Prosím o kontrolu logu
- spocený ladič
- Začátečník
- Registrován: 06. pro 2005
- Bydliště: Vysočina
Prosím o kontrolu logu
Prosím o kontrolu logu z Combofixu, protože při změně na letní čas se mi hodiny změnili o 6 hodin dopředu. Panda nic nového nenašla,krom dvou starých známích :Trojan Generic Malware a AdWare SaveNow v C/Volume ... asi plané poplachy. Eset online scaner nic nenašel, ale jistota je jistota !!
ComboFix 10-04-03.02 - User 2010-04-04 22:50:34.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1022.707 [GMT 2:00]
Spuštěný z: c:\documents and settings\User\Plocha\ComboFix.exe
AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
FW: Sunbelt Personal Firewall *enabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\k\Local Settings\Temporary Internet Files\MAILTRAN.INI
c:\windows\AppPatch\AcAdProc.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-04 do 2010-04-04 )))))))))))))))))))))))))))))))
.
2010-04-04 20:22 . 2010-04-04 20:22 390144 ----a-w- c:\windows\system32\CF7367.exe
2010-04-04 20:11 . 2010-04-04 20:11 390144 ----a-w- c:\windows\system32\CF5277.exe
2010-04-04 18:35 . 2010-04-04 18:35 -------- d-sh--w- c:\documents and settings\k\PrivacIE
2010-03-30 18:54 . 2008-05-30 12:18 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2010-03-30 16:51 . 2010-03-30 16:51 -------- d-----w- c:\program files\Common Files\Skype
2010-03-27 23:00 . 2010-03-27 23:02 -------- d-----w- c:\windows\Logs
2010-03-11 09:08 . 2009-10-23 15:28 3558912 begin_of_the_skype_highlighting 28 3558912 end_of_the_skype_highlighting -c----w- c:\windows\system32\dllcache\moviemk.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-04 19:43 . 2007-09-05 19:01 -------- d-----w- c:\program files\SpeedFan
2010-04-04 18:16 . 2004-08-18 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2010-04-04 18:16 . 2004-08-18 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2010-04-03 23:12 . 2009-01-09 22:39 1713 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-04-01 20:16 . 2007-01-17 10:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-31 18:17 . 2007-04-14 20:39 -------- d-----w- c:\program files\Java
2010-03-09 02:28 . 2008-11-26 12:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-25 06:18 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-05 17:31 . 2010-02-05 17:31 -------- d-----w- c:\program files\Schlecker
2010-01-09 13:39 . 2010-01-09 13:39 264 ----a-w- c:\windows\system32\PSUNCpl.dat
2005-09-09 17:55 . 2008-06-09 20:20 35 ----a-w- c:\program files\SCSSDist.ini
2005-09-09 17:55 . 2008-06-09 20:19 37766164 ----a-w- c:\program files\Data1.cab
.
------- Sigcheck -------
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
c:\windows\System32\ctfmon.exe ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"= "c:\program files\ICQ6Toolbar\ICQToolBar.dll" [2009-06-01 962808]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= "c:\windows\system32\ieframe.dll" [2010-02-25 11070976]
[HKEY_CLASSES_ROOT\clsid\{855f3b16-6d32-4fe6-8a56-bbb695989046}]
[HKEY_CLASSES_ROOT\ICQToolBar.IEHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{E716F183-5AD7-11DC-9670-00508DC0D496}]
[HKEY_CLASSES_ROOT\ICQToolBar.IEHook]
[HKEY_CLASSES_ROOT\clsid\{cfbfae00-17a6-11d0-99cb-00c04fd64497}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{BFC32E1D-EE75-4A48-BC60-104E11EE2431}"= "c:\windows\WebIE.dll" [2007-07-30 491520]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"= "c:\program files\ICQ6Toolbar\ICQToolBar.dll" [2009-06-01 962808]
[HKEY_CLASSES_ROOT\clsid\{bfc32e1d-ee75-4a48-bc60-104e11ee2431}]
[HKEY_CLASSES_ROOT\WebTranslator.WebBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{13480EFC-B7FE-4037-8EC1-59D126E19805}]
[HKEY_CLASSES_ROOT\WebTranslator.WebBar]
[HKEY_CLASSES_ROOT\clsid\{855f3b16-6d32-4fe6-8a56-bbb695989046}]
[HKEY_CLASSES_ROOT\ICQToolBar.IEHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{E716F183-5AD7-11DC-9670-00508DC0D496}]
[HKEY_CLASSES_ROOT\ICQToolBar.IEHook]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"= "c:\windows\system32\browseui.dll" [2008-04-14 1025024]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"= "c:\windows\system32\SHELL32.dll" [2008-06-17 8465408]
[HKEY_CLASSES_ROOT\clsid\{01e04581-4eee-11d0-bfe9-00aa005b4383}]
[HKEY_CLASSES_ROOT\clsid\{0e5cbf21-d15f-11d0-8301-00aa005b4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2009-11-02 08:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Pending Delete Icon]
@="{0847B599-9191-4A27-BD61-DE11598D3B1B}"
[HKEY_CLASSES_ROOT\CLSID\{0847B599-9191-4A27-BD61-DE11598D3B1B}]
2009-11-02 08:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2009-11-02 08:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-19 1188456]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-19 1962896]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2009-10-30 361728]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-04-29 721904]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-04-26 72624]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2009-10-13 114312]
R2 NanoServiceMain;NanoServiceMain;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2009-10-30 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2009-10-30 146952]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2009-10-13 95880]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2009-10-13 101512]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
S2 gupdate1c9e2e71589afbc;Google Update Service (gupdate1c9e2e71589afbc);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 133104]
S3 cpuz;cpuz;\??\c:\docume~1\User\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\User\LOCALS~1\Temp\cpuz.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-04-04 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2010-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 18:30]
2010-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 18:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com
mStart Page = hxxp://home.sweetim.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {BD9B26CD-444B-4FE8-84E0-3FBC787B5A84} = 89.185.230.1,81.31.33.23
FF - ProfilePath - c:\documents and settings\User\Data aplikací\Mozilla\Firefox\Profiles\9esxox7o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\TV JOJ Media Player\np_JOJ_netscape_player.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-04 23:06
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys spst.sys hal.dll >>UNKNOWN [0x86779938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7674f28
\Driver\ACPI -> ACPI.sys @ 0xf73cecb8
\Driver\atapi -> atapi.sys @ 0xf7363b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="3CB92C03F2905B0D82F1A11D4410FB3EC3EB43A1161D60BDF3E12422D689B31047602EBC9AC41E68430CC62AF7CB69955FC2879AEFECC64CBBFD81E1E7D01735E08818F236E4D0581212632D3D81E44DB0F92AFA13F4C6C02E8366373C49F44A8FC459F47A6E198D7FF63902A1A3B6B2EE0BDEC6073D6AA74B121575F52F35B73C76670341F360EC7C858C755AB968C5B444FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C5D575E7D6A3B9808A9C6AECB7A5D1407A55C45D147FC2763706E0B281CB7A752E3BA0E4521981711948F4B95790B4324C342EA8FF500ABF945065AE502277042747F7A08A3EDB9183DB456F28BDBBE7932CBEFD0AC30D8913114186876D8274C9A64DB618737BBC69AC580528336E4817CF1869E6D29F8699020CCAE9B86BDB4251FB6E5AE6BDB868D43E4FBA66B5AE834A3851A7D3BB89746252ACA579E0D946757313C41B439947722464DFC852934ECC1677365EA2C03B6110165D342CF5A362998A1A9F15806414C88B7D3BFBE3DC023C771F171C86B4DC8C73A00C5A5C7EC25DB6697B52140579EB441B9886D2DCA92EA6EB53B6ADE76A09B170E341173EA4E8F6EFCC561FEA7E8F682040468852DCBB5D704684DC324E6B95FF24A7A46921DEA33139CC8CF277121A8C909CA190C033132784E9652CA58068B697A2DFCC97ECA3F546AEB97CDF0A8F468A490118FDC0D91EC744997E6A886A56FE7D72B7CCFAE347E10C28A169425BD7F931DE765F41A218697D2F3F2FE664EC7EF8E3699E8BAC596A5AA357FFB55EA724DB4ECBC584E1F27A8801CF3F674B7F71C4857918E36BC627362F48E3F97F9EAF500C44B88C3DC784C83196C9D25A94A31E01DDBFE0DF4ED7A8F7E4BE3F1FC536B8DE8497BB8C2E85A74C767F70DFDCCA218E77468CF5E876BBA5640698D185D3BCE21739C0E49A9DECC59727CE7A6521A106E59F0B17D43AD4F5A7EBF3806FB2B98908A494AFE2E9C6AD19F9695A4F07652BA0CAD0BEA785B9D3698CBE013E7B0242A53D397073106108904241790814847AA15AE57D2C0C25CED26671E201DF78FB4178143172F4564AE397815152455C0EF7DEFB7F5FB67A1D7425F27A35C60DBCC218CC0F8693571415DDB59F13917F01055E76E27CE7FE9208DF3DAA5A97EED62C223A38C6567A6169186D3F8E73BEFE3AEFDE34F9D7417C3AC5B38454C191139D067A742EB9F54567BAB17149AA2399A9F8DA5EB96E56C1745BDE5B1512C70E7A36F29210957B27DC5EA583CFD63AB35C368600CA5A692BF04B7AB3108651E5C97C42CC3113ADBDE9DDC758105470B8AB8D06B54813C1639185BF61D062A90540E66D35715294D9CB38B6B87664C7E4221FEBC7C9E62E65136ADD863A192"
"OODEFRAG11.00.00.01WORKSTATION"="28C4045F4D4E4058A90D3304DEC6BBEFA3AE8FC5C31D26678A35CFF12FE2CFC8C8D384E378C7FA63BD6A82AEA50A8B23CF5CEA94FAB15AAA87313ECFA89B8E49BE0EF9AA7CD90436E0734FE629DEC9A537D7E4F99D7428A74789A7926C92C157C5E3AF703F7139DB0ED3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6171C11EC38DE3DA6171C11EC38DE3D7F5AC034112DFE0E9D9942D70D679AEAE474369A531950B81EF8C0AB8550B0AE0178902CC32DDDD4955AD349D3E30D11ABCB42AA6490947256352EAB4E51885D0682B1EA753CECFB23BA62A92F1E6E84C5EC156EBD8B394AF8E0B68B603DCFA789A9B2E761C87CADE7726C19509850AC2133BFD52DC2B1845B1F1A2ABE24F94C69F2240B6756A346ED0BF3B20F6C89A28ECDD4C52104B696B6629E589528C14068B71C36087CBC571E61008068C53636C13F6D9831B1C32FA8F00DDDB1FE23ABACA3B33C6C6666A5C9A89A83FB6435E952DEA39A1440992B3268B0F38572DFEB413809E15DD3812CA2E553308E9D29733ED5180C2839BC2039B85B48A7E2FC1193CA3EE44C97B518C1713D6D06587A3DE425EEA36EB874D387A4E07D5040C35FF6037873CA986C4B22FA6D17701252E60A1E4E0989714D4249C31A295F12C1D0225DDF2F0FD1D3D9A2047EFE7B5AA141D76763D94528171C9004E3555471C6102EAB25B074D3DC8E07E191E7FC569BD55A7B5C260D3666C3D3221F01D78EE9FE9992F7027AC1BFE676BD46896BBCB5DB01ABED7472091350E934B09CB12A82B0C80B0FA3C352F594FB17C511E3DBABC3A097503DA922B90F1321000F501CAEEE0061228717CF3DFA083E399D26127DAFF1B7BDED8B15BAFD6FA3F9B246CCCEB5E9B6F0945F1B1837ECD9CE4395D46E7590567566950D3951834E90D4C8BB093616FE3C252B27CB14E263BA0B3A2B8421FE13BC7C68C61D703A02B7B732F9C6547604C98A2FFAE31484A8B26EBFB30CEF9E605B784A1494F6DF78681100AFB328E0E16306BF322E6C534A7261769C135539831B1921588DB3A63C1D8CD41542000F0AD64ED8FA3C07AFBFB6C352AA6DF57C984D8DFB0F3EAAA32DD9C575F9A65A21C074101A9AE381635244F06AB6B2AE768EC57B0C441D145001A1514D40DA6C199E1369C46641AC189F5F337BAC3D8D9DA7DA7C249966DA0ABCFC32685E9B9EDC900DEC42CAAF8EDE1AD54A650DAB53C87BE71DBFC41B1F91BD78E4F95DE98E38D8BEA29AC5D3E02A8673EBAC6B6378B5734EDD798D00B30DB3245758DD8A8BD6098A84FE6C911150FE8BBE777188270450F03594531B9F0622176A7B8F089BCC8C568241E416400FF075DE93D989BC38A2378AF385BA9E6A616874023A2F7490208A7F576A"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(980)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1044)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(3804)
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-04-04 23:11:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-04 21:11
Před spuštěním: 6,365,941,760
Po spuštění: 6,329,212,928
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 3D597862502DAF6B8D1199B08C1DB0D9
ComboFix 10-04-03.02 - User 2010-04-04 22:50:34.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1022.707 [GMT 2:00]
Spuštěný z: c:\documents and settings\User\Plocha\ComboFix.exe
AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
FW: Sunbelt Personal Firewall *enabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\k\Local Settings\Temporary Internet Files\MAILTRAN.INI
c:\windows\AppPatch\AcAdProc.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-04 do 2010-04-04 )))))))))))))))))))))))))))))))
.
2010-04-04 20:22 . 2010-04-04 20:22 390144 ----a-w- c:\windows\system32\CF7367.exe
2010-04-04 20:11 . 2010-04-04 20:11 390144 ----a-w- c:\windows\system32\CF5277.exe
2010-04-04 18:35 . 2010-04-04 18:35 -------- d-sh--w- c:\documents and settings\k\PrivacIE
2010-03-30 18:54 . 2008-05-30 12:18 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2010-03-30 16:51 . 2010-03-30 16:51 -------- d-----w- c:\program files\Common Files\Skype
2010-03-27 23:00 . 2010-03-27 23:02 -------- d-----w- c:\windows\Logs
2010-03-11 09:08 . 2009-10-23 15:28 3558912 begin_of_the_skype_highlighting 28 3558912 end_of_the_skype_highlighting -c----w- c:\windows\system32\dllcache\moviemk.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-04 19:43 . 2007-09-05 19:01 -------- d-----w- c:\program files\SpeedFan
2010-04-04 18:16 . 2004-08-18 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2010-04-04 18:16 . 2004-08-18 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2010-04-03 23:12 . 2009-01-09 22:39 1713 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-04-01 20:16 . 2007-01-17 10:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-31 18:17 . 2007-04-14 20:39 -------- d-----w- c:\program files\Java
2010-03-09 02:28 . 2008-11-26 12:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-25 06:18 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-05 17:31 . 2010-02-05 17:31 -------- d-----w- c:\program files\Schlecker
2010-01-09 13:39 . 2010-01-09 13:39 264 ----a-w- c:\windows\system32\PSUNCpl.dat
2005-09-09 17:55 . 2008-06-09 20:20 35 ----a-w- c:\program files\SCSSDist.ini
2005-09-09 17:55 . 2008-06-09 20:19 37766164 ----a-w- c:\program files\Data1.cab
.
------- Sigcheck -------
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
c:\windows\System32\ctfmon.exe ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"= "c:\program files\ICQ6Toolbar\ICQToolBar.dll" [2009-06-01 962808]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= "c:\windows\system32\ieframe.dll" [2010-02-25 11070976]
[HKEY_CLASSES_ROOT\clsid\{855f3b16-6d32-4fe6-8a56-bbb695989046}]
[HKEY_CLASSES_ROOT\ICQToolBar.IEHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{E716F183-5AD7-11DC-9670-00508DC0D496}]
[HKEY_CLASSES_ROOT\ICQToolBar.IEHook]
[HKEY_CLASSES_ROOT\clsid\{cfbfae00-17a6-11d0-99cb-00c04fd64497}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{BFC32E1D-EE75-4A48-BC60-104E11EE2431}"= "c:\windows\WebIE.dll" [2007-07-30 491520]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"= "c:\program files\ICQ6Toolbar\ICQToolBar.dll" [2009-06-01 962808]
[HKEY_CLASSES_ROOT\clsid\{bfc32e1d-ee75-4a48-bc60-104e11ee2431}]
[HKEY_CLASSES_ROOT\WebTranslator.WebBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{13480EFC-B7FE-4037-8EC1-59D126E19805}]
[HKEY_CLASSES_ROOT\WebTranslator.WebBar]
[HKEY_CLASSES_ROOT\clsid\{855f3b16-6d32-4fe6-8a56-bbb695989046}]
[HKEY_CLASSES_ROOT\ICQToolBar.IEHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{E716F183-5AD7-11DC-9670-00508DC0D496}]
[HKEY_CLASSES_ROOT\ICQToolBar.IEHook]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"= "c:\windows\system32\browseui.dll" [2008-04-14 1025024]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"= "c:\windows\system32\SHELL32.dll" [2008-06-17 8465408]
[HKEY_CLASSES_ROOT\clsid\{01e04581-4eee-11d0-bfe9-00aa005b4383}]
[HKEY_CLASSES_ROOT\clsid\{0e5cbf21-d15f-11d0-8301-00aa005b4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2009-11-02 08:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Pending Delete Icon]
@="{0847B599-9191-4A27-BD61-DE11598D3B1B}"
[HKEY_CLASSES_ROOT\CLSID\{0847B599-9191-4A27-BD61-DE11598D3B1B}]
2009-11-02 08:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2009-11-02 08:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-19 1188456]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-19 1962896]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2009-10-30 361728]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-04-29 721904]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-04-26 72624]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2009-10-13 114312]
R2 NanoServiceMain;NanoServiceMain;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2009-10-30 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2009-10-30 146952]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2009-10-13 95880]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2009-10-13 101512]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
S2 gupdate1c9e2e71589afbc;Google Update Service (gupdate1c9e2e71589afbc);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 133104]
S3 cpuz;cpuz;\??\c:\docume~1\User\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\User\LOCALS~1\Temp\cpuz.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-04-04 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2010-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 18:30]
2010-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 18:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com
mStart Page = hxxp://home.sweetim.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {BD9B26CD-444B-4FE8-84E0-3FBC787B5A84} = 89.185.230.1,81.31.33.23
FF - ProfilePath - c:\documents and settings\User\Data aplikací\Mozilla\Firefox\Profiles\9esxox7o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\TV JOJ Media Player\np_JOJ_netscape_player.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-04 23:06
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys spst.sys hal.dll >>UNKNOWN [0x86779938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7674f28
\Driver\ACPI -> ACPI.sys @ 0xf73cecb8
\Driver\atapi -> atapi.sys @ 0xf7363b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="3CB92C03F2905B0D82F1A11D4410FB3EC3EB43A1161D60BDF3E12422D689B31047602EBC9AC41E68430CC62AF7CB69955FC2879AEFECC64CBBFD81E1E7D01735E08818F236E4D0581212632D3D81E44DB0F92AFA13F4C6C02E8366373C49F44A8FC459F47A6E198D7FF63902A1A3B6B2EE0BDEC6073D6AA74B121575F52F35B73C76670341F360EC7C858C755AB968C5B444FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C5D575E7D6A3B9808A9C6AECB7A5D1407A55C45D147FC2763706E0B281CB7A752E3BA0E4521981711948F4B95790B4324C342EA8FF500ABF945065AE502277042747F7A08A3EDB9183DB456F28BDBBE7932CBEFD0AC30D8913114186876D8274C9A64DB618737BBC69AC580528336E4817CF1869E6D29F8699020CCAE9B86BDB4251FB6E5AE6BDB868D43E4FBA66B5AE834A3851A7D3BB89746252ACA579E0D946757313C41B439947722464DFC852934ECC1677365EA2C03B6110165D342CF5A362998A1A9F15806414C88B7D3BFBE3DC023C771F171C86B4DC8C73A00C5A5C7EC25DB6697B52140579EB441B9886D2DCA92EA6EB53B6ADE76A09B170E341173EA4E8F6EFCC561FEA7E8F682040468852DCBB5D704684DC324E6B95FF24A7A46921DEA33139CC8CF277121A8C909CA190C033132784E9652CA58068B697A2DFCC97ECA3F546AEB97CDF0A8F468A490118FDC0D91EC744997E6A886A56FE7D72B7CCFAE347E10C28A169425BD7F931DE765F41A218697D2F3F2FE664EC7EF8E3699E8BAC596A5AA357FFB55EA724DB4ECBC584E1F27A8801CF3F674B7F71C4857918E36BC627362F48E3F97F9EAF500C44B88C3DC784C83196C9D25A94A31E01DDBFE0DF4ED7A8F7E4BE3F1FC536B8DE8497BB8C2E85A74C767F70DFDCCA218E77468CF5E876BBA5640698D185D3BCE21739C0E49A9DECC59727CE7A6521A106E59F0B17D43AD4F5A7EBF3806FB2B98908A494AFE2E9C6AD19F9695A4F07652BA0CAD0BEA785B9D3698CBE013E7B0242A53D397073106108904241790814847AA15AE57D2C0C25CED26671E201DF78FB4178143172F4564AE397815152455C0EF7DEFB7F5FB67A1D7425F27A35C60DBCC218CC0F8693571415DDB59F13917F01055E76E27CE7FE9208DF3DAA5A97EED62C223A38C6567A6169186D3F8E73BEFE3AEFDE34F9D7417C3AC5B38454C191139D067A742EB9F54567BAB17149AA2399A9F8DA5EB96E56C1745BDE5B1512C70E7A36F29210957B27DC5EA583CFD63AB35C368600CA5A692BF04B7AB3108651E5C97C42CC3113ADBDE9DDC758105470B8AB8D06B54813C1639185BF61D062A90540E66D35715294D9CB38B6B87664C7E4221FEBC7C9E62E65136ADD863A192"
"OODEFRAG11.00.00.01WORKSTATION"="28C4045F4D4E4058A90D3304DEC6BBEFA3AE8FC5C31D26678A35CFF12FE2CFC8C8D384E378C7FA63BD6A82AEA50A8B23CF5CEA94FAB15AAA87313ECFA89B8E49BE0EF9AA7CD90436E0734FE629DEC9A537D7E4F99D7428A74789A7926C92C157C5E3AF703F7139DB0ED3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6171C11EC38DE3DA6171C11EC38DE3D7F5AC034112DFE0E9D9942D70D679AEAE474369A531950B81EF8C0AB8550B0AE0178902CC32DDDD4955AD349D3E30D11ABCB42AA6490947256352EAB4E51885D0682B1EA753CECFB23BA62A92F1E6E84C5EC156EBD8B394AF8E0B68B603DCFA789A9B2E761C87CADE7726C19509850AC2133BFD52DC2B1845B1F1A2ABE24F94C69F2240B6756A346ED0BF3B20F6C89A28ECDD4C52104B696B6629E589528C14068B71C36087CBC571E61008068C53636C13F6D9831B1C32FA8F00DDDB1FE23ABACA3B33C6C6666A5C9A89A83FB6435E952DEA39A1440992B3268B0F38572DFEB413809E15DD3812CA2E553308E9D29733ED5180C2839BC2039B85B48A7E2FC1193CA3EE44C97B518C1713D6D06587A3DE425EEA36EB874D387A4E07D5040C35FF6037873CA986C4B22FA6D17701252E60A1E4E0989714D4249C31A295F12C1D0225DDF2F0FD1D3D9A2047EFE7B5AA141D76763D94528171C9004E3555471C6102EAB25B074D3DC8E07E191E7FC569BD55A7B5C260D3666C3D3221F01D78EE9FE9992F7027AC1BFE676BD46896BBCB5DB01ABED7472091350E934B09CB12A82B0C80B0FA3C352F594FB17C511E3DBABC3A097503DA922B90F1321000F501CAEEE0061228717CF3DFA083E399D26127DAFF1B7BDED8B15BAFD6FA3F9B246CCCEB5E9B6F0945F1B1837ECD9CE4395D46E7590567566950D3951834E90D4C8BB093616FE3C252B27CB14E263BA0B3A2B8421FE13BC7C68C61D703A02B7B732F9C6547604C98A2FFAE31484A8B26EBFB30CEF9E605B784A1494F6DF78681100AFB328E0E16306BF322E6C534A7261769C135539831B1921588DB3A63C1D8CD41542000F0AD64ED8FA3C07AFBFB6C352AA6DF57C984D8DFB0F3EAAA32DD9C575F9A65A21C074101A9AE381635244F06AB6B2AE768EC57B0C441D145001A1514D40DA6C199E1369C46641AC189F5F337BAC3D8D9DA7DA7C249966DA0ABCFC32685E9B9EDC900DEC42CAAF8EDE1AD54A650DAB53C87BE71DBFC41B1F91BD78E4F95DE98E38D8BEA29AC5D3E02A8673EBAC6B6378B5734EDD798D00B30DB3245758DD8A8BD6098A84FE6C911150FE8BBE777188270450F03594531B9F0622176A7B8F089BCC8C568241E416400FF075DE93D989BC38A2378AF385BA9E6A616874023A2F7490208A7F576A"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(980)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1044)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(3804)
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-04-04 23:11:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-04 21:11
Před spuštěním: 6,365,941,760
Po spuštění: 6,329,212,928
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 3D597862502DAF6B8D1199B08C1DB0D9
- spocený ladič
- Začátečník
- Registrován: 06. pro 2005
- Bydliště: Vysočina
Re: Prosím o kontrolu logu
Tak nevim, buď je to OK,nebo je tu málo ochotných odborníků. Zatím s PC žádný problém, jen mě udivilo, že ve stavu nouze bez sítě mi nešel spustit antivir - Panda. Ve stavu nouze se sítí už jo. Zvažuji přechod na Avast FRee -5.
- jan.svoboda
- Středně pokročilý
-
- Registrován: 25. pro 2009
- Bydliště: Chrudim
Re: Prosím o kontrolu logu
Ahoj, jinak to vypadá v pohodě. Stáhni ještě MBAM - http://download.cnet.com/Malwarebytes-A ... tag=button - Nainstaluj ho, pak ho aktualizuj, dej provést úplný sken systému, nalezené infiltrace nemaž a pošli sem z něho log. Podle toho uvidíme, jestli tam už nic není.
Btw: Nevím, možná tu málo dobrovolníků je, ale vzhledem k tomu, že každý z dobrovolníků včetně mě tu radíme zdarma a ve svém volném čase, by jsi měl mít trošku trpělivosti a počkat, jakmile někdo bude moci a odpoví. Např. já mám i jiné povinnosti, jako chodit do SŠ, dělat úkoly atd. a volnýho času taky moc nemám, občas sem píšu ze školy, ale většinou jsem tu kdykoliv, když mám volný čas (jakože ho taky kvůli dojíždění do SŠ moc nemám...).
Btw: Nevím, možná tu málo dobrovolníků je, ale vzhledem k tomu, že každý z dobrovolníků včetně mě tu radíme zdarma a ve svém volném čase, by jsi měl mít trošku trpělivosti a počkat, jakmile někdo bude moci a odpoví. Např. já mám i jiné povinnosti, jako chodit do SŠ, dělat úkoly atd. a volnýho času taky moc nemám, občas sem píšu ze školy, ale většinou jsem tu kdykoliv, když mám volný čas (jakože ho taky kvůli dojíždění do SŠ moc nemám...).
Zde na foru již nejsem aktivní, vyskytuji se na Google+ (http://gplus.to/JanSvoboda), kde aktivně píšu nejen o IT.
- spocený ladič
- Začátečník
- Registrován: 06. pro 2005
- Bydliště: Vysočina
Re: Prosím o kontrolu logu
Provedeno dle doporučení. Výsledek SZ
Díky za tvůj čas, znalosti a ochotu zabývat se cizím problémem.
Díky za tvůj čas, znalosti a ochotu zabývat se cizím problémem.
Naposledy upravil(a) spocený ladič dne pát 16. dub 2010, 16:21, celkem upraveno 1 x.
- Shit
- Odborník PCT
- Registrován: 20. pro 2003
- Bydliště: Hradec Králové
Re: Prosím o kontrolu logu
Když už pánové warezíte, tak proč tento výpis nezeditujete/neschováte...spocený ladič píše:...\Nero 6.6.0.5\Keygen.exe...
- jan.svoboda
- Středně pokročilý
-
- Registrován: 25. pro 2009
- Bydliště: Chrudim
Re: Prosím o kontrolu logu
Vyjádřím se sem. Log ze SZ jsem viděl, kromě keygenu, který bych pochopitelně doporučil nepoužívat a smazat (i když už stejně pozdě), protože to může být jádro problémů s PC. Ten šmejd v System Volume Information buď smaž MBAMem, nebo ručně. Jinak je to v pohodě.
Shit: Já tu nechci warezit, zmíněného keygenu jsem si všiml až po Tvém upozorněním. A víc tu řešit nehodlám, stejně není co.
Shit: Já tu nechci warezit, zmíněného keygenu jsem si všiml až po Tvém upozorněním. A víc tu řešit nehodlám, stejně není co.
Zde na foru již nejsem aktivní, vyskytuji se na Google+ (http://gplus.to/JanSvoboda), kde aktivně píšu nejen o IT.
- spocený ladič
- Začátečník
- Registrován: 06. pro 2005
- Bydliště: Vysočina
Re: Prosím o kontrolu logu
Díky za pomoc a doporučení.
- jan.svoboda
- Středně pokročilý
-
- Registrován: 25. pro 2009
- Bydliště: Chrudim
Re: Prosím o kontrolu logu
Jo, a příště, když tam nebude warez, bude to ještě lepší
Zde na foru již nejsem aktivní, vyskytuji se na Google+ (http://gplus.to/JanSvoboda), kde aktivně píšu nejen o IT.