Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Kontrolu logu,prosím.blokování ip adres.

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
pekka
Návštěvník
Návštěvník
Příspěvky: 13
Registrován: 01 led 2009 17:30

Kontrolu logu,prosím.blokování ip adres.

#1 Příspěvek od pekka »

Můžu prosit o pomoc.antivir mi stále píše že blokuje nějakou IP adresu.Stále stejnou a furt dokola.Jinak snad vše ok. Dík :wink:


tady je log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:56:58, on 4.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\JetMailMonitor\JetMM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\windows\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\windows\System32\svchost.exe
C:\windows\system32\oodag.exe
C:\windows\system32\IoctlSvc.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Peca\Dokumenty\Stažené soubory\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15187&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Aktualizovat ESET licenci.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: jetMailMonitor.lnk = C:\Program Files\JetMailMonitor\JetMM.exe
O8 - Extra context menu item: Načítať použitie &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\windows\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{B453E1A4-8965-4DD6-91DF-B3D4AC1EF8B5}: NameServer = 195.146.100.100,195.146.100.5
O20 - Winlogon Notify: 7cb80ab3863 - C:\windows\System32\d3dx9_3532.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus - Unknown owner - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\windows\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\windows\system32\IoctlSvc.exe

--
End of file - 7644 bytes
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Kontrolu logu,prosím.blokování ip adres.

#2 Příspěvek od Unlimited_Killer »

Dobrý večer. :welcome:

1) ComboFix
  • Stáhněte a uložte na Plochu ComboFix.
  • Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
  • Spusťte ho s administrátorským oprávněním.
  • Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'.
  • Budete také dotázáni na instalaci konzole pro zotavení, taktéž klikněte na 'Ano'.
  • Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat.
  • Váš PC bude pravděpodobně restartován, tak se toho nelekněte.
  • Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
  • Po skončení skenu (či následném restartu) na Vás 'vypadne' log, který vkopírujete ve formě textu sem.
  • Pokud žádný log 'nevypadne', naleznete jej v umístění C:\ComboFix.txt
inactive
Nahoru
pekka
Návštěvník
Návštěvník
Příspěvky: 13
Registrován: 01 led 2009 17:30

Re: Kontrolu logu,prosím.blokování ip adres.

#3 Příspěvek od pekka »

Zdravím,zde log z Combofix:

ComboFix 10-04-03.02 - Peca 04.04.2010 20:27:03.6.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.768.440 [GMT 2:00]
Spuštěný z: c:\documents and settings\Peca\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AppPatch\AcAdProc.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-04 do 2010-04-04 )))))))))))))))))))))))))))))))
.

2010-04-02 20:20 . 2010-04-02 20:20 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-02 20:15 . 2010-04-04 08:22 -------- d-----w- c:\program files\Lavasoft
2010-04-01 18:19 . 2010-04-01 18:17 390144 ----a-w- c:\windows\system32\CF21366.exe
2010-03-27 17:01 . 2010-03-27 17:08 -------- d-----w- c:\program files\Speed Video Splitter
2010-03-27 17:00 . 2010-03-27 17:00 119296 ----a-w- c:\windows\system32\d3dx9_3532.dll
2010-03-27 17:00 . 2010-03-27 17:00 201216 ----a-w- c:\documents and settings\Peca\file234.exe
2010-03-27 13:00 . 2010-03-27 13:00 -------- d-----w- c:\program files\Electronic Arts
2010-03-26 17:04 . 2010-03-26 18:51 -------- d-----w- c:\windows\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-04 16:22 . 2006-10-17 16:42 -------- d-----w- c:\program files\TRANSLAT
2010-04-04 16:18 . 2006-05-06 11:54 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-04 15:07 . 2005-07-22 18:02 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-28 14:53 . 2001-09-20 12:00 82656 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 14:53 . 2001-09-20 12:00 438014 ----a-w- c:\windows\system32\perfh005.dat
2010-03-27 12:54 . 2005-02-07 12:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-27 12:22 . 2009-07-08 06:36 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-03-26 19:21 . 2005-04-30 07:25 3591 ----a-w- c:\windows\im32st.dat
2010-03-01 23:01 . 2010-03-01 23:01 7669343 ----a-w- c:\documents and settings\Peca\setup.exe
2010-02-28 08:39 . 2010-02-28 08:39 -------- d-----w- c:\program files\Atari
2010-02-27 21:02 . 2009-01-04 20:31 -------- d-----w- c:\program files\ESET
2010-02-27 11:58 . 2010-02-27 11:29 -------- d-----w- c:\program files\Deep Silver
2010-02-11 19:28 . 2005-02-07 13:09 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-08 19:36 . 2010-02-08 19:05 -------- d-----w- c:\program files\MSECache
2009-12-29 20:17 . 2009-01-10 20:44 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-12-29 20:17 . 2009-01-10 20:44 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-12-29 20:17 . 2009-01-10 20:44 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-12-29 20:17 . 2009-01-10 20:44 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-12-29 20:17 . 2009-01-10 20:44 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-01-15 19:22 . 2005-05-01 12:44 11690 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-09-13 22880040]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2004-10-27 1465344]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-16 148888]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Aktualizovat ESET licenci.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [2009-10-3 125952]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
jetMailMonitor.lnk - c:\program files\JetMailMonitor\JetMM.exe [2006-5-6 651264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\7cb80ab3863]
2010-03-27 17:00 119296 ----a-w- c:\windows\system32\d3dx9_3532.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^Peca^Nabídka Start^Programy^Po spuštění^Reminder-cor40212.lnk]
backup=c:\windows\pss\Reminder-cor40212.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
2002-12-06 15:07 617984 ----a-w- c:\program files\ASUS\Probe\AsusProb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-12-26 16:13 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DTHAR_MrTimer"=c:\program files\MrTimer\MT.exe MIN
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"OODefragTray"=c:\windows\system32\oodtray.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IronWare Communication\\IW FTPort Client\\Cftp32.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15500:TCP"= 15500:TCP:BitComet 15500 TCP
"15500:UDP"= 15500:UDP:BitComet 15500 UDP
"19238:TCP"= 19238:TCP:BitComet 19238 TCP
"19238:UDP"= 19238:UDP:BitComet 19238 UDP

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.12.2005 18:58 717296]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 10:04 34312]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2.4.2010 22:20 95024]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 7:51 277736]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 9:21 468224]
S1 atitray;atitray;\??\c:\program files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.sys --> c:\program files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.sys [?]
S1 eb9f1420;eb9f1420;c:\windows\system32\drivers\eb9f1420.sys --> c:\windows\system32\drivers\eb9f1420.sys [?]
S2 Norton AntiVirus;Norton AntiVirus;"c:\program files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton AntiVirus" /m "c:\program files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 ate_procmon;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\Peca\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Peca\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbdriver.sys [24.1.2007 21:15 13824]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [13.6.2006 18:15 223128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.ask.com?o=15187&l=dis
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Načítať použitie &BitSpirit - c:\program files\BitSpirit\bsurl.htm
TCP: {B453E1A4-8965-4DD6-91DF-B3D4AC1EF8B5} = 195.146.100.100,195.146.100.5
FF - ProfilePath - c:\documents and settings\Peca\Data aplikací\Mozilla\Firefox\Profiles\g0dbaads.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL -

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe
AddRemove-123MVB - c:\documents and settings\All Users\Nabídka Start\Programy\Spořiče obrazovky\123MVB\123MVB.scr
AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-PC Translator - c:\windows\UN32.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-04 20:35
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spzo.sys >>UNKNOWN [0x83B7A938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7572f28
\Driver\ACPI -> ACPI.sys @ 0xf73cdcb8
\Driver\atapi -> atapi.sys @ 0xf7362b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
NDIS: VIA Compatible Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7258bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7265a21
SendHandler -> NDIS.sys @ 0xf724387b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1177238915-706699826-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5FE33608-D84A-4853-0DC49CB45BA83A21}\{2DF15E09-2D8E-263A-CC028FD0118C14A8}\{3FB2B7AB-9135-F57A-39603C4B0F4DA6E9}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1"=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CD33F05B-57D8-EB8D-1C637C8E18479BDE}\{4B66B287-DF55-8BF6-0C7A245C073DF874}\{2B094E66-D192-13E4-CB3BD0799FCAC2FC}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1"=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="753C5022677EFC88A1011E1CCD76B0D756E2336BF7609FC8F892E7C7FDBA078BBE21896123CF4345914201D6648CE4CB52A8D5C4DA599500596676DD6C8A47AA506957984ADF43F1DC7EDEE1450F735996E69F7067E78ED7D301E71CEB000BF5BC019B46FDED5F0637B06456C49E9A5F9D4A2AC2C7AECAB7C9E1E22F1FD92B01E956A91172FCADDE2DD7B371CD1ECEA537850530BA90B7F06F8A826336A0B5C4915BC9BF70547A3C1DF86014DCB5B7D388C9B0521137FAB4CDFD562DF99D6A99C186B7BDD3FEC243391BF4420453AF780853A4E73411ED19C1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA5CFEBC9E127BECC74C90C0655D7C9589B6F51362070D5E462C4DB60F1046AEF9E00B052D4517BC7D5ED3D9C69E36715BAD945000644491DE26A1CB6B9AF6B1B384F75877C655F6A0CFFA54E7F98DB043164DEE61B6CB3963F13A7381A12EABD8E6A8E50DFABEE8FA832470A7F707E924DFF11E1D5F29674364B668427613CC8061AE95D64AB9FBEC76F4E10637E963C84F567D6ECD2560D0263C593F830F75A522A0C35E31F050BBFC13D2A6E743985E7A54A43189CB9C42B3F5E9AFC1D03CA8AB183F55C054378F3D2CDFD44FE23A774FC69EE82D6FC7335D90306D414B694C53B64D8E1C17377432ED9AFB475C2A878B10E6BA6526C22048BF387925B27A38411C2582FAAF8ADAA98D87ADBC8801E9C49371EFF647236DEDB57FF5A303227776F0F3CDABD8219748419F1EB0838A5A613CA3773671305F9AAE7B290BF8C3F9425ED8AD8C131C628346CFA6B92D457B1D7358630E85E6226EE711FD37187B92CA946789132153D7265C7AC37FAAE45289AB5C68FC2777C3DF231D059DA416790BC4A9E6478950F94F45F2174062D1C688D9F16114C04736B5256DEEC4AA9449CF2699F24418512AF04A83E5CB81A629D2764F4CFB7F6FCE0E37C413C8F62C013AF4277C3C5C49B2D33667970A7833A8737C1F4AECD4B94A59A85AECD61DC606C06C3778F1275FC0115952B9F17AFADBCB6F7EA1B5F4A9C55B4A5A9CB372029DADD1A2FEBE926D629786E6FD1301363B0DD1803C39D971C32FF16262B611AF749E6B344A8EF7818EAA163FB70CC74FA4C0AD2A286DBF7B2B3FF806274B57D4988504AB3B60F7DF1B606368E1144E67D9C20EF5185BA86245CDBCCC74F0662B7FA769BE554BF37DC6A44FE217F258507FC204D0DFA35A78426F20317A3A26A07F1E6E9342F4140531353BA31A87EF122044261F7BF65C42B28C07A10CCD40D552D7E9484B9A43D45D2510154FC1DEE7A79F0AB4079B7CF68D61DC821FE722209A1637E9E20D3101B5DBB9933FA7B7C2E7FE4F5C466CCB83AE7F8E294ED77D0BD9"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\System32\d3dx9_3532.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\oodag.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Celkový čas: 2010-04-04 20:40:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-04 18:40

Před spuštěním: 4 599 791 616
Po spuštění: 4 584 398 848

- - End Of File - - E9462F4F7A7149A241C6F5AA565ED70D
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Kontrolu logu,prosím.blokování ip adres.

#4 Příspěvek od Unlimited_Killer »

0K.

1) Skript do ComboFix-u
  • Otevřete si Poznámkový blok [Start → Spustit → notepad → Enter].
  • Do něj vkopírujte následující text:

    Kód: Vybrat vše

    KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[-HKLM\~\startupfolder\C:^Documents and Settings^Peca^Nabídka Start^Programy^Po spuštění^Reminder-cor40212.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"=-
"HP Software Update"=-

RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5FE33608-D84A-4853-0DC49CB45BA83A21}\{2DF15E09-2D8E-263A-CC028FD0118C14A8}\{3FB2B7AB-9135-F57A-39603C4B0F4DA6E9}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CD33F05B-57D8-EB8D-1C637C8E18479BDE}\{4B66B287-DF55-8BF6-0C7A245C073DF874}\{2B094E66-D192-13E4-CB3BD0799FCAC2FC}*]

File::
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Aktualizovat ESET licenci.lnk

Extra::

DDS::
uStart Page = hxxp://www.ask.com?o=15187&l=dis

FireFox::
FF - ProfilePath - c:\documents and settings\Peca\Data aplikací\Mozilla\Firefox\Profiles\g0dbaads.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - 

Reboot::
  • Uložte tento soubor na Plochu pod jménem CFScript (koncovka .txt).
  • Přetáhněte tento soubor nad ComboFix a pusťte ho.
  • I tento soubor, i ComboFix musí být na Ploše!
    Obrázek
  • ComboFix se spustí a vykoná příkazy ze skriptu.
  • Počítač bude pravděpodobně restartován.
  • Po restartu na Vás vyskočí okno s logem, který mi vkopírujete sem ve formě textu.
2) VirusTotal
  • Otestujte na VirusTotal soubory:

    Kód: Vybrat vše

    c:\windows\system32\drivers\eb9f1420.sys
  • Jednoduše tam vkopírujete cesty, co jsem napsal do code.
  • Jestliže Vám to napíše, že soubor byl již testován, nechte ho otestovat znovu.
  • Poté sem vložíte linky (odkazy) na jednotlivé testy.
3) Varování
  • Okamžitě odistalujte ten nelegální Eset a nainstalujte si nějaký free antivir (např. Avast5 Free, Microsoft Security Essential či Aviru).
inactive
Nahoru
pekka
Návštěvník
Návštěvník
Příspěvky: 13
Registrován: 01 led 2009 17:30

Re: Kontrolu logu,prosím.blokování ip adres.

#5 Příspěvek od pekka »

Tady je nový log:

ComboFix 10-04-03.02 - Peca 04.04.2010 21:52:40.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.768.451 [GMT 2:00]
Spuštěný z: c:\documents and settings\Peca\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Peca\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Aktualizovat ESET licenci.lnk"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Aktualizovat ESET licenci.lnk

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-04 do 2010-04-04 )))))))))))))))))))))))))))))))
.

