSafe 7.0.17.0 2009.06.04 -
eTrust-Vet 31.6.6542 2009.06.05 -
F-Prot 4.4.4.56 2009.06.06 -
F-Secure 8.0.14470.0 2009.06.05 -
Fortinet 3.117.0.0 2009.06.06 -
GData 19 2009.06.06 -
Ikarus T3.1.1.59.0 2009.06.06 -
K7AntiVirus 7.10.754 2009.06.04 -
Kaspersky 7.0.0.125 2009.06.06 -
McAfee 5638 2009.06.06 -
McAfee+Artemis 5638 2009.06.06 -
McAfee-GW-Edition 6.7.6 2009.06.06 -
Microsoft 1.4701 2009.06.06 -
NOD32 4135 2009.06.06 -
Norman 2009.06.05 -
nProtect 2009.1.8.0 2009.06.06 -
Panda 10.0.0.14 2009.06.06 -
PCTools 4.4.2.0 2009.06.06 -
Prevx 3.0 2009.06.06 -
Rising 21.32.52.00 2009.06.06 -
Sophos 4.42.0 2009.06.06 -
Sunbelt 3.2.1858.2 2009.06.06 -
Symantec 1.4.4.12 2009.06.06 -
TheHacker 6.3.4.3.340 2009.06.05 -
TrendMicro 8.950.0.1092 2009.06.06 -
VBA32 3.12.10.6 2009.06.06 -
ViRobot 2009.6.5.1771 2009.06.05 -
VirusBuster 4.6.5.0 2009.06.06 -
Additional information
File size: 18984 bytes
MD5 : ceb34fd9036a4b5fe3df560992408366
SHA1 : 8dd17f6a541297c36fdb6bf417f08ec7812ff578
SHA256: b3c262be98b267765224bbe3119dc9bbc753eca06851d24e3f25c27422241e41
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x513C
timedatestamp.....: 0x491A7B4D (Wed Nov 12 07:44:29 2008)
machinetype.......: 0x14C (Intel I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xFDA 0x1000 6.00 c15f16faf936be16179b48f613726f12
.rdata 0x2000 0x100 0x200 2.60 b70b9bc9a14344ba8bc1f6f0aaa4f84a
.data 0x3000 0x18 0x200 0.22 be5026f9122792697ac6b9d0e4597f4b
PAGE 0x4000 0x9A3 0xA00 5.85 9594e22213edfc23ace7e06f09e8cd35
INIT 0x5000 0x588 0x600 5.38 e2487b5f88d8f064f57649114fac8251
.rsrc 0x6000 0x3E8 0x400 3.23 00549a706723e3acc41eac68fdbce654
.reloc 0x7000 0x27C 0x400 3.18 bd671e9fdd86b2b13bcddd42def14937

( 2 imports )

> hal.dll: KeGetCurrentIrql
> ntoskrnl.exe: IoCreateDevice, RtlInitUnicodeString, DbgPrint, IoInitializeRemoveLockEx, IoDeleteSymbolicLink, IoAttachDeviceToDeviceStack, swprintf, ObfDereferenceObject, IoGetAttachedDeviceReference, IoIsWdmVersionAvailable, IofCompleteRequest, IoReleaseRemoveLockEx, IofCallDriver, IoAcquireRemoveLockEx, IoDetachDevice, IoReleaseRemoveLockAndWaitEx, IoCreateSymbolicLink, KeInitializeEvent, RtlAssert, KeSetEvent, PoCallDriver, PoStartNextPowerIrp, IoBuildDeviceIoControlRequest, IoFreeIrp, IoAllocateIrp, memset, IoGetDeviceObjectPointer, strncmp, KeTickCount, KeBugCheckEx, KeWaitForSingleObject, IoDeleteDevice

( 0 exports )
TrID : File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
ssdeep: 384:bfpojE6SiQpu3g3/D+PGzf3jFwR8jZYJLWd6jBzbWW:bfpQqCPGLWpLAmNbZ
PEiD : -
RDS : NSRL Reference Data Set

druhy:

File DBMonService.exe received on 2009.04.24 11:34:54 (UTC)
Current status: finished
Result: 0/40 (0.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.04.24 -
AhnLab-V3 5.0.0.2 2009.04.24 -
AntiVir 7.9.0.155 2009.04.24 -
Antiy-AVL 2.0.3.1 2009.04.24 -
Authentium 5.1.2.4 2009.04.23 -
Avast 4.8.1335.0 2009.04.23 -
AVG 8.5.0.287 2009.04.24 -
BitDefender 7.2 2009.04.24 -
CAT-QuickHeal 10.00 2009.04.23 -
ClamAV 0.94.1 2009.04.24 -
Comodo 1130 2009.04.23 -
DrWeb 4.44.0.09170 2009.04.24 -
eSafe 7.0.17.0 2009.04.23 -
eTrust-Vet 31.6.6474 2009.04.24 -
F-Prot 4.4.4.56 2009.04.23 -
F-Secure 8.0.14470.0 2009.04.24 -
Fortinet 3.117.0.0 2009.04.24 -
GData 19 2009.04.24 -
Ikarus T3.1.1.49.0 2009.04.24 -
K7AntiVirus 7.10.714 2009.04.23 -
Kaspersky 7.0.0.125 2009.04.24 -
McAfee 5594 2009.04.23 -
McAfee+Artemis 5594 2009.04.23 -
McAfee-GW-Edition 6.7.6 2009.04.24 -
Microsoft 1.4602 2009.04.24 -
NOD32 4033 2009.04.24 -
Norman 6.00.06 2009.04.24 -
nProtect 2009.1.8.0 2009.04.24 -
Panda 10.0.0.14 2009.04.23 -
PCTools 4.4.2.0 2009.04.23 -
Prevx1 3.0 2009.04.24 -
Rising 21.26.43.00 2009.04.24 -
Sophos 4.41.0 2009.04.24 -
Sunbelt 3.2.1858.2 2009.04.24 -
Symantec 1.4.4.12 2009.04.24 -
TheHacker 6.3.4.0.313 2009.04.24 -
TrendMicro 8.700.0.1004 2009.04.23 -
VBA32 3.12.10.3 2009.04.24 -
ViRobot 2009.4.24.1708 2009.04.24 -
VirusBuster 4.6.5.0 2009.04.23 -
Additional information
File size: 73728 bytes
MD5 : eeb28f7b0b85dcf8b83e20aed7ed8417
SHA1 : d69611723dfb443028a938d8de0da04995dbbe07
SHA256: da3392563e01ea7447987cfdb7571431f05c956fef2c2bb6b8d45665d9ae3171
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x29EF
timedatestamp.....: 0x42667670 (Wed Apr 20 17:34:08 2005)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x90BE 0xA000 6.24 010403fab8af89f40eb709e725097112
.rdata 0xB000 0x1700 0x2000 4.26 536c6952afd26461d0c52e4ac4f13118
.data 0xD000 0x85C4 0x4000 1.43 607dbd1b2decfc80148653711bf48875
.rsrc 0x16000 0x4B0 0x1000 1.19 e8468d1389462456ab639b79a8c956f0

( 2 imports )

> advapi32.dll: RegCloseKey, OpenServiceW, OpenSCManagerW, CreateServiceW, DeleteService, SetServiceStatus, RegisterServiceCtrlHandlerW, CloseServiceHandle, StartServiceCtrlDispatcherW
> kernel32.dll: GetSystemDirectoryA, FreeLibrary, GetModuleFileNameA, VirtualQuery, GetVersion, GetWindowsDirectoryA, GetModuleHandleA, SetLastError, InterlockedExchange, CompareStringA, Sleep, WaitForSingleObject, TerminateProcess, LoadLibraryA, FlushInstructionCache, EnumSystemLocalesA, GetStartupInfoA, GetCommandLineA, ExitProcess, HeapFree, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, HeapAlloc, IsValidLocale, GetLocaleInfoA, GetCommandLineW, GetUserDefaultLCID, GetVersionExA, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsGetValue, GetLastError, GetCurrentProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, RtlUnwind, WriteFile, SetFilePointer, InterlockedDecrement, InterlockedIncrement, GetStringTypeA, VirtualAlloc, HeapReAlloc, GetACP, GetOEMCP, SetStdHandle, LCMapStringA, FlushFileBuffers, CloseHandle, GlobalAlloc

( 0 exports )
TrID : File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
ssdeep: 768:vtPPrcBM1HJf/HD+WObuCDTmqwYPrPLFqI/UtoreBdkFYL20BcnFmJ:lPDcypHD+WOqCDTDw8rvJodkCL2aSFY
PEiD : Armadillo v1.71
RDS : NSRL Reference Data Set
-

Re: poprosim o preventivnu kontrolu

Napsal: 13 led 2010 23:18
od motji
:arrow: Ještě prosím otestujte na www.virustotal.com
c:\windows\system32\drivers\ndis.sys

:arrow: Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT :!:
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem

Re: poprosim o preventivnu kontrolu

Napsal: 14 led 2010 17:11
od standape
subor ndis

File ndis.sys received on 2010.01.13 10:33:38 (UTC)
Current status: finished
Result: 0/41 (0.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.5.0.48 2010.01.13 -
AhnLab-V3 5.0.0.2 2010.01.12 -
AntiVir 7.9.1.134 2010.01.13 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.12 -
Avast 4.8.1351.0 2010.01.12 -
AVG 9.0.0.725 2010.01.13 -
BitDefender 7.2 2010.01.13 -
CAT-QuickHeal 10.00 2010.01.13 -
ClamAV 0.94.1 2010.01.13 -
Comodo 3567 2010.01.13 -
DrWeb 5.0.1.12222 2010.01.13 -
eSafe 7.0.17.0 2010.01.12 -
eTrust-Vet 35.2.7234 2010.01.13 -
F-Prot 4.5.1.85 2010.01.12 -
F-Secure 9.0.15370.0 2010.01.13 -
Fortinet 4.0.14.0 2010.01.13 -
GData 19 2010.01.13 -
Ikarus T3.1.1.80.0 2010.01.13 -
Jiangmin 13.0.900 2010.01.13 -
K7AntiVirus 7.10.944 2010.01.11 -
Kaspersky 7.0.0.125 2010.01.13 -
McAfee 5859 2010.01.12 -
McAfee+Artemis 5859 2010.01.12 -
McAfee-GW-Edition 6.8.5 2010.01.13 -
Microsoft 1.5302 2010.01.13 -
NOD32 4766 2010.01.13 -
Norman 6.04.03 2010.01.13 -
nProtect 2009.1.8.0 2010.01.13 -
Panda 10.0.2.2 2010.01.12 -
PCTools 7.0.3.5 2010.01.13 -
Prevx 3.0 2010.01.13 -
Rising 22.30.02.06 2010.01.13 -
Sophos 4.49.0 2010.01.13 -
Sunbelt 3.2.1858.2 2010.01.13 -
Symantec 20091.2.0.41 2010.01.13 -
TheHacker 6.5.0.3.148 2010.01.13 -
TrendMicro 9.120.0.1004 2010.01.13 -
VBA32 3.12.12.1 2010.01.13 -
ViRobot 2010.1.13.2134 2010.01.13 -
VirusBuster 5.0.21.0 2010.01.12 -
Additional information
File size: 182656 bytes
MD5 : 1df7f42665c94b825322fae71721130d
SHA1 : b8e7cce36011313b3b908c7ebfa598057847d340
SHA256: fe0dcb728471465b39a42a7511f4133021fba5df88f88bcb5fe2ff34cfd713f9
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x39105
timedatestamp.....: 0x48025D03 (Sun Apr 13 21:20:35 2008)
machinetype.......: 0x14C (Intel I386)

( 16 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0x56F9 0x5700 6.41 96ae3e7d4b54cdd29c0de009162eef7e
.rdata 0x5B80 0x504 0x580 5.20 041d70cc3aed48578be848dc47e39316
.data 0x6100 0xA78 0xA80 0.87 bac7845573b70c4539c4af447cb1bb75
PAGENPNP 0x6B80 0xEC0B 0xEC80 6.46 789cb7199349e9c83c0df68913fc68e4
PAGENDSP 0x15800 0x35BC 0x3600 6.37 db6587f00f71f77e939f18bfef43316f
PAGENDSM 0x18E00 0x5CCC 0x5D00 6.46 6d72571c2cc585816e8c40c7d955c3ba
PAGENDCO 0x1EB00 0x25DD 0x2600 6.37 488075e753b6887aa84713da3e15909a
PAGENDSF 0x21100 0x18DA 0x1900 6.35 c353c4eca24461e7f063cc3ff2d42ddb
PAGENDSE 0x22A00 0x12A4 0x1300 6.27 98988eaa9cee24a419c2b2f3c43ab1ae
PAGENDST 0x23D00 0xD7D 0xD80 6.49 f984580405adf4a4bddefea5c5fa137b
PAGENDSA 0x24A80 0x10C6 0x1100 6.37 10d5f5ea54fc04f6ff9ad1f9fb7ec70a
.edata 0x25B80 0x2559 0x2580 5.52 4e9be9ea659f7cea15058825f12b52f8
PAGE 0x28100 0xF98 0x1000 5.35 e490c30bdc097229eb86dd0e1b45b3a0
INIT 0x29100 0x1D14 0x1D80 6.01 c9cd4b5a9abf37c2b10a60181a3f2e15
.rsrc 0x2AE80 0x3E0 0x400 3.36 031b20e15238ac104a8c5cf753f0522c
.reloc 0x2B280 0x16F0 0x1700 6.75 8d90c4c92326950ec06264028062bbc6

( 0 imports )


( 0 exports )
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx ... e71721130d
ssdeep: 3072:5OEyDbo4nlAaz0FDUR0xwhY0Tj8qf9g7H/EOlvbdTBITTPDsxa6U:hSzkD+0yK0Uqf2dBSEa
PEiD : -
RDS : NSRL Reference Data Set

dalsi log:

Malwarebytes' Anti-Malware 1.44
Verzia databázy: 3562
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14. 1. 2010 18:05:33
mbam-log-2010-01-14 (18-05-26).txt

Typ kontroly: Úplná (C:\|D:\|)
Objektov kontrolovaných: 272280
Uplynutý cas: 42 minute(s), 49 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 3

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\System Volume Information\_restore{B6F6AA67-41B4-446C-9DCA-BE0C46F348FC}\RP4\A0000504.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{B6F6AA67-41B4-446C-9DCA-BE0C46F348FC}\RP4\A0000569.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{B6F6AA67-41B4-446C-9DCA-BE0C46F348FC}\RP4\A0000669.sys (Malware.Trace) -> No action taken.

Re: poprosim o preventivnu kontrolu

Napsal: 14 led 2010 21:21
od motji
Co našel mbam, smažte.
Jak to vypadá s počítačem?

Re: poprosim o preventivnu kontrolu

Napsal: 17 led 2010 10:55
od standape
pocitac vyzera byt vporiadku,ale ako je mozne ze ich NOD vobec nezachytil?je to zaujimave,ale dakujem velmi pekne za vas cas :)

este mam na ploche Combofix,co stym?
Všechny časy jsou v UTC+01:00
Stránka 1 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz