druhy log co ste mi poslal abych hodil do txt
ComboFix 11-04-16.03 - Martin 18.04.2011 17:25:20.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.774 [GMT 2:00]
Running from: c:\documents and settings\Martin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Martin\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_HHKJBTSQ
-------\Service_hhkjbtsq
.
.
((((((((((((((((((((((((( Files Created from 2011-03-18 to 2011-04-18 )))))))))))))))))))))))))))))))
.
.
2011-04-18 12:39 . 2011-04-18 12:42 2829 ----a-w- c:\windows\War3Unin.pif
2011-04-18 12:39 . 2011-04-18 12:42 139264 ----a-w- c:\windows\War3Unin.exe
2011-04-18 07:26 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\88708832.sys
2011-04-18 07:26 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\8870883.sys
2011-04-18 07:26 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\88708831.sys
2011-04-16 13:48 . 2011-04-16 13:48 -------- d-s---w- c:\documents and settings\Martin\UserData
2011-04-15 20:36 . 2010-11-09 12:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-04-15 20:28 . 2011-04-15 20:28 -------- d-----w- c:\program files\trend micro
2011-04-15 20:10 . 2011-04-15 20:10 -------- d-----w- c:\program files\Defraggler
2011-04-15 08:48 . 2011-04-15 08:48 -------- d-sh--w- c:\windows\ftpcache
2011-04-14 18:32 . 2011-04-14 19:38 -------- d-----w- c:\documents and settings\Martin\Application Data\uTorrent
2011-04-14 17:52 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-04-08 19:51 . 2011-04-15 09:11 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-08 19:48 . 2011-04-15 09:08 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\PunkBuster
2011-04-08 19:46 . 2011-04-15 09:12 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-08 19:46 . 2011-04-10 15:43 138056 ----a-w- c:\documents and settings\Martin\Application Data\PnkBstrK.sys
2011-04-08 19:45 . 2011-04-15 09:11 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-08 19:45 . 2011-04-10 15:43 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-08 19:45 . 2011-04-08 19:45 -------- d-----w- c:\windows\system32\LogFiles
2011-04-05 08:37 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-04-05 08:37 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-04-05 08:30 . 2008-01-15 07:44 109568 ----a-r- c:\windows\system32\drivers\zebrmdm.sys
2011-04-05 08:30 . 2008-01-15 07:44 14848 ----a-r- c:\windows\system32\drivers\zebrmdfl.sys
2011-04-05 08:30 . 2008-01-15 07:44 109568 ----a-r- c:\windows\system32\drivers\zebrmdmc.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrcmnt.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrcm.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrwhnt.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrwh.sys
2011-04-05 08:30 . 2008-01-15 07:44 83200 ----a-r- c:\windows\system32\drivers\zebrbus.sys
2011-04-05 08:20 . 2011-04-05 08:20 146 ----a-w- c:\windows\DelMR.bat
2011-04-05 08:16 . 2011-04-05 08:16 -------- d-----w- c:\documents and settings\Martin\Application Data\Teleca
2011-04-05 08:02 . 2011-04-05 08:02 -------- d-----w- c:\documents and settings\Martin\Application Data\Sony Ericsson
2011-04-05 08:01 . 2011-04-05 08:20 -------- d-----w- c:\program files\Common Files\Teleca Shared
2011-04-05 08:00 . 2011-04-05 08:21 -------- d-----w- c:\program files\Sony Ericsson
2011-04-05 08:00 . 2011-04-05 08:00 -------- d-----w- c:\program files\MSXML 6.0
2011-04-05 07:59 . 2011-04-05 07:59 -------- d-----w- c:\windows\Downloaded Installations
2011-03-28 14:42 . 2011-03-28 14:42 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\Adobe
2011-03-28 14:41 . 2011-03-28 14:42 -------- d-----w- c:\program files\Common Files\Adobe
2011-03-26 11:43 . 2008-10-10 03:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-03-26 11:43 . 2008-10-10 03:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-03-26 11:43 . 2008-10-10 03:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-03-26 11:43 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-03-25 14:33 . 2004-08-03 23:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-03-25 14:33 . 2004-08-03 23:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-03-25 14:33 . 2004-08-03 21:58 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-03-25 14:33 . 2004-08-03 21:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-03-25 14:32 . 2004-08-03 22:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-03-25 14:32 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-17_11.23.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-18 12:39 . 2011-04-18 12:53 65719 c:\windows\War3Unin.dat
+ 2011-04-17 18:57 . 2011-04-17 18:57 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2011-04-11 19:48 . 2011-04-11 19:48 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\Martin\Start Menu\Programs\Startup\
setup_9.0.0.722_18.04.2011_10-51.lnk - c:\programy\Virus Removal Tool\setup_9.0.0.722_18.04.2011_10-51\startup.exe [2011-4-18 72208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-15 19:02 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\programy\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 23:56 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\programy\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-01-07 17:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-07 17:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-11-04 06:51 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-11-16 14:35 2975640 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\HRY\\World of Warcraft\\Launcher.exe"=
"c:\\Programy\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57040:TCP"= 57040:TCP:Pando Media Booster
"57040:UDP"= 57040:UDP:Pando Media Booster
"6756:TCP"= 6756:TCP:rvgbebls
.
R0 88708832;88708832 Boot Guard Driver;c:\windows\system32\drivers\88708832.sys [18.4.2011 9:26 37392]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.11.2010 16:55 691696]
R1 88708831;88708831;c:\windows\system32\drivers\88708831.sys [18.4.2011 9:26 128016]
R1 setup_9.0.0.722_18.04.2011_10-51drv;setup_9.0.0.722_18.04.2011_10-51drv;c:\windows\system32\drivers\8870883.sys [18.4.2011 9:26 315408]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [15.4.2011 22:36 21992]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\programy\Garena\safedrv.sys --> c:\programy\Garena\safedrv.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
?hcfnioac
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\ghya889f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - azet.sk
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-04-18 17:31
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3532)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvsvc32.exe
c:\programy\Virus Removal Tool\setup_9.0.0.722_18.04.2011_10-51\setup_9.0.0.722_18.04.2011_10-51.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\System32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-04-18 17:34:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-18 15:34
ComboFix2.txt 2011-04-18 07:17
ComboFix3.txt 2011-04-17 11:26
.
Pre-Run: 37 264 306 176 bytes free
Post-Run: 8 adresárov, 37 274 120 192 voľných bajtov
.
- - End Of File - - 641C5D6528C3AEDBD8CECA1E7AB36F94
Pokud nemáte, přesuňte Combofix na plochu
Přispějete na provoz fóra?