Chyba komunikace s jádrem NOD32
Napsal: 23 úno 2010 19:02
Zdravím, mam stejny problem jako tento člověk.. http://www.viry.cz/forum/viewtopic.php?f=13&t=81188 , přečetl jsem si co delat .. a dovoluji si tu poslat log z programu combo fix... snad sem něco neudělal špatně s tim topicem, jestli jo tak se omlouvam.. diky za odpověd
ComboFix 10-02-22.07 - Miza 23.02.2010 18:37:31.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1700 [GMT 1:00]
Spuštěný z: c:\documents and settings\Miza\Plocha\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\system32\ieuinit.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-23 do 2010-02-23 )))))))))))))))))))))))))))))))
.
2010-02-23 17:14 . 2010-02-23 17:14 -------- d-----w- c:\program files\Common Files\Java
2010-02-23 17:14 . 2010-02-23 17:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-23 17:14 . 2010-02-23 17:14 -------- d-----w- c:\program files\Java
2010-02-23 16:39 . 2010-02-23 17:20 -------- d-----w- c:\program files\ESET
2010-02-17 19:49 . 2010-02-21 17:54 -------- d---a-w- C:\mc9demo
2010-02-17 18:48 . 2010-02-17 18:48 10399187 ----a-w- C:\mc9demo.zip
2010-02-15 15:12 . 2010-02-15 15:12 -------- d-sh--w- c:\documents and settings\Miza\Phone Browser
2010-02-15 15:00 . 2004-08-03 22:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-02-15 15:00 . 2004-08-03 22:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-02-15 15:00 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-02-15 14:58 . 2010-02-15 14:58 -------- d-----w- c:\program files\Common Files\PCSuite
2010-02-11 03:16 . 2010-02-11 03:16 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-02-04 16:46 . 2010-02-04 16:46 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-02-04 16:45 . 2010-02-04 16:45 12454472 ----a-w- c:\program files\TeamSpeak3-Client-win32-3.0.0-beta13.exe
2010-02-02 18:42 . 2010-02-02 18:42 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-02 13:55 . 2010-02-02 13:55 -------- d-----w- c:\program files\MP4 Player
2010-02-02 13:55 . 2010-02-02 13:55 -------- d-----w- c:\program files\Conduit
2010-02-02 13:55 . 2010-02-02 13:55 -------- d-----w- c:\program files\Brothersoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-23 16:00 . 2009-08-24 14:36 -------- d-----w- c:\program files\HLSW
2010-02-23 14:49 . 2009-08-24 14:24 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-23 14:48 . 2009-08-24 14:24 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-23 14:26 . 2009-12-12 14:11 -------- d-----w- c:\program files\Garena
2010-02-23 14:24 . 2009-08-21 13:13 -------- d-----w- c:\program files\Warcraft III
2010-02-23 13:30 . 2009-10-16 06:23 -------- d-----w- c:\program files\škola
2010-02-22 17:33 . 2009-10-04 13:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-19 11:53 . 2009-08-24 14:00 -------- d-----w- c:\program files\Xfire
2010-02-15 21:30 . 2009-08-24 15:14 -------- d-----w- c:\program files\mIRC
2010-02-15 15:01 . 2001-10-25 12:00 47206 ----a-w- c:\windows\system32\perfc005.dat
2010-02-15 15:01 . 2001-10-25 12:00 312970 ----a-w- c:\windows\system32\perfh005.dat
2010-02-15 15:00 . 2010-02-15 15:00 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-02-15 15:00 . 2010-02-15 15:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-02-15 14:58 . 2010-02-15 14:58 -------- d-----w- c:\program files\Common Files\Nokia
2010-02-15 14:58 . 2010-02-15 14:57 -------- d-----w- c:\program files\Nokia
2010-02-15 14:57 . 2010-02-15 14:57 -------- d-----w- c:\program files\DIFX
2010-02-15 14:57 . 2010-02-15 14:57 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-11 14:27 . 2009-08-21 10:58 -------- d-----w- c:\program files\VIA
2010-01-09 13:30 . 2010-01-03 15:53 56320 ----a-w- c:\program files\zdroj.xls
2010-01-07 18:50 . 2010-01-07 16:37 -------- d-----w- c:\program files\PokerStars
2009-12-31 16:14 . 2004-08-03 22:14 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 08:34 . 2009-08-24 13:34 -------- d-----w- c:\program files\ICQ6.5
2009-12-28 13:37 . 2009-09-15 12:40 -------- d-----w- c:\program files\World of Warcraft23
2009-12-22 05:42 . 2004-08-17 14:49 663040 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-17 14:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-17 08:00 . 2009-08-21 10:44 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:37 . 2004-08-17 14:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-12 14:02 . 2009-08-21 13:16 131059 ----a-w- c:\windows\War3Unin.dat
2009-12-09 10:28 . 2004-08-17 14:45 2138112 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:28 . 2004-08-17 15:45 2017792 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2004-08-03 22:15 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:35 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:35 . 2004-08-17 14:49 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:40 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:40 . 2004-08-17 14:49 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:40 . 2004-08-17 14:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:40 . 2001-10-25 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:40 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-08-24 13:44 . 2009-08-24 13:44 1336832 ----a-w- c:\program files\ventrilo-2.1.4-Windows-i386.exe
