Logfile of random's system information tool 1.06 (written by random/random)
Run by Otomar at 2010-01-11 20:50:54
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (8%) free of 40 GB
Total RAM: 1023 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:29, on 11.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Otomar\Local Settings\Temporary Internet Files\Content.IE5\PVDW4NZB\RSIT[1].exe
C:\Program Files\trend micro\Otomar.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://85.193.52.237/VatDec.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - http://picasaweb.google.com/s/v/57.07/uploader2.cab
O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/Ovi ... 3.37.6.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - https://as.photoprintit.de/ips-opdata/l ... oader4.cab
O16 - DPF: {EAA105FE-7BBD-4196-8B96-D46743894195} (MjpegControl Class) - http://85.193.52.188/plugin/mjpegcontrol.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6562 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{9D59650E-0831-4813-8BB2-14ADE04CE5E7}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-08-20 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-15 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-08-20 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll [2009-04-17 211272]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-08-20 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2007-12-21 1443072]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-01-05 2002160]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis True Image Monitor]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\av_md]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
C:\WINDOWS\mHotkey.exe [2006-12-08 547840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\system32\CTHELPER.EXE [2003-08-28 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-01-15 267048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2009-10-26 753664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2007-03-15 2225208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regedit32]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Cleaner]
C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe [2006-07-14 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-09 136600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-08-20 39408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Otomar^Nabídka Start^Programy^Po spuštění^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2008-07-28 575488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2
"Dot3svcnapagent"=2
"Bonjour Service"=2
"iPod Service"=3
"idsvc"=3
"gusvc"=3
"gupdate1c98d1a1f97a8ce"=2
"Apple Mobile Device"=2
"WMPNetworkSvc"=3
"ServiceLayer"=3
"PnkBstrB"=2
"PnkBstrA"=2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-01-11 20:50:54 ----D---- C:\rsit
2010-01-11 20:50:54 ----D---- C:\Program Files\trend micro
2010-01-11 16:39:40 ----D---- C:\WINDOWS\Prefetch
2010-01-11 15:54:52 ----D---- C:\Program Files\WinXP Manager
2010-01-11 14:58:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-01-11 14:58:31 ----D---- C:\Program Files\SUPERAntiSpyware
2010-01-11 14:58:30 ----D---- C:\Documents and Settings\Otomar\Data aplikací\SUPERAntiSpyware.com
2010-01-11 13:32:17 ----D---- C:\Program Files\Codemasters
2010-01-11 13:28:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2010-01-09 15:22:05 ----D---- C:\Documents and Settings\Otomar\Data aplikací\Nokia Ovi Suite
2010-01-09 15:11:20 ----D---- C:\Program Files\PC Connectivity Solution
2010-01-09 15:08:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\OviInstallerCache
2010-01-07 15:52:11 ----D---- C:\Program Files\QuickTime
2010-01-05 13:01:18 ----D---- C:\Program Files\Common Files\PCSuite
2010-01-04 22:28:38 ----SHD---- C:\Config.Msi
2010-01-04 12:14:36 ----D---- C:\Program Files\Pracovní kalendář_203
2010-01-03 22:23:23 ----A---- C:\WINDOWS\ModemLog_Nokia N95 USB Modem #8.txt
2010-01-02 00:41:42 ----D---- C:\m64pci
2010-01-02 00:26:19 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-12-31 11:43:56 ----D---- C:\Program Files\ATI
2009-12-26 22:51:39 ----D---- C:\Program Files\Rozpisy pro Sportku - free verze 107
2009-12-26 22:50:45 ----A---- C:\WINDOWS\GPInstall.exe
2009-12-26 21:07:26 ----D---- C:\Program Files\VS Revo Group
2009-12-24 22:43:15 ----D---- C:\Documents and Settings\Otomar\Data aplikací\vlc
2009-12-24 22:42:18 ----D---- C:\Program Files\VideoLAN
2009-12-24 20:41:19 ----A---- C:\WINDOWS\system32\SP7302.INI
2009-12-24 20:41:19 ----A---- C:\WINDOWS\system32\CoInst_071029.dll
2009-12-24 20:41:17 ----D---- C:\WINDOWS\Pixart
2009-12-24 20:41:17 ----D---- C:\Program Files\KYE
2009-12-24 20:41:17 ----A---- C:\WINDOWS\AMCap.exe
2009-12-20 18:05:17 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-12-19 20:53:23 ----D---- C:\Program Files\Common Files\DivX Shared
2009-12-19 20:53:22 ----D---- C:\Program Files\DivX
2009-12-12 15:43:49 ----A---- C:\WINDOWS\system32\vbCPUInf.dll
2009-12-12 15:18:20 ----D---- C:\WINDOWS\vbSkinner
2009-12-12 15:15:36 ----A---- C:\WINDOWS\iun6002.exe
2009-12-12 15:15:03 ----D---- C:\Program Files\CM Data Software
======List of files/folders modified in the last 1 months======
2010-01-11 20:51:13 ----D---- C:\WINDOWS\temp
2010-01-11 20:50:54 ----RD---- C:\Program Files
2010-01-11 20:26:25 ----D---- C:\WINDOWS\system32
2010-01-11 16:39:40 ----D---- C:\WINDOWS
2010-01-11 16:38:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-11 16:38:35 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-11 16:37:54 ----D---- C:\WINDOWS\system32\config
2010-01-11 16:11:44 ----SHD---- C:\WINDOWS\Installer
2010-01-11 15:48:00 ----D---- C:\WINDOWS\system32\drivers
2010-01-11 15:33:39 ----D---- C:\WINDOWS\pss
2010-01-11 14:58:10 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-11 14:51:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-11 14:47:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-01-11 13:52:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-01-11 13:25:06 ----D---- C:\Documents and Settings\Otomar\Data aplikací\Identities
2010-01-10 21:07:12 ----D---- C:\Documents and Settings\Otomar\Data aplikací\Skype
2010-01-10 21:05:20 ----D---- C:\Documents and Settings\Otomar\Data aplikací\skypePM
2010-01-10 20:14:39 ----A---- C:\WINDOWS\win.ini
2010-01-09 15:50:37 ----D---- C:\Documents and Settings\Otomar\Data aplikací\Nokia
2010-01-09 15:50:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-09 15:19:43 ----HD---- C:\WINDOWS\inf
2010-01-09 15:12:33 ----D---- C:\Program Files\Common Files\Nokia
2010-01-09 15:12:09 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-09 15:11:55 ----D---- C:\Program Files\Nokia
2010-01-09 15:11:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-09 00:07:19 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-08 23:41:57 ----D---- C:\WINDOWS\WinSxS
2010-01-08 23:40:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2010-01-08 16:13:24 ----D---- C:\Program Files\ICQ6.5
2010-01-07 15:50:18 ----D---- C:\Program Files\Common Files\Apple
2010-01-06 15:11:52 ----D---- C:\WINDOWS\system32\NtmsData
2010-01-05 13:01:18 ----D---- C:\Program Files\Common Files
2010-01-05 12:33:39 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-05 11:49:07 ----RASH---- C:\Boot.ini
2010-01-05 11:49:07 ----A---- C:\WINDOWS\system.ini
2010-01-05 11:34:59 ----D---- C:\WINDOWS\system32\wbem
2010-01-05 11:34:57 ----D---- C:\WINDOWS\Registration
2010-01-05 11:32:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nokia
2010-01-04 23:47:14 ----D---- C:\WINDOWS\Minidump
2010-01-04 22:38:17 ----A---- C:\WINDOWS\ModemLog_Nokia N95 USB Modem.txt
2010-01-03 18:26:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2010-01-03 18:13:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-02 15:45:37 ----RD---- C:\WINDOWS\Offline Web Pages
2010-01-02 15:44:33 ----D---- C:\Program Files\WinRAR
2010-01-02 15:44:32 ----D---- C:\Program Files\RegHealer
2010-01-02 14:59:04 ----A---- C:\WINDOWS\wininit.ini
2010-01-02 00:46:32 ----RSD---- C:\WINDOWS\assembly
2009-12-26 23:08:36 ----SD---- C:\WINDOWS\Tasks
2009-12-26 21:29:54 ----SHD---- C:\WINDOWS\CSC
2009-12-26 21:29:54 ----D---- C:\Program Files\totalcmd
2009-12-26 21:29:53 ----D---- C:\Garmin
2009-12-26 21:10:41 ----D---- C:\Program Files\Google
2009-12-24 20:44:14 ----D---- C:\WINDOWS\twain_32
2009-12-24 16:59:17 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-12-22 18:41:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-15 16:15:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\RH_Backups
2009-12-15 15:56:50 ----D---- C:\WINDOWS\Debug
2009-12-13 22:34:27 ----RD---- C:\MSOCache
2009-12-13 22:34:27 ----D---- C:\Scenes
2009-12-13 22:34:27 ----D---- C:\profiles
2009-12-13 22:34:27 ----D---- C:\Popis
2009-12-12 15:17:29 ----RSD---- C:\WINDOWS\Fonts
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2007-12-21 53768]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 cnmpar21;C; \??\C:\Documents and Settings\All Users\Data aplikací\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmpar21.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2007-12-21 71176]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2003-10-15 186100]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-09-19 496800]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2003-08-28 6144]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2003-08-28 136448]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2003-08-28 145504]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2007-12-21 30728]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2003-08-28 823456]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-13 1897408]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-08-28 113840]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-03 47360]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 eusk2par;EUTRON SmartKey Parallel Driver; \??\C:\WINDOWS\system32\Drivers\eusk2par.sys []
S1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 ahz3w6k4;ahz3w6k4; C:\WINDOWS\system32\drivers\ahz3w6k4.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys []
S3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 EagleNT