2010-04-02 20:20 . 2010-04-02 20:20 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-02 20:15 . 2010-04-04 08:22 -------- d-----w- c:\program files\Lavasoft
2010-04-01 18:19 . 2010-04-01 18:17 390144 ----a-w- c:\windows\system32\CF21366.exe
2010-03-27 17:01 . 2010-03-27 17:08 -------- d-----w- c:\program files\Speed Video Splitter
2010-03-27 17:00 . 2010-03-27 17:00 119296 ----a-w- c:\windows\system32\d3dx9_3532.dll
2010-03-27 17:00 . 2010-03-27 17:00 201216 ----a-w- c:\documents and settings\Peca\file234.exe
2010-03-27 13:00 . 2010-03-27 13:00 -------- d-----w- c:\program files\Electronic Arts
2010-03-26 17:04 . 2010-03-26 18:51 -------- d-----w- c:\windows\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-04 16:22 . 2006-10-17 16:42 -------- d-----w- c:\program files\TRANSLAT
2010-04-04 16:18 . 2006-05-06 11:54 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-04 15:07 . 2005-07-22 18:02 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-28 14:53 . 2001-09-20 12:00 82656 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 14:53 . 2001-09-20 12:00 438014 ----a-w- c:\windows\system32\perfh005.dat
2010-03-27 12:54 . 2005-02-07 12:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-27 12:22 . 2009-07-08 06:36 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-03-26 19:21 . 2005-04-30 07:25 3591 ----a-w- c:\windows\im32st.dat
2010-03-01 23:01 . 2010-03-01 23:01 7669343 ----a-w- c:\documents and settings\Peca\setup.exe
2010-02-28 08:39 . 2010-02-28 08:39 -------- d-----w- c:\program files\Atari
2010-02-27 21:02 . 2009-01-04 20:31 -------- d-----w- c:\program files\ESET
2010-02-27 11:58 . 2010-02-27 11:29 -------- d-----w- c:\program files\Deep Silver
2010-02-11 19:28 . 2005-02-07 13:09 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-08 19:36 . 2010-02-08 19:05 -------- d-----w- c:\program files\MSECache
2009-12-29 20:17 . 2009-01-10 20:44 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-12-29 20:17 . 2009-01-10 20:44 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-12-29 20:17 . 2009-01-10 20:44 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-12-29 20:17 . 2009-01-10 20:44 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-12-29 20:17 . 2009-01-10 20:44 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-01-15 19:22 . 2005-05-01 12:44 11690 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-04-04_18.34.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-04 19:59 . 2010-04-04 19:59 16384 c:\windows\temp\Perflib_Perfdata_b80.dat
+ 2010-04-04 19:59 . 2010-04-04 19:59 16384 c:\windows\temp\Perflib_Perfdata_6d0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-09-13 22880040]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2004-10-27 1465344]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
jetMailMonitor.lnk - c:\program files\JetMailMonitor\JetMM.exe [2006-5-6 651264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\7cb80ab3863]
2010-03-27 17:00 119296 ----a-w- c:\windows\system32\d3dx9_3532.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
2002-12-06 15:07 617984 ----a-w- c:\program files\ASUS\Probe\AsusProb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DTHAR_MrTimer"=c:\program files\MrTimer\MT.exe MIN
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"OODefragTray"=c:\windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IronWare Communication\\IW FTPort Client\\Cftp32.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15500:TCP"= 15500:TCP:BitComet 15500 TCP
"15500:UDP"= 15500:UDP:BitComet 15500 UDP
"19238:TCP"= 19238:TCP:BitComet 19238 TCP
"19238:UDP"= 19238:UDP:BitComet 19238 UDP

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.12.2005 18:58 717296]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 10:04 34312]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2.4.2010 22:20 95024]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 7:51 277736]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 9:21 468224]
S1 atitray;atitray;\??\c:\program files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.sys --> c:\program files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.sys [?]
S1 eb9f1420;eb9f1420;c:\windows\system32\drivers\eb9f1420.sys --> c:\windows\system32\drivers\eb9f1420.sys [?]
S2 Norton AntiVirus;Norton AntiVirus;"c:\program files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton AntiVirus" /m "c:\program files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 ate_procmon;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\Peca\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Peca\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbdriver.sys [24.1.2007 21:15 13824]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [13.6.2006 18:15 223128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Načítať použitie &BitSpirit - c:\program files\BitSpirit\bsurl.htm
TCP: {B453E1A4-8965-4DD6-91DF-B3D4AC1EF8B5} = 195.146.100.100,195.146.100.5
FF - ProfilePath - c:\documents and settings\Peca\Data aplikací\Mozilla\Firefox\Profiles\g0dbaads.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-04 22:01
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spci.sys >>UNKNOWN [0x83B7A938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7572f28
\Driver\ACPI -> ACPI.sys @ 0xf73cdcb8
\Driver\atapi -> atapi.sys @ 0xf7362b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
NDIS: VIA Compatible Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7258bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7265a21
SendHandler -> NDIS.sys @ 0xf724387b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1177238915-706699826-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="753C5022677EFC88A1011E1CCD76B0D756E2336BF7609FC8F892E7C7FDBA078BBE21896123CF4345914201D6648CE4CB52A8D5C4DA599500596676DD6C8A47AA506957984ADF43F1DC7EDEE1450F735996E69F7067E78ED7D301E71CEB000BF5BC019B46FDED5F0637B06456C49E9A5F9D4A2AC2C7AECAB7C9E1E22F1FD92B01E956A91172FCADDE2DD7B371CD1ECEA537850530BA90B7F06F8A826336A0B5C4915BC9BF70547A3C1DF86014DCB5B7D388C9B0521137FAB4CDFD562DF99D6A99C186B7BDD3FEC243391BF4420453AF780853A4E73411ED19C1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA5CFEBC9E127BECC74C90C0655D7C9589B6F51362070D5E462C4DB60F1046AEF9E00B052D4517BC7D5ED3D9C69E36715BAD945000644491DE26A1CB6B9AF6B1B384F75877C655F6A0CFFA54E7F98DB043164DEE61B6CB3963F13A7381A12EABD8E6A8E50DFABEE8FA832470A7F707E924DFF11E1D5F29674364B668427613CC8061AE95D64AB9FBEC76F4E10637E963C84F567D6ECD2560D0263C593F830F75A522A0C35E31F050BBFC13D2A6E743985E7A54A43189CB9C42B3F5E9AFC1D03CA8AB183F55C054378F3D2CDFD44FE23A774FC69EE82D6FC7335D90306D414B694C53B64D8E1C17377432ED9AFB475C2A878B10E6BA6526C22048BF387925B27A38411C2582FAAF8ADAA98D87ADBC8801E9C49371EFF647236DEDB57FF5A303227776F0F3CDABD8219748419F1EB0838A5A613CA3773671305F9AAE7B290BF8C3F9425ED8AD8C131C628346CFA6B92D457B1D7358630E85E6226EE711FD37187B92CA946789132153D7265C7AC37FAAE45289AB5C68FC2777C3DF231D059DA416790BC4A9E6478950F94F45F2174062D1C688D9F16114C04736B5256DEEC4AA9449CF2699F24418512AF04A83E5CB81A629D2764F4CFB7F6FCE0E37C413C8F62C013AF4277C3C5C49B2D33667970A7833A8737C1F4AECD4B94A59A85AECD61DC606C06C3778F1275FC0115952B9F17AFADBCB6F7EA1B5F4A9C55B4A5A9CB372029DADD1A2FEBE926D629786E6FD1301363B0DD1803C39D971C32FF16262B611AF749E6B344A8EF7818EAA163FB70CC74FA4C0AD2A286DBF7B2B3FF806274B57D4988504AB3B60F7DF1B606368E1144E67D9C20EF5185BA86245CDBCCC74F0662B7FA769BE554BF37DC6A44FE217F258507FC204D0DFA35A78426F20317A3A26A07F1E6E9342F4140531353BA31A87EF122044261F7BF65C42B28C07A10CCD40D552D7E9484B9A43D45D2510154FC1DEE7A79F0AB4079B7CF68D61DC821FE722209A1637E9E20D3101B5DBB9933FA7B7C2E7FE4F5C466CCB83AE7F8E294ED77D0BD9"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\System32\d3dx9_3532.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\oodag.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Celkový čas: 2010-04-04 22:04:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-04 20:04
ComboFix2.txt 2010-04-04 18:40

Před spuštěním: 4 593 713 152
Po spuštění: 4 577 538 048

- - End Of File - - 9DCB271AFFD1CCE1947C2B0136B30C27


Ten soubor"c:\windows\system32\drivers\eb9f1420.sys" otestovat nejde protože neexistuje,nelze ho najít.Ani v total commanderu.A změnu antiviru plánuju,s Nodem stejně nejsem spokojený a nebyl jsem ani s placenou verzí.Zatím dík.
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Kontrolu logu,prosím.blokování ip adres.

#6 Příspěvek od Unlimited_Killer »

0K, myslel jsem si, že to nic nenajde, ale jistota je jistota.

1) Odinstalujte programy Anti Trojan Elite a Norton AntiVirus (pokud již odinstalované nejsou)

2) VirusTotal
  • Otestujte na VirusTotal soubory:

    Kód: Vybrat vše

    c:\windows\system32\drivers\screamingbdriver.sys
c:\windows\im32st.dat
c:\documents and settings\Peca\file234.exe
  • Jednoduše tam vkopírujete cesty, co jsem napsal do code.
  • Jestliže Vám to napíše, že soubor byl již testován, nechte ho otestovat znovu.
  • Poté sem vložíte linky (odkazy) na jednotlivé testy.
inactive
Nahoru
pekka
Návštěvník
Návštěvník
Příspěvky: 13
Registrován: 01 led 2009 17:30

Re: Kontrolu logu,prosím.blokování ip adres.

#7 Příspěvek od pekka »

Dobré ráno,a hezké velikonoce :P Tak ty dva programy už byly odinstalovaný a tady jsou ty výsledky:

Kód: Vybrat vše

http://www.virustotal.com/cs/analisis/f3021151fa55045cbeebdc7d69cf60607ce0a77845ac72540cec849ca429766b-1270414816
http://www.virustotal.com/cs/analisis/349ba726522f7a39c48eb2eadd4b9ec984b80e01e577172324c1ee3bf06ca116-1270415058
http://www.virustotal.com/cs/analisis/18e5827ff1ba76ef27aa2086de03a63d7f2cf0e1b8b2a40e91d37b328d8ca273-1270415179
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Kontrolu logu,prosím.blokování ip adres.

#8 Příspěvek od Unlimited_Killer »

Pokrs

1) Skript do ComboFix-u
  • Otevřete si Poznámkový blok [Start → Spustit → notepad → Enter].
  • Do něj vkopírujte následující text:

    Kód: Vybrat vše

    KillAll::

Collect::
c:\documents and settings\Peca\file234.exe

Reboot::
  • Uložte tento soubor na Plochu pod jménem CFScript (koncovka .txt).
  • Přetáhněte tento soubor nad ComboFix a pusťte ho.
  • I tento soubor, i ComboFix musí být na Ploše!
    Obrázek
  • ComboFix se spustí a vykoná příkazy ze skriptu.
  • Počítač bude pravděpodobně restartován.
  • Po restartu na Vás vyskočí okno s logem, který mi vkopírujete sem ve formě textu.
2) Odinstalace virtuálních mechanik
  • Odinstalujte všechny virtuální mechaniky - například Alcohol, DeamonTools atd.
3) Odinstalace SPTD
  • Přejděte na tento odkaz.
  • Zde si stáhněte verzi SPTD dle Vašeho operačního systému (XP/Vista/W7 - 32/64bit).
  • Stažený soubor dvojklikem spusťte.
  • Klikněte na prostřední tlačítko 'Uninstall'.
  • Restartujte PC.
4) MBR.exe
  • Stáhněte MBR.exe na Plochu.
  • Proklikejte se na Start → Spustit [Win+R] a zadejte či vkopírujte následující text:

    Kód: Vybrat vše

    "%userprofile%\plocha\mbr" -t
  • Nyní stiskněte 'Enter'.
  • Na Ploše by se měl vytvořit soubor MBR.log, jehož obsah mi sem vkopírujete ve formě textu.
5) GMER
  • Stáhněte GMER, rozbalte ho na Plochu a dvojklikem ho spusťte.
  • Několik sekund bude skenovat.
  • Až sken dokončí, klikněte na 'Save' - to vygeneruje první log, který mi vložíte ve formě textu sem.
  • Poté vytvořte druhý log, přičemž se budete řídit tímto návodem - tento log mi sem taktéž vložíte.
inactive
Nahoru
pekka
Návštěvník
Návštěvník
Příspěvky: 13
Registrován: 01 led 2009 17:30

Re: Kontrolu logu,prosím.blokování ip adres.

#9 Příspěvek od pekka »

krok 1:
ComboFix 10-04-03.02 - Peca 05.04.2010 20:42:39.8.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.768.451 [GMT 2:00]
Spuštěný z: c:\documents and settings\Peca\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Peca\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

file zipped: c:\documents and settings\Peca\file234.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Peca\file234.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-05 do 2010-04-05 )))))))))))))))))))))))))))))))
.

2010-04-02 20:20 . 2010-04-02 20:20 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-02 20:15 . 2010-04-04 08:22 -------- d-----w- c:\program files\Lavasoft
2010-04-01 18:19 . 2010-04-01 18:17 390144 ----a-w- c:\windows\system32\CF21366.exe
2010-03-27 17:01 . 2010-03-27 17:08 -------- d-----w- c:\program files\Speed Video Splitter
2010-03-27 17:00 . 2010-03-27 17:00 119296 ----a-w- c:\windows\system32\d3dx9_3532.dll
2010-03-27 13:00 . 2010-03-27 13:00 -------- d-----w- c:\program files\Electronic Arts
2010-03-26 17:04 . 2010-03-26 18:51 -------- d-----w- c:\windows\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-05 11:58 . 2006-05-06 11:54 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-04 16:22 . 2006-10-17 16:42 -------- d-----w- c:\program files\TRANSLAT
2010-04-04 15:07 . 2005-07-22 18:02 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-28 14:53 . 2001-09-20 12:00 82656 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 14:53 . 2001-09-20 12:00 438014 ----a-w- c:\windows\system32\perfh005.dat
2010-03-27 12:54 . 2005-02-07 12:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-27 12:22 . 2009-07-08 06:36 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-03-26 19:21 . 2005-04-30 07:25 3591 ----a-w- c:\windows\im32st.dat
2010-03-01 23:01 . 2010-03-01 23:01 7669343 ----a-w- c:\documents and settings\Peca\setup.exe
2010-02-28 08:39 . 2010-02-28 08:39 -------- d-----w- c:\program files\Atari
2010-02-27 21:02 . 2009-01-04 20:31 -------- d-----w- c:\program files\ESET
2010-02-27 11:58 . 2010-02-27 11:29 -------- d-----w- c:\program files\Deep Silver
2010-02-11 19:28 . 2005-02-07 13:09 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-08 19:36 . 2010-02-08 19:05 -------- d-----w- c:\program files\MSECache
2009-12-29 20:17 . 2009-01-10 20:44 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-12-29 20:17 . 2009-01-10 20:44 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-12-29 20:17 . 2009-01-10 20:44 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-12-29 20:17 . 2009-01-10 20:44 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-12-29 20:17 . 2009-01-10 20:44 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-01-15 19:22 . 2005-05-01 12:44 11690 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-04-04_18.34.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-05 18:49 . 2010-04-05 18:49 16384 c:\windows\temp\Perflib_Perfdata_8e0.dat
+ 2010-04-05 18:49 . 2010-04-05 18:49 16384 c:\windows\temp\Perflib_Perfdata_6f0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-09-13 22880040]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2004-10-27 1465344]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
jetMailMonitor.lnk - c:\program files\JetMailMonitor\JetMM.exe [2006-5-6 651264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\7cb80ab3863]
2010-03-27 17:00 119296 ----a-w- c:\windows\system32\d3dx9_3532.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
2002-12-06 15:07 617984 ----a-w- c:\program files\ASUS\Probe\AsusProb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DTHAR_MrTimer"=c:\program files\MrTimer\MT.exe MIN
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"OODefragTray"=c:\windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IronWare Communication\\IW FTPort Client\\Cftp32.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15500:TCP"= 15500:TCP:BitComet 15500 TCP
"15500:UDP"= 15500:UDP:BitComet 15500 UDP
"19238:TCP"= 19238:TCP:BitComet 19238 TCP
"19238:UDP"= 19238:UDP:BitComet 19238 UDP

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.12.2005 18:58 717296]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 10:04 34312]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2.4.2010 22:20 95024]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 7:51 277736]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 9:21 468224]
S1 atitray;atitray;\??\c:\program files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.sys --> c:\program files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.sys [?]
S1 eb9f1420;eb9f1420;c:\windows\system32\drivers\eb9f1420.sys --> c:\windows\system32\drivers\eb9f1420.sys [?]
S2 Norton AntiVirus;Norton AntiVirus;"c:\program files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton AntiVirus" /m "c:\program files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 ate_procmon;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\Peca\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Peca\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbdriver.sys [24.1.2007 21:15 13824]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [13.6.2006 18:15 223128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Načítať použitie &BitSpirit - c:\program files\BitSpirit\bsurl.htm
TCP: {B453E1A4-8965-4DD6-91DF-B3D4AC1EF8B5} = 195.146.100.100,195.146.100.5
FF - ProfilePath - c:\documents and settings\Peca\Data aplikací\Mozilla\Firefox\Profiles\g0dbaads.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-05 20:50
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spla.sys >>UNKNOWN [0x83B7A938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7572f28
\Driver\ACPI -> ACPI.sys @ 0xf73cdcb8
\Driver\atapi -> atapi.sys @ 0xf7362b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
NDIS: VIA Compatible Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7258bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7265a21
SendHandler -> NDIS.sys @ 0xf724387b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1177238915-706699826-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="753C5022677EFC88A1011E1CCD76B0D756E2336BF7609FC8F892E7C7FDBA078BBE21896123CF4345914201D6648CE4CB52A8D5C4DA599500596676DD6C8A47AA506957984ADF43F1DC7EDEE1450F735996E69F7067E78ED7D301E71CEB000BF5BC019B46FDED5F0637B06456C49E9A5F9D4A2AC2C7AECAB7C9E1E22F1FD92B01E956A91172FCADDE2DD7B371CD1ECEA537850530BA90B7F06F8A826336A0B5C4915BC9BF70547A3C1DF86014DCB5B7D388C9B0521137FAB4CDFD562DF99D6A99C186B7BDD3FEC243391BF4420453AF780853A4E73411ED19C1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA5CFEBC9E127BECC74C90C0655D7C9589B6F51362070D5E462C4DB60F1046AEF9E00B052D4517BC7D5ED3D9C69E36715BAD945000644491DE26A1CB6B9AF6B1B384F75877C655F6A0CFFA54E7F98DB043164DEE61B6CB3963F13A7381A12EABD8E6A8E50DFABEE8FA832470A7F707E924DFF11E1D5F29674364B668427613CC8061AE95D64AB9FBEC76F4E10637E963C84F567D6ECD2560D0263C593F830F75A522A0C35E31F050BBFC13D2A6E743985E7A54A43189CB9C42B3F5E9AFC1D03CA8AB183F55C054378F3D2CDFD44FE23A774FC69EE82D6FC7335D90306D414B694C53B64D8E1C17377432ED9AFB475C2A878B10E6BA6526C22048BF387925B27A38411C2582FAAF8ADAA98D87ADBC8801E9C49371EFF647236DEDB57FF5A303227776F0F3CDABD8219748419F1EB0838A5A613CA3773671305F9AAE7B290BF8C3F9425ED8AD8C131C628346CFA6B92D457B1D7358630E85E6226EE711FD37187B92CA946789132153D7265C7AC37FAAE45289AB5C68FC2777C3DF231D059DA416790BC4A9E6478950F94F45F2174062D1C688D9F16114C04736B5256DEEC4AA9449CF2699F24418512AF04A83E5CB81A629D2764F4CFB7F6FCE0E37C413C8F62C013AF4277C3C5C49B2D33667970A7833A8737C1F4AECD4B94A59A85AECD61DC606C06C3778F1275FC0115952B9F17AFADBCB6F7EA1B5F4A9C55B4A5A9CB372029DADD1A2FEBE926D629786E6FD1301363B0DD1803C39D971C32FF16262B611AF749E6B344A8EF7818EAA163FB70CC74FA4C0AD2A286DBF7B2B3FF806274B57D4988504AB3B60F7DF1B606368E1144E67D9C20EF5185BA86245CDBCCC74F0662B7FA769BE554BF37DC6A44FE217F258507FC204D0DFA35A78426F20317A3A26A07F1E6E9342F4140531353BA31A87EF122044261F7BF65C42B28C07A10CCD40D552D7E9484B9A43D45D2510154FC1DEE7A79F0AB4079B7CF68D61DC821FE722209A1637E9E20D3101B5DBB9933FA7B7C2E7FE4F5C466CCB83AE7F8E294ED77D0BD9"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\System32\d3dx9_3532.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1152)
c:\windows\System32\d3dx9_3532.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\oodag.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Celkový čas: 2010-04-05 20:54:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-05 18:54
ComboFix2.txt 2010-04-04 20:04
ComboFix3.txt 2010-04-04 18:40

Před spuštěním: 4 299 182 080
Po spuštění: 4 282 281 984

- - End Of File - - 5FC1A81558D79A169AA0C5FF94E94783


krok 2+3:
Odinstalováno!


krok 4:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK


krok 5:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-06 19:35:32
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Peca\LOCALS~1\Temp\pwlcipog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

---- EOF - GMER 1.0.15 ----

-------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-06 22:10:55
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Peca\LOCALS~1\Temp\pwlcipog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\drivers\ACEDRV07.sys section is writeable [0xA81D0000, 0x328BA, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0xA8214000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV07.sys unknown last section [0xA8230000, 0x8E, 0x42000040]
.reloc C:\windows\system32\drivers\acedrv11.sys section is executable [0xA7B4C600, 0x25B0C, 0xE0000060]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[404] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2640] @ C:\windows\system32\WININET.dll [Normaliz.dll!IdnToUnicode] 022713FA
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2640] @ C:\windows\system32\WININET.dll [Normaliz.dll!IdnToAscii] 0227135A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x41 0xD1 0xDA 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDE 0xCE 0x49 0x39 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x40 0x96 0x89 0xE5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x80 0x2A 0x6E 0x0E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x6F 0xB2 0x24 0xD6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x59 0xEA 0x9B 0x2A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x41 0xD1 0xDA 0x08 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDE 0xCE 0x49 0x39 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x43 0x33 0x4E 0xA1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x21 0x46 0x90 0xF3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x35 0x6D 0xFD 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x41 0xD1 0xDA 0x08 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDE 0xCE 0x49 0x39 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x40 0x96 0x89 0xE5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x80 0x2A 0x6E 0x0E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x6F 0xB2 0x24 0xD6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x59 0xEA 0x9B 0x2A ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 753C5022677EFC88A1011E1CC
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{389B5743-9703-860F-C7A4-8593C876B851}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{389B5743-9703-860F-C7A4-8593C876B851}@oadpidnfnjjplglejheekbnhgpmdgh 0x61 0x69 0x62 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{389B5743-9703-860F-C7A4-8593C876B851}@iaopkcdolejekfaeai 0x6B 0x61 0x6B 0x61 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{389B5743-9703-860F-C7A4-8593C876B851}@hampiehpdmojkhhg 0x6A 0x61 0x6B 0x61 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{389B5743-9703-860F-C7A4-8593C876B851}@haahddmijganncll 0x62 0x61 0x67 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{389B5743-9703-860F-C7A4-8593C876B851}@haahddmicgifkhif 0x62 0x61 0x67 0x62 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Peca\Local Settings\temp\plugtmp-1\plugin-flash.xml 1386 bytes

---- EOF - GMER 1.0.15 ----
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Kontrolu logu,prosím.blokování ip adres.

#10 Příspěvek od Unlimited_Killer »

Omlouvám se za prodlevu a prosím o nový RSIT log.
inactive
Nahoru
pekka
Návštěvník
Návštěvník
Příspěvky: 13
Registrován: 01 led 2009 17:30

Re: Kontrolu logu,prosím.blokování ip adres.

#11 Příspěvek od pekka »

Nic se neděje,taky pořád nejde jen sedět u PC :lol: tady je log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Peca at 2010-04-09 18:09:45
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (10%) free of 40 GB
Total RAM: 768 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:53, on 9.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\JetMailMonitor\JetMM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\windows\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\windows\System32\svchost.exe
C:\windows\system32\oodag.exe
C:\windows\system32\IoctlSvc.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Peca\Dokumenty\Stažené soubory\RSIT.exe
C:\Documents and Settings\Peca\Dokumenty\Stažené soubory\Peca.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: jetMailMonitor.lnk = C:\Program Files\JetMailMonitor\JetMM.exe
O8 - Extra context menu item: Načítať použitie &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\windows\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{B453E1A4-8965-4DD6-91DF-B3D4AC1EF8B5}: NameServer = 195.146.100.100,195.146.100.5
O20 - Winlogon Notify: 7cb80ab3863 - C:\windows\System32\d3dx9_3532.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus - Unknown owner - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\windows\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\windows\system32\IoctlSvc.exe

--
End of file - 7440 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-16 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-16 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-08-09 81920]
"ASUS Probe"=C:\Program Files\ASUS\Probe\AsusProb.exe [2002-12-06 617984]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-07-01 1447168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2007-09-13 22880040]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2007-11-13 2585360]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
C:\Program Files\ASUS\Probe\AsusProb.exe [2002-12-06 617984]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
jetMailMonitor.lnk - C:\Program Files\JetMailMonitor\JetMM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\7cb80ab3863]
C:\windows\System32\d3dx9_3532.dll [2010-03-27 119296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\windows\system32\Ati2evxx.dll [2006-12-17 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2009-03-10 190464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\BitSpirit\BitSpirit.exe"="C:\Program Files\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\IronWare Communication\IW FTPort Client\Cftp32.exe"="C:\Program Files\IronWare Communication\IW FTPort Client\Cftp32.exe:*:Enabled:IW FTPort Client"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-04-09 18:09:45 ----D---- C:\rsit
2010-04-06 22:23:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Hagel Technologies
2010-04-06 22:23:09 ----D---- C:\Program Files\DU Meter
2010-04-05 21:26:24 ----SHD---- C:\RECYCLER
2010-04-05 20:54:43 ----A---- C:\ComboFix.txt
2010-04-05 20:47:12 ----D---- C:\windows\temp
2010-04-04 20:23:52 ----A---- C:\windows\PEV.exe
2010-04-04 20:21:50 ----D---- C:\Qoobox
2010-04-02 22:15:14 ----D---- C:\Program Files\Lavasoft
2010-04-01 20:21:43 ----A---- C:\windows\MBR.exe
2010-04-01 20:19:00 ----A---- C:\windows\system32\CF21366.exe
2010-03-27 19:03:25 ----A---- C:\windows\Speed Video Splitter.INI
2010-03-27 19:01:19 ----D---- C:\Program Files\Speed Video Splitter
2010-03-27 19:00:54 ----A---- C:\windows\system32\d3dx9_3532.dll
2010-03-27 15:08:55 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2010-03-27 15:00:50 ----D---- C:\Program Files\Electronic Arts
2010-03-27 11:50:11 ----D---- C:\Documents and Settings\Peca\Data aplikací\Bioshock2
2010-03-26 19:04:44 ----D---- C:\windows\SxsCaPendDel

======List of files/folders modified in the last 1 months======

2010-04-09 18:06:06 ----D---- C:\Documents and Settings\Peca\Data aplikací\uTorrent
2010-04-09 18:05:57 ----D---- C:\WINDOWS
2010-04-09 18:05:57 ----D---- C:\Program Files\Mozilla Firefox
2010-04-09 18:05:57 ----A---- C:\windows\MAILTRAN.INI
2010-04-09 17:17:40 ----D---- C:\Program Files\Mozilla Thunderbird
2010-04-09 17:17:16 ----A---- C:\memory.txt
2010-04-08 21:58:12 ----A---- C:\windows\SchedLgU.Txt
2010-04-06 22:23:09 ----AD---- C:\Program Files
2010-04-05 20:54:46 ----D---- C:\windows\system32\drivers
2010-04-05 20:52:59 ----D---- C:\windows\system32\CatRoot2
2010-04-05 20:49:11 ----A---- C:\windows\system.ini
2010-04-05 20:45:33 ----D---- C:\windows\system32
2010-04-05 20:45:32 ----D---- C:\windows\AppPatch
2010-04-05 20:45:30 ----D---- C:\Program Files\Common Files
2010-04-05 10:55:21 ----A---- C:\windows\NeroDigital.ini
2010-04-05 10:44:58 ----A---- C:\odkazy.txt
2010-04-04 21:42:38 ----A---- C:\windows\WINCMD.INI
2010-04-04 20:09:48 ----D---- C:\Downloads
2010-04-04 18:22:42 ----RSHDC---- C:\windows\system32\dllcache
2010-04-04 18:22:22 ----D---- C:\Program Files\TRANSLAT
2010-04-04 17:07:13 ----A---- C:\windows\system32\CmdLineExt.dll
2010-04-04 10:22:11 ----SHD---- C:\windows\Installer
2010-04-04 10:22:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-04-04 10:22:04 ----DC---- C:\windows\system32\DRVSTORE
2010-04-03 10:29:26 ----SD---- C:\windows\Tasks
2010-04-02 22:21:29 ----HD---- C:\windows\inf
2010-04-02 22:16:26 ----D---- C:\windows\WinSxS
2010-04-02 20:43:35 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-04-01 21:50:59 ----A---- C:\windows\WTRAN32.INI
2010-04-01 20:37:25 ----D---- C:\windows\ERDNT
2010-04-01 20:30:41 ----D---- C:\windows\system32\config
2010-04-01 20:19:01 ----D---- C:\windows\Prefetch
2010-03-28 16:53:48 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-03-27 14:54:25 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-27 14:48:23 ----D---- C:\windows\system32\DirectX
2010-03-27 14:47:33 ----RSD---- C:\windows\assembly
2010-03-27 14:22:29 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2010-03-22 19:08:32 ----D---- C:\Documents and Settings\Peca\Data aplikací\Skype
2010-03-17 20:10:42 ----A---- C:\windows\Easy MOV Converter.INI
2010-03-15 18:36:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2010-03-15 18:32:40 ----D---- C:\Documents and Settings\Peca\Data aplikací\Vso

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\windows\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 easdrv;easdrv; C:\windows\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 PCLEPCI;PCLEPCI; \??\C:\windows\system32\drivers\pclepci.sys []
R1 SBRE;SBRE; \??\C:\windows\system32\drivers\SBREdrv.sys []
R2 ACEDRV07;ACEDRV07; \??\C:\WINDOWS\system32\drivers\ACEDRV07.sys []
R2 acedrv11;acedrv11; \??\C:\windows\system32\drivers\acedrv11.sys []
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R2 eamon;EAMON; C:\windows\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 ElbyCDIO;ElbyCDIO Driver; C:\windows\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064]
R3 aeaudio;aeaudio; C:\windows\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\windows\system32\DRIVERS\ati2mtag.sys [2006-12-17 1918464]
R3 ElbyCDFL;ElbyCDFL; C:\windows\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 ElbyDelay;ElbyDelay; C:\windows\System32\Drivers\ElbyDelay.sys [2005-01-02 3968]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\windows\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\windows\system32\DRIVERS\hidgame.sys [2001-08-17 8576]
R3 hidusb;Ovladač třídy standardu HID; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\windows\system32\DRIVERS\mouhid.sys [2001-09-13 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\windows\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 Pcouffin;VSO Software pcouffin; C:\windows\System32\Drivers\Pcouffin.sys [2009-02-07 47360]
R3 pfc;Padus ASPI Shell; C:\windows\system32\drivers\pfc.sys [2006-11-06 10368]
R3 smwdm;smwdm; C:\windows\system32\drivers\smwdm.sys [2003-07-15 578368]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\windows\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\windows\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 atitray;atitray; \??\C:\Program Files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.sys []
S1 Avg7Core;AVG7 Kernel; C:\windows\System32\Drivers\avg7core.sys []
S1 Avg7RsW;AVG7 Wrap Driver; C:\windows\System32\Drivers\avg7rsw.sys []
S1 Avg7RsXP;AVG7 Resident Driver XP; C:\windows\System32\Drivers\avg7rsxp.sys []
S1 AvgClean;AVG7 Clean Driver; C:\windows\System32\Drivers\avgclean.sys []
S1 eb9f1420;eb9f1420; C:\windows\System32\drivers\eb9f1420.sys []
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\windows\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S2 atksgt;atksgt; C:\windows\system32\DRIVERS\atksgt.sys []
S2 AvgTdi;AVG Network Redirector; C:\windows\System32\Drivers\avgtdi.sys []
S2 lirsgt;lirsgt; C:\windows\system32\DRIVERS\lirsgt.sys []
S3 ate_procmon;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\Peca\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 dtscsi;dtscsi; C:\windows\system32\drivers\dtscsi.sys []
S3 ENTECH;ENTECH; \??\C:\windows\system32\DRIVERS\ENTECH.sys []
S3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2007-01-20 17480]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\windows\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\windows\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\windows\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\windows\system32\drivers\screamingbdriver.sys [2005-11-21 13824]
S3 sfcure01;StarForce Cure Driver (version 1.x); C:\windows\System32\drivers\sfcure01.sys [2006-05-08 3072]
S3 USBAAPL;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbprint;Třída USB Printer; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vaxscsi;vaxscsi; C:\windows\System32\Drivers\vaxscsi.sys [2006-06-13 223128]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\windows\System32\Drivers\sptd.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\windows\System32\drivers\ws2ifsl.sys [2001-09-20 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\windows\system32\Ati2evxx.exe [2006-12-17 434176]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2007-11-10 1382672]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\windows\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-16 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 O&O Defrag;O&O Defrag; C:\windows\system32\oodag.exe [2007-05-11 1050120]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\windows\system32\svchost.exe [2008-04-14 14336]
S2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe []
S2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe []
S2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe []
S2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe /s Norton AntiVirus /m C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll /prefetch:1 []
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-13 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Kontrolu logu,prosím.blokování ip adres.

#12 Příspěvek od Unlimited_Killer »

Pokračujeme. ↓

1) VirusTotal
  • Otestujte na VirusTotal soubory:

    Kód: Vybrat vše

    C:\windows\System32\d3dx9_3532.dll
  • Jednoduše tam vkopírujete cesty, co jsem napsal do code.
  • Jestliže Vám to napíše, že soubor byl již testován, nechte ho otestovat znovu.
  • Poté sem vložíte linky (odkazy) na jednotlivé testy.
inactive
Nahoru
pekka
Návštěvník
Návštěvník
Příspěvky: 13
Registrován: 01 led 2009 17:30

Re: Kontrolu logu,prosím.blokování ip adres.

#13 Příspěvek od pekka »

Tady to je:

http://www.virustotal.com/cs/analisis/c ... 1271009047
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Kontrolu logu,prosím.blokování ip adres.

#14 Příspěvek od Unlimited_Killer »

Pokračujeme. ↓

1) OTMoveit3
  • Stáhněte OTM3 na Plochu.
  • Spusťte ho dvojklikem na OTM.exe, pokud to nepůjde, zkuste to s adminskými právy.
  • Do levého okna 'Paste Instructions for Items to be Moved' vkopírujte následující skript:

    Kód: Vybrat vše

    :processes
jqs.exe
explorer.exe

:reg
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\7cb80ab3863]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\windows\System32\d3dx9_3532.dll

:services
JavaQuickStarterService
eb9f1420
AVGEMS
Avg7UpdSvc
Avg7Alrt
AvgClean
Avg7RsXP
Avg7RsW
Avg7Core

:commands
[emptytemp]
[emptyflash]
[reboot]
  • Poté klikněte na červené tlačítko 'MoveIt!'.
  • V zeleném okně vpravo by se měl zobrazit log, ten vkopírujete sem do fóra.
  • Pokud se zobrazí hláška k restartování, klikněte na 'Yes'.
  • Po restartu se log otevře sám, nebo ho najdete v C:\_OTM\MovedFiles
2) Nový RSIT log
inactive
Nahoru
pekka
Návštěvník
Návštěvník
Příspěvky: 13
Registrován: 01 led 2009 17:30

Re: Kontrolu logu,prosím.blokování ip adres.

#15 Příspěvek od pekka »

Provedeno!

č.1)

All processes killed
========== PROCESSES ==========
No active process named jqs.exe was found!
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\7cb80ab3863\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0347C33E-8762-4905-BF09-768834316C61}\ not found.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\002875_.tmp moved successfully.
C:\WINDOWS\17528AC4E6C243CD8D8DA62BA476ADC7.TMP folder moved successfully.
C:\WINDOWS\95FC26FB19FD4A96BBB1B1062E8648F5.TMP folder moved successfully.
C:\WINDOWS\AC54E5443E42443CA91DA00A6974C592.TMP folder moved successfully.
C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP folder moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP101A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP75.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI114.tmp moved successfully.
C:\WINDOWS\Installer\MSI17E.tmp moved successfully.
C:\WINDOWS\Installer\MSI180.tmp moved successfully.
C:\WINDOWS\Installer\MSI20B.tmp moved successfully.
C:\WINDOWS\Installer\MSI3D.tmp moved successfully.
C:\WINDOWS\Installer\MSI43.tmp moved successfully.
C:\WINDOWS\system32\tmp212E.tmp moved successfully.
C:\WINDOWS\system32\tmp212F.tmp moved successfully.
C:\WINDOWS\system32\tmp6DA.tmp moved successfully.
C:\WINDOWS\system32\tmp6DB.tmp moved successfully.
C:\WINDOWS\system32\tmp959.tmp moved successfully.
C:\WINDOWS\system32\tmp95A.tmp moved successfully.
C:\WINDOWS\system32\tmp9B5.tmp moved successfully.
C:\WINDOWS\system32\tmp9B6.tmp moved successfully.
C:\WINDOWS\system32\tmpF2.tmp moved successfully.
C:\WINDOWS\system32\tmpF2C.tmp moved successfully.
C:\WINDOWS\system32\tmpF2D.tmp moved successfully.
C:\WINDOWS\system32\tmpF3.tmp moved successfully.
C:\WINDOWS\twain_32\hpqgnds2.tmp moved successfully.
LoadLibrary failed for C:\windows\System32\d3dx9_3532.dll
C:\windows\System32\d3dx9_3532.dll moved successfully.
========== SERVICES/DRIVERS ==========
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
Service eb9f1420 stopped successfully!
Service eb9f1420 deleted successfully!
Service AVGEMS stopped successfully!
Service AVGEMS deleted successfully!
Service Avg7UpdSvc stopped successfully!
Service Avg7UpdSvc deleted successfully!
Service Avg7Alrt stopped successfully!
Service Avg7Alrt deleted successfully!
Service AvgClean stopped successfully!
Service AvgClean deleted successfully!
Service Avg7RsXP stopped successfully!
Service Avg7RsXP deleted successfully!
Service Avg7RsW stopped successfully!
Service Avg7RsW deleted successfully!
Service Avg7Core stopped successfully!
Service Avg7Core deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 720891 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Peca
->Temp folder emptied: 29209 bytes
->Temporary Internet Files folder emptied: 191278 bytes
->Java cache emptied: 34277235 bytes
->FireFox cache emptied: 65129341 bytes
->Flash cache emptied: 4579 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 72632 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 54040 bytes

Total Files Cleaned = 96.00 mb


OTM by OldTimer - Version 3.1.10.1 log created on 04132010_210841

Files moved on Reboot...

Registry entries deleted on Reboot...
______________________________________________________________________________________________________
______________________________________________________________________________________________________

č.2)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Peca at 2010-04-13 21:18:18
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (14%) free of 40 GB
Total RAM: 768 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:22, on 13.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\windows\notepad.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\JetMailMonitor\JetMM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\windows\System32\svchost.exe
C:\windows\system32\oodag.exe
C:\windows\system32\IoctlSvc.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Documents and Settings\Peca\Dokumenty\Stažené soubory\RSIT.exe
C:\Documents and Settings\Peca\Dokumenty\Stažené soubory\Peca.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: jetMailMonitor.lnk = C:\Program Files\JetMailMonitor\JetMM.exe
O8 - Extra context menu item: Načítať použitie &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\windows\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{B453E1A4-8965-4DD6-91DF-B3D4AC1EF8B5}: NameServer = 195.146.100.100,195.146.100.5
O20 - Winlogon Notify: 7cb80ab3863 - C:\windows\System32\d3dx9_3532.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus - Unknown owner - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\windows\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\windows\system32\IoctlSvc.exe

--
End of file - 6805 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-16 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-16 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-08-09 81920]
"ASUS Probe"=C:\Program Files\ASUS\Probe\AsusProb.exe [2002-12-06 617984]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-07-01 1447168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2007-09-13 22880040]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2007-11-13 2585360]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
C:\Program Files\ASUS\Probe\AsusProb.exe [2002-12-06 617984]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
jetMailMonitor.lnk - C:\Program Files\JetMailMonitor\JetMM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\7cb80ab3863]
C:\windows\System32\d3dx9_3532.dll [2010-04-13 119296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\windows\system32\Ati2evxx.dll [2006-12-17 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2009-03-10 190464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\BitSpirit\BitSpirit.exe"="C:\Program Files\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\IronWare Communication\IW FTPort Client\Cftp32.exe"="C:\Program Files\IronWare Communication\IW FTPort Client\Cftp32.exe:*:Enabled:IW FTPort Client"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Atari\Crashday\Crashday.exe"="C:\Program Files\Atari\Crashday\Crashday.exe:*:Disabled:Crashday"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-04-13 21:08:41 ----D---- C:\_OTM
2010-04-09 18:09:45 ----D---- C:\rsit
2010-04-06 22:23:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Hagel Technologies
2010-04-06 22:23:09 ----D---- C:\Program Files\DU Meter
2010-04-05 21:26:24 ----SHD---- C:\RECYCLER
2010-04-05 20:54:43 ----A---- C:\ComboFix.txt
2010-04-05 20:47:12 ----D---- C:\windows\temp
2010-04-04 20:23:52 ----A---- C:\windows\PEV.exe
2010-04-04 20:21:50 ----D---- C:\Qoobox
2010-04-02 22:15:14 ----D---- C:\Program Files\Lavasoft
2010-04-01 20:21:43 ----A---- C:\windows\MBR.exe
2010-04-01 20:19:00 ----A---- C:\windows\system32\CF21366.exe
2010-03-27 19:03:25 ----A---- C:\windows\Speed Video Splitter.INI
2010-03-27 19:01:19 ----D---- C:\Program Files\Speed Video Splitter
2010-03-27 19:00:54 ----A---- C:\windows\system32\d3dx9_3532.dll
2010-03-27 15:08:55 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2010-03-27 15:00:50 ----D---- C:\Program Files\Electronic Arts
2010-03-27 11:50:11 ----D---- C:\Documents and Settings\Peca\Data aplikací\Bioshock2
2010-03-26 19:04:44 ----D---- C:\windows\SxsCaPendDel

======List of files/folders modified in the last 1 months======

2010-04-13 21:11:54 ----D---- C:\WINDOWS
2010-04-13 21:11:54 ----A---- C:\windows\MAILTRAN.INI
2010-04-13 21:11:50 ----D---- C:\Program Files\Mozilla Firefox
2010-04-13 21:10:00 ----A---- C:\windows\SchedLgU.Txt
2010-04-13 21:09:20 ----D---- C:\windows\system32
2010-04-13 21:09:19 ----D---- C:\windows\twain_32
2010-04-13 21:09:07 ----SHD---- C:\windows\Installer
2010-04-13 21:08:31 ----D---- C:\Documents and Settings\Peca\Data aplikací\uTorrent
2010-04-13 18:03:16 ----A---- C:\windows\NeroDigital.ini
2010-04-13 18:00:07 ----D---- C:\Program Files\Mozilla Thunderbird
2010-04-13 17:56:54 ----A---- C:\memory.txt
2010-04-06 22:23:09 ----AD---- C:\Program Files
2010-04-05 20:54:46 ----D---- C:\windows\system32\drivers
2010-04-05 20:52:59 ----D---- C:\windows\system32\CatRoot2
2010-04-05 20:49:11 ----A---- C:\windows\system.ini
2010-04-05 20:45:32 ----D---- C:\windows\AppPatch
2010-04-05 20:45:30 ----D---- C:\Program Files\Common Files
2010-04-05 10:44:58 ----A---- C:\odkazy.txt
2010-04-04 21:42:38 ----A---- C:\windows\WINCMD.INI
2010-04-04 20:09:48 ----D---- C:\Downloads
2010-04-04 18:22:42 ----RSHDC---- C:\windows\system32\dllcache
2010-04-04 18:22:22 ----D---- C:\Program Files\TRANSLAT
2010-04-04 17:07:13 ----A---- C:\windows\system32\CmdLineExt.dll
2010-04-04 10:22:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-04-04 10:22:04 ----DC---- C:\windows\system32\DRVSTORE
2010-04-03 10:29:26 ----SD---- C:\windows\Tasks
2010-04-02 22:21:29 ----HD---- C:\windows\inf
2010-04-02 22:16:26 ----D---- C:\windows\WinSxS
2010-04-02 20:43:35 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-04-01 21:50:59 ----A---- C:\windows\WTRAN32.INI
2010-04-01 20:37:25 ----D---- C:\windows\ERDNT
2010-04-01 20:30:41 ----D---- C:\windows\system32\config
2010-04-01 20:19:01 ----D---- C:\windows\Prefetch
2010-03-28 16:53:48 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-03-27 14:54:25 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-27 14:48:23 ----D---- C:\windows\system32\DirectX
2010-03-27 14:47:33 ----RSD---- C:\windows\assembly
2010-03-27 14:22:29 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2010-03-22 19:08:32 ----D---- C:\Documents and Settings\Peca\Data aplikací\Skype
2010-03-17 20:10:42 ----A---- C:\windows\Easy MOV Converter.INI
2010-03-15 18:36:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2010-03-15 18:32:40 ----D---- C:\Documents and Settings\Peca\Data aplikací\Vso

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\windows\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 easdrv;easdrv; C:\windows\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 PCLEPCI;PCLEPCI; \??\C:\windows\system32\drivers\pclepci.sys []
R1 SBRE;SBRE; \??\C:\windows\system32\drivers\SBREdrv.sys []
R2 ACEDRV07;ACEDRV07; \??\C:\WINDOWS\system32\drivers\ACEDRV07.sys []
R2 acedrv11;acedrv11; \??\C:\windows\system32\drivers\acedrv11.sys []
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R2 eamon;EAMON; C:\windows\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 ElbyCDIO;ElbyCDIO Driver; C:\windows\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064]
R3 aeaudio;aeaudio; C:\windows\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\windows\system32\DRIVERS\ati2mtag.sys [2006-12-17 1918464]
R3 ElbyCDFL;ElbyCDFL; C:\windows\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 ElbyDelay;ElbyDelay; C:\windows\System32\Drivers\ElbyDelay.sys [2005-01-02 3968]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\windows\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Ovladač třídy standardu HID; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\windows\system32\DRIVERS\mouhid.sys [2001-09-13 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\windows\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 Pcouffin;VSO Software pcouffin; C:\windows\System32\Drivers\Pcouffin.sys [2009-02-07 47360]
R3 pfc;Padus ASPI Shell; C:\windows\system32\drivers\pfc.sys [2006-11-06 10368]
R3 smwdm;smwdm; C:\windows\system32\drivers\smwdm.sys [2003-07-15 578368]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\windows\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\windows\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 atitray;atitray; \??\C:\Program Files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.sys []
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\windows\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S2 atksgt;atksgt; C:\windows\system32\DRIVERS\atksgt.sys []
S2 AvgTdi;AVG Network Redirector; C:\windows\System32\Drivers\avgtdi.sys []
S2 lirsgt;lirsgt; C:\windows\system32\DRIVERS\lirsgt.sys []
S3 ate_procmon;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\Peca\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 dtscsi;dtscsi; C:\windows\system32\drivers\dtscsi.sys []
S3 ENTECH;ENTECH; \??\C:\windows\system32\DRIVERS\ENTECH.sys []
S3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2007-01-20 17480]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\windows\system32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\windows\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\windows\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\windows\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\windows\system32\drivers\screamingbdriver.sys [2005-11-21 13824]
S3 sfcure01;StarForce Cure Driver (version 1.x); C:\windows\System32\drivers\sfcure01.sys [2006-05-08 3072]
S3 USBAAPL;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbprint;Třída USB Printer; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vaxscsi;vaxscsi; C:\windows\System32\Drivers\vaxscsi.sys [2006-06-13 223128]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\windows\System32\Drivers\sptd.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\windows\System32\drivers\ws2ifsl.sys [2001-09-20 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\windows\system32\Ati2evxx.exe [2006-12-17 434176]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2007-11-10 1382672]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\windows\system32\svchost.exe [2008-04-14 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 O&O Defrag;O&O Defrag; C:\windows\system32\oodag.exe [2007-05-11 1050120]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\windows\system32\svchost.exe [2008-04-14 14336]
S2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe /s Norton AntiVirus /m C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll /prefetch:1 []
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-13 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“