Download | Programy

Mam problem a prosim o kontrolu logu z Hijacku.

Problematika virů a antivirů, zabezpečení PC, firewall, spyware, kontrola logu, hesla, webové prohlížeče

Moderátoři: mozek007, Ryan, Moderátoři

murko
Nováček
Nováček
Příspěvky: 4
Registrován: ned úno 10, 2008 10:21

Mam problem a prosim o kontrolu logu z Hijacku.

Příspěvek od murko »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:46:34, on 13.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Pavel\Plocha\Nová složka (2)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NI.UGDCCZ_0001_N122M1712] "c:\documents and settings\pavel\data aplikací\installer_cz[1].exe"
O4 - HKLM\..\Run: [98ddf4ff] rundll32.exe "C:\WINDOWS\system32\jtqilley.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WintelUpdate] C:\exujd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp2.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\mmmrsnrs.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6487 bytes
Ryan
Čestný člen
Příspěvky: 316
Registrován: sob dub 21, 2007 11:05
Bydliště: tam kde je přístup k netu:-) / Českomoravská Vysočina
Kontaktovat uživatele:

Re: Mam problem a prosim o kontrolu logu z Hijacku.

Příspěvek od Ryan »

fixněte v hijackthis:

O4 - HKLM\..\Run: [NI.UGDCCZ_0001_N122M1712] "c:\documents and settings\pavel\data aplikací\installer_cz[1].exe"
O4 - HKLM\..\Run: [98ddf4ff] rundll32.exe "C:\WINDOWS\system32\jtqilley.dll",b
O4 - HKCU\..\Run: [WintelUpdate] C:\exujd.exe

stáhněte Killbox z http://www.killbox.net --> do řádku Full path of delete vložte:

O20 - AppInit_DLLs: C:\WINDOWS\system32\mmmrsnrs.dll

--> zvolte možnosti Delete on reboot a Unregister .dll before deleting --> pak klik na ikonku kolečka s křížkem --> po restartu nový log z Hijackthis

Dejte Start --> spustit --> services.msc --> najděte službu s názvem NetCom3 Service (Netcom3) --> nastavte Typ spouštění na Zaázáno
murko
Nováček
Nováček
Příspěvky: 4
Registrován: ned úno 10, 2008 10:21

Re: Mam problem a prosim o kontrolu logu z Hijacku.

Příspěvek od murko »

Diky za super rychlou odpoved. Zkousel jsem to spravit podle prilozenyho navodu, ale bylo to jeste horsi. :evil: a s pocitacem se neslo domluvit.
Ze zoufalstvi jsem to projel ComboFixem a ted to vypada docela OK.
Pro jistotu prosim o kontrolu logu z ComboFixu:

ComboFix 08-02-11.2 - Pavel 2008-02-11 19:09:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.169 [GMT 1:00]
Running from: C:\Documents and Settings\Pavel\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\cbxuuss.dll
C:\WINDOWS\system32\pmnki.dll
C:\WINDOWS\system32\yyjzicbh.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\0_exception.nls
C:\WINDOWS\system32\bolamjms.ini
C:\WINDOWS\system32\cbxuuss.dll
C:\WINDOWS\system32\drivers\NdisWon.sys
C:\WINDOWS\system32\drqxfimf.dll
C:\WINDOWS\system32\embncgag.dll
C:\WINDOWS\system32\fgkqaham.dllbox
C:\WINDOWS\system32\flqusbve.dll
C:\WINDOWS\system32\fmifxqrd.ini
C:\WINDOWS\system32\gebaawx.dll
C:\WINDOWS\system32\hcnycxrx.dll
C:\WINDOWS\system32\ifuucfho.dll
C:\WINDOWS\system32\iknmp.ini
C:\WINDOWS\system32\iknmp.ini2
C:\WINDOWS\system32\lohqehts.ini
C:\WINDOWS\system32\lqvwicvb.dllbox
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mwemvksk.dll
C:\WINDOWS\system32\pbbdevkr.dll
C:\WINDOWS\system32\pmnki.dll
C:\WINDOWS\system32\rndmnyvw.ini
C:\WINDOWS\system32\stheqhol.dll
C:\WINDOWS\system32\wvynmdnr.dll
C:\WINDOWS\system32\yelliqtj.ini
C:\WINDOWS\system32\yvmlqtie.dll
C:\WINDOWS\system32\yyjzicbh.dll
C:\WINDOWS\system32\yyjzicbh.dllbox
C:\WINDOWS\system32\zizvnpdp.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_RUNTIME
-------\NdisWon
-------\runtime


((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))
.

2008-02-11 17:42 . 2008-02-11 17:30 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-11 17:42 . 2008-02-11 17:42 3,448 --a------ C:\WINDOWS\unins000.dat
2008-02-11 17:09 . 2008-02-11 18:37 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-11 16:54 . 2006-03-02 13:00 389,632 --a------ C:\kmd.exe
2008-01-25 07:15 . 2008-01-26 07:58 <DIR> d-------- C:\Program Files\Opera
2008-01-24 19:49 . 2008-01-24 20:07 16 --a------ C:\WINDOWS\system32\coh.cache
2008-01-24 19:32 . 2008-01-24 22:00 <DIR> d-------- C:\Program Files\Netcom3 Cleaner
2008-01-13 17:53 . 2008-01-13 17:53 544 --a------ C:\WINDOWS\psnetwork.ini
2008-01-13 17:53 . 2008-01-13 17:53 34 --a------ C:\WINDOWS\Powerplayer.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 11:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-13 08:12 --------- d-----w C:\Program Files\CCleaner
2008-03-13 08:11 --------- d-----w C:\Program Files\Yahoo!
2008-03-11 15:39 58,368 ----a-w C:\wpohl.exe
2008-03-11 15:39 5,624 ----a-w C:\qsdjpwpb.exe
2008-01-16 18:12 --------- d-----w C:\Program Files\PartyGaming
2008-01-11 15:28 --------- d-----w C:\Program Files\Webteh
2008-01-09 17:21 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-19 18:41 --------- d-----w C:\Program Files\DivX
2007-12-19 18:32 6,638,792 ----a-w C:\Documents and Settings\download\DivXWebPlayerInstaller.exe
2007-07-18 19:14 2,897,821 ----a-w C:\Documents and Settings\download\bsplayer137.826.exe
2007-07-17 16:42 186,976,296 ----a-w C:\Documents and Settings\download\Nero-7.10.1.0_csy_trial.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 05:52 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 21:10 339968]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 16:04 278528]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06 3144800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zizvnpdp]
zizvnpdp.dll

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 13:00]
S4 Netcom3;NetCom3 Service;C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84edcf21-e837-11db-a1d9-00014a081794}]
\Shell\AutoRun\command - G:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - G:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3e82dc0-cfa3-11db-a1af-000e9b55c679}]
\shell\open\command - %SystemRoot%\Explorer.exe /idlist,%I,%L

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 19:18:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
.
**************************************************************************
.
Completion time: 2008-02-11 19:20:02 - machine was rebooted [Pavel]
ComboFix-quarantined-files.txt 2008-02-11 18:19:53
.
2008-02-13 16:10:12 --- E O F ---
Ryan
Čestný člen
Příspěvky: 316
Registrován: sob dub 21, 2007 11:05
Bydliště: tam kde je přístup k netu:-) / Českomoravská Vysočina
Kontaktovat uživatele:

Re: Mam problem a prosim o kontrolu logu z Hijacku.

Příspěvek od Ryan »

pokud jste tak jeste neucinil, presunte Combofix na plochu

otevrete si Poznamkovy blok

do nej zkopirujte skript z nasledujiciho okna:

Kód: Vybrat vše

File::
C:\kmd.exe
ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu

po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte.

po aplikaci by na vas mel vybafnout dalsi log, vlozte jej sem :)
murko
Nováček
Nováček
Příspěvky: 4
Registrován: ned úno 10, 2008 10:21

Re: Mam problem a prosim o kontrolu logu z Hijacku.

Příspěvek od murko »

Tady je ten log, pocitac slape jako novej a moc Vam dekuju :pal:

ComboFix 08-02-11.2 - Pavel 2008-02-11 20:38:27.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.200 [GMT 1:00]
Running from: C:\Documents and Settings\Pavel\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Pavel\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\kmd.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))
.

2008-02-13 15:55 . 2008-02-13 15:55 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Grisoft
2008-02-11 17:42 . 2008-02-11 17:30 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-11 17:42 . 2008-02-11 17:42 3,448 --a------ C:\WINDOWS\unins000.dat
2008-02-11 17:09 . 2008-02-11 18:37 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-01-25 07:15 . 2008-01-26 07:58 <DIR> d-------- C:\Program Files\Opera
2008-01-24 19:49 . 2008-01-24 20:07 16 --a------ C:\WINDOWS\system32\coh.cache
2008-01-24 19:32 . 2008-01-24 22:00 <DIR> d-------- C:\Program Files\Netcom3 Cleaner
2008-01-13 18:06 . 2008-01-13 18:06 <DIR> d-------- C:\Documents and Settings\Pavel\Data aplikací\TVU Networks
2008-01-13 17:53 . 2008-01-13 17:53 <DIR> d-------- C:\Documents and Settings\Pavel\Data aplikací\ppStream
2008-01-13 17:53 . 2008-01-13 17:53 544 --a------ C:\WINDOWS\psnetwork.ini
2008-01-13 17:53 . 2008-01-13 17:53 34 --a------ C:\WINDOWS\Powerplayer.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 11:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-26 11:34 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Symantec
2008-03-13 08:12 --------- d-----w C:\Program Files\CCleaner
2008-03-13 08:11 --------- d-----w C:\Program Files\Yahoo!
2008-03-13 07:43 253,448 ----a-w C:\Documents and Settings\Pavel\Data aplikací\installer_cz[1].exe
2008-03-11 23:19 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2008-03-11 16:50 --------- d-----w C:\Documents and Settings\Pavel\Data aplikací\PC Tools
2008-03-11 15:46 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-02-29 16:54 --------- d-----w C:\Documents and Settings\Pavel\Data aplikací\uTorrent
2008-01-19 17:44 --------- d-----w C:\Documents and Settings\Pavel\Data aplikací\Skype
2008-01-16 18:12 --------- d-----w C:\Program Files\PartyGaming
2008-01-11 15:28 --------- d-----w C:\Program Files\Webteh
2008-01-11 15:23 --------- d-----w C:\Documents and Settings\Pavel\Data aplikací\BSplayer
2008-01-09 17:21 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-23 13:03 --------- d-----w C:\Documents and Settings\Pavel\Data aplikací\BSplayer Pro
2007-12-19 18:41 --------- d-----w C:\Program Files\DivX
2007-12-19 18:32 6,638,792 ----a-w C:\Documents and Settings\download\DivXWebPlayerInstaller.exe
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-07-18 19:14 2,897,821 ----a-w C:\Documents and Settings\download\bsplayer137.826.exe
2007-07-17 16:42 186,976,296 ----a-w C:\Documents and Settings\download\Nero-7.10.1.0_csy_trial.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 05:52 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 21:10 339968]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 16:04 278528]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06 3144800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2006-05-10 07:02:00 5517312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zizvnpdp]
zizvnpdp.dll

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 13:00]
S4 Netcom3;NetCom3 Service;C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84edcf21-e837-11db-a1d9-00014a081794}]
\Shell\AutoRun\command - G:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - G:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3e82dc0-cfa3-11db-a1af-000e9b55c679}]
\shell\open\command - %SystemRoot%\Explorer.exe /idlist,%I,%L

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 20:39:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-11 20:40:18
ComboFix-quarantined-files.txt 2008-02-11 19:40:08
.
2008-02-13 16:10:12 --- E O F ---
Ryan
Čestný člen
Příspěvky: 316
Registrován: sob dub 21, 2007 11:05
Bydliště: tam kde je přístup k netu:-) / Českomoravská Vysočina
Kontaktovat uživatele:

Re: Mam problem a prosim o kontrolu logu z Hijacku.

Příspěvek od Ryan »

vyčištěno, jen smažte ještě tuto složku C:\Program Files\PartyGaming a vyčistěte PC programem T-Cleaner: http://sweb.cz/Marinus/T-Cleaner.bat
murko
Nováček
Nováček
Příspěvky: 4
Registrován: ned úno 10, 2008 10:21

Re: Mam problem a prosim o kontrolu logu z Hijacku.

Příspěvek od murko »

Jsem Vam moc zavazan a mockrat Vam dekuji :ups: .
Ryan
Čestný člen
Příspěvky: 316
Registrován: sob dub 21, 2007 11:05
Bydliště: tam kde je přístup k netu:-) / Českomoravská Vysočina
Kontaktovat uživatele:

Re: Mam problem a prosim o kontrolu logu z Hijacku.

Příspěvek od Ryan »

rádo se stalo ;)
Odpovědět