2009-08-24 13:40 . 2009-08-24 13:40 5862994 ----a-w- c:\program files\ts2_client_rc2_2032.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBrot.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
2009-12-31 10:53 2349080 ----a-w- c:\program files\Brothersoft\tbBrot.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBrot.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}"= "c:\program files\Brothersoft\tbBrot.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-24 39408]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
"MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2008-11-06 772096]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"Security Antivirus"="c:\documents and settings\All Users\Data aplikací\074673a\SA0746.exe" [2010-02-23 5795328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-01 33624064]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Miza\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-2-11 3207056]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Aktualizovat ESET licenci.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [2009-12-10 125952]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\fotbal\\Pes2010 Crack - CrazyCoder\\Crack\\pes2010.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\074673a\\SA0746.exe"=
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [24.8.2009 14:34 222456]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [21.8.2009 11:58 1358720]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.8.2009 17:53 721904]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Miza\LOCALS~1\Temp\XAE78B.tmp --> c:\docume~1\Miza\LOCALS~1\Temp\XAE78B.tmp [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2463487
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {00A71DE5-1B91-41BD-B06D-8C11A79BAFAA} = 212.71.186.249
FF - ProfilePath - c:\documents and settings\Miza\Data aplikací\Mozilla\Firefox\Profiles\qr9udqg6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&q=
FF - component: c:\documents and settings\Miza\Data aplikací\Mozilla\Firefox\Profiles\qr9udqg6.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Miza\Data aplikací\Mozilla\Firefox\Profiles\qr9udqg6.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Miza\Data aplikací\Mozilla\Firefox\Profiles\qr9udqg6.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\components\RadioWMPCore.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-23 18:39
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Miza\LOCALS~1\Temp\XAE78B.tmp"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-23 18:40:35
ComboFix-quarantined-files.txt 2010-02-23 17:40
Před spuštěním: Volných bajtů: 304 614 838 272
Po spuštění: Volných bajtů: 306 832 347 136
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 440F243D7AD3D1A8F3A62BC91DA8CADD
ComboFix 10-02-22.07 - Miza 23.02.2010 18:37:31.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1700 [GMT 1:00]
Spuštěný z: c:\documents and settings\Miza\Plocha\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\system32\ieuinit.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-23 do 2010-02-23 )))))))))))))))))))))))))))))))
.
2010-02-23 17:14 . 2010-02-23 17:14 -------- d-----w- c:\program files\Common Files\Java
2010-02-23 17:14 . 2010-02-23 17:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-23 17:14 . 2010-02-23 17:14 -------- d-----w- c:\program files\Java
2010-02-23 16:39 . 2010-02-23 17:20 -------- d-----w- c:\program files\ESET
2010-02-17 19:49 . 2010-02-21 17:54 -------- d---a-w- C:\mc9demo
2010-02-17 18:48 . 2010-02-17 18:48 10399187 ----a-w- C:\mc9demo.zip
2010-02-15 15:12 . 2010-02-15 15:12 -------- d-sh--w- c:\documents and settings\Miza\Phone Browser
2010-02-15 15:00 . 2004-08-03 22:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-02-15 15:00 . 2004-08-03 22:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-02-15 15:00 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-02-15 14:58 . 2010-02-15 14:58 -------- d-----w- c:\program files\Common Files\PCSuite
2010-02-11 03:16 . 2010-02-11 03:16 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-02-04 16:46 . 2010-02-04 16:46 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-02-04 16:45 . 2010-02-04 16:45 12454472 ----a-w- c:\program files\TeamSpeak3-Client-win32-3.0.0-beta13.exe
2010-02-02 18:42 . 2010-02-02 18:42 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-02 13:55 . 2010-02-02 13:55 -------- d-----w- c:\program files\MP4 Player
2010-02-02 13:55 . 2010-02-02 13:55 -------- d-----w- c:\program files\Conduit
2010-02-02 13:55 . 2010-02-02 13:55 -------- d-----w- c:\program files\Brothersoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-23 16:00 . 2009-08-24 14:36 -------- d-----w- c:\program files\HLSW
2010-02-23 14:49 . 2009-08-24 14:24 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-23 14:48 . 2009-08-24 14:24 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-23 14:26 . 2009-12-12 14:11 -------- d-----w- c:\program files\Garena
2010-02-23 14:24 . 2009-08-21 13:13 -------- d-----w- c:\program files\Warcraft III
2010-02-23 13:30 . 2009-10-16 06:23 -------- d-----w- c:\program files\škola
2010-02-22 17:33 . 2009-10-04 13:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-19 11:53 . 2009-08-24 14:00 -------- d-----w- c:\program files\Xfire
2010-02-15 21:30 . 2009-08-24 15:14 -------- d-----w- c:\program files\mIRC
2010-02-15 15:01 . 2001-10-25 12:00 47206 ----a-w- c:\windows\system32\perfc005.dat
2010-02-15 15:01 . 2001-10-25 12:00 312970 ----a-w- c:\windows\system32\perfh005.dat
2010-02-15 15:00 . 2010-02-15 15:00 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-02-15 15:00 . 2010-02-15 15:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-02-15 14:58 . 2010-02-15 14:58 -------- d-----w- c:\program files\Common Files\Nokia
2010-02-15 14:58 . 2010-02-15 14:57 -------- d-----w- c:\program files\Nokia
2010-02-15 14:57 . 2010-02-15 14:57 -------- d-----w- c:\program files\DIFX
2010-02-15 14:57 . 2010-02-15 14:57 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-11 14:27 . 2009-08-21 10:58 -------- d-----w- c:\program files\VIA
2010-01-09 13:30 . 2010-01-03 15:53 56320 ----a-w- c:\program files\zdroj.xls
2010-01-07 18:50 . 2010-01-07 16:37 -------- d-----w- c:\program files\PokerStars
2009-12-31 16:14 . 2004-08-03 22:14 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 08:34 . 2009-08-24 13:34 -------- d-----w- c:\program files\ICQ6.5
2009-12-28 13:37 . 2009-09-15 12:40 -------- d-----w- c:\program files\World of Warcraft23
2009-12-22 05:42 . 2004-08-17 14:49 663040 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-17 14:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-17 08:00 . 2009-08-21 10:44 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:37 . 2004-08-17 14:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-12 14:02 . 2009-08-21 13:16 131059 ----a-w- c:\windows\War3Unin.dat
2009-12-09 10:28 . 2004-08-17 14:45 2138112 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:28 . 2004-08-17 15:45 2017792 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2004-08-03 22:15 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:35 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:35 . 2004-08-17 14:49 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:40 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:40 . 2004-08-17 14:49 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:40 . 2004-08-17 14:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:40 . 2001-10-25 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:40 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-08-24 13:44 . 2009-08-24 13:44 1336832 ----a-w- c:\program files\ventrilo-2.1.4-Windows-i386.exe
2009-08-24 13:40 . 2009-08-24 13:40 5862994 ----a-w- c:\program files\ts2_client_rc2_2032.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBrot.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
2009-12-31 10:53 2349080 ----a-w- c:\program files\Brothersoft\tbBrot.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBrot.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}"= "c:\program files\Brothersoft\tbBrot.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-24 39408]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
"MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2008-11-06 772096]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"Security Antivirus"="c:\documents and settings\All Users\Data aplikací\074673a\SA0746.exe" [2010-02-23 5795328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-01 33624064]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Miza\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-2-11 3207056]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Aktualizovat ESET licenci.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [2009-12-10 125952]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\fotbal\\Pes2010 Crack - CrazyCoder\\Crack\\pes2010.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\074673a\\SA0746.exe"=
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [24.8.2009 14:34 222456]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [21.8.2009 11:58 1358720]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.8.2009 17:53 721904]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Miza\LOCALS~1\Temp\XAE78B.tmp --> c:\docume~1\Miza\LOCALS~1\Temp\XAE78B.tmp [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2463487
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {00A71DE5-1B91-41BD-B06D-8C11A79BAFAA} = 212.71.186.249
FF - ProfilePath - c:\documents and settings\Miza\Data aplikací\Mozilla\Firefox\Profiles\qr9udqg6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&q=
FF - component: c:\documents and settings\Miza\Data aplikací\Mozilla\Firefox\Profiles\qr9udqg6.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Miza\Data aplikací\Mozilla\Firefox\Profiles\qr9udqg6.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Miza\Data aplikací\Mozilla\Firefox\Profiles\qr9udqg6.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\components\RadioWMPCore.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-23 18:39
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Miza\LOCALS~1\Temp\XAE78B.tmp"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-23 18:40:35
ComboFix-quarantined-files.txt 2010-02-23 17:40
Před spuštěním: Volných bajtů: 304 614 838 272
Po spuštění: Volných bajtů: 306 832 347 136
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 440F243D7AD3D1A8F3A62BC91DA8CADD
