Každou minutu mi začali naskakovat reklamní okna. Kontrola CCleanerem, Ad-warem a NOD32 nic neobjevila.
Po přečtení diskuzního fora jsem nainstalovala ComboFix a zasílám log ke kontrole.
Za pomoc děkuji předem. Alena
ComboFix 09-03-15.01 - Tomáš 2009-03-18 16:15:46.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.2046.1557 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tomáš\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\TOM~1\LOCALS~1\Temp\install_flash_player.exe
c:\documents and settings\All Users\Data aplikací\SecuriSoft SARL
c:\documents and settings\All Users\Data aplikací\SecuriSoft SARL\WinSpywareProtect\LOG\20080720105527640.log
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-18 do 2009-03-18 )))))))))))))))))))))))))))))))
.
2009-03-18 15:38 . 2009-03-18 15:42 6,144 --a------ c:\program files\spoolsvt.exe
2009-03-16 16:05 . 2009-03-16 16:05 <DIR> d-------- c:\program files\AVG
2009-03-14 10:00 . 2009-03-18 16:13 <DIR> d-------- c:\documents and settings\Tomáš\Data aplikací\c2
2009-03-13 15:26 . 2009-03-18 16:13 <DIR> d-------- c:\documents and settings\Tomáš\Data aplikací\c1
2009-03-13 15:19 . 2009-03-18 16:16 162 --a------ c:\windows\ad1.htm
2009-03-13 14:15 . 2009-03-10 16:49 876,988,936 --a------ c:\windows\system32\jwt32.exe
2009-03-06 16:15 . 2009-03-06 16:16 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-02-21 16:44 . 2009-02-21 16:44 <DIR> d-------- c:\documents and settings\Tom\'a
2009-02-21 16:44 . 2009-02-21 16:44 <DIR> d-------- c:\documents and settings\Tom
2009-02-21 16:34 . 2009-02-21 16:34 <DIR> d-------- c:\program files\Common Files\Lingea Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-16 17:10 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-03-16 17:08 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-02-21 15:32 --------- d-----w c:\program files\Lingea
2009-02-09 14:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-01-31 10:45 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-31 10:45 --------- d-----w c:\program files\AGEIA Technologies
2009-01-31 09:49 202,040 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-31 09:49 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-23 01:18 42,320 ----a-w c:\windows\system32\xfcodec.dll
2009-01-18 09:25 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-18 09:25 --------- d-----w c:\documents and settings\All Users\Data aplikací\Fallout3
2009-01-18 09:23 --------- d-----w c:\program files\MSBuild
2009-01-18 09:21 --------- d-----w c:\program files\Reference Assemblies
2009-01-18 08:43 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-18 08:27 --------- d-----w c:\documents and settings\Tomáš\Data aplikací\Gearbox Software
2008-11-29 09:39 22,328 ----a-w c:\documents and settings\Tomáš\Data aplikací\PnkBstrK.sys
2008-02-14 16:28 88 --sh--r c:\documents and settings\All Users\Data aplikací\A4BD46449E.sys
2008-02-14 16:28 3,140 --sha-w c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2008-01-15 16:41 81,920 ----a-w c:\documents and settings\Tomáš\Data aplikací\ezpinst.exe
2008-01-15 16:41 47,360 ----a-w c:\documents and settings\Tomáš\Data aplikací\pcouffin.sys
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2008-01-28 18:22 952 --sha-w c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DAEMON Tools Lite"="c:\software\DAEMON Tools Lite\daemon.exe" [2007-12-19 486856]
"DAEMON Tools Pro Agent"="c:\software\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"Google Update"="c:\documents and settings\Tomáš\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-10-28 133104]
"PC Suite Tray"="c:\software\Nokia PC Suit\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\System32\JMRaidSetup.exe" [2006-10-30 1953792]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-12-25 917504]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Gainward"="c:\windows\TBPanel.exe" [2007-11-01 2185768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"PWRISOVM.EXE"="c:\software\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"QuickTime Task"="c:\software\Quick\qttask.exe" [2008-05-27 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"Microsoft appswitch"="c:\windows\system32\jwt32.exe" [2009-03-10 876988936]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
"Nokia.PCSync"="c:\software\Nokia PC Suit\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\Tom ç\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Lingea Update Center.lnk - c:\program files\Common Files\Lingea Shared\luc.exe [2008-09-30 275736]
PopTray.lnk - c:\software\poptray\PopTray.exe [2005-01-03 1601536]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-09-07 113664]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-05 67128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"VIDC.XFR1"= xfcodec.dll
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe]
"Debugger"=0
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
"Debugger"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\software\\ICQ\\ICQ6\\ICQ.exe"=
"c:\\software\\Xfire\\xfire.exe"=
"c:\\software\\uTorrent\\utorrent.exe"=
"c:\\software\\HLSW\\hlsw.exe"=
"d:\\Games\\F.E.A.R\\FEAR.exe"=
"c:\\software\\hamachi\\hamachi.exe"=
"d:\\Kane_and_Lynch_Dead_Men-HATRED\\kaneandlynch.exe"=
"c:\\software\\BitComet0\\BitComet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Games\\Swat 4\\ContentExpansion\\System\\Swat4X.exe"=
"d:\\Games\\Swat 4\\ContentExpansion\\System\\Swat4XDedicatedServer.exe"=
"d:\\Games\\Assassins Creed\\AssassinsCreed_Dx9.exe"=
"d:\\Games\\Assassins Creed\\AssassinsCreed_Dx10.exe"=
"d:\\Games\\Assassins Creed\\AssassinsCreed_Launcher.exe"=
"d:\\Games\\WIC\\wic.exe"=
"d:\\Games\\WIC\\wic_online.exe"=
"d:\\Games\\WIC\\wic_ds.exe"=
"d:\\Games\\Soldat\\Soldat.exe"=
"c:\\software\\Miranda\\Miranda IM\\miranda32.exe"=
"d:\\Games\\Zu\\ZU-ONLINE\\ZuOnline.exe"=
"d:\\Games\\CoD4\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"d:\\Prince.of.Persia-SKIDROW\\Prince of Persia.exe"=
"d:\\Prince.of.Persia-SKIDROW\\PrinceOfPersia_Launcher.exe"=
"d:\\Games\\Mirros Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\spoolsvt.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12659:TCP"= 12659:TCP:BitComet 12659 TCP
"12659:UDP"= 12659:UDP:BitComet 12659 UDP
"15355:TCP"= 15355:TCP:BitComet 15355 TCP
"15355:UDP"= 15355:UDP:BitComet 15355 UDP
"14956:TCP"= 14956:TCP:BitComet 14956 TCP
"14956:UDP"= 14956:UDP:BitComet 14956 UDP
"16235:TCP"= 16235:TCP:BitComet 16235 TCP
"16235:UDP"= 16235:UDP:BitComet 16235 UDP
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-10-15 222456]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\TOM~1\LOCALS~1\Temp\gUSBSTOi.sys --> c:\docume~1\TOM~1\LOCALS~1\Temp\gUSBSTOi.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2008-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2009-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1202660629-839522115-1001.job
- c:\documents and settings\Tom [2009-02-21 16:44]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-Printspooler - c:\program files\spooler.exe
HKLM-Run-DesktopMechanic - (no file)
MSConfigStartUp-w3dr - d:\games\Warcraft III\w3dr.exe
.
------- Doplňkový sken -------
.
uStart Page =
hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 192.168.2.239:8080
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: imon.dll
Trusted Zone: mininova.org\www
TCP: {EE71BC66-C14D-4797-A8A6-336B17FF775E} = 208.67.220.220,208.67.222.222
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-03-18 16:17:13
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-329068152-1202660629-839522115-1001\Software\SecuROM\License information*]
"datasecu"=hex:83,82,6a,3f,72,6c,2b,6a,50,33,78,bb,fd,0a,41,e4,d1,5b,57,1c,1e,
f3,90,88,06,cf,ff,bb,2e,cd,8e,aa,df,bd,f1,e7,ff,dd,c0,1e,5c,0b,ad,d6,19,5e,\
"rkeysecu"=hex:fe,b4,6f,9a,2f,a2,65,b2,3b,c7,5e,d3,f7,72,fa,6a
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(940)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2009-03-18 16:18:13
ComboFix-quarantined-files.txt 2009-03-18 15:18:08
Před spuštěním: Volných bajtů: 40 250 322 944
Po spuštění: Volných bajtů: 42,133,262,336
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
207 --- E O F --- 2009-03-11 20:12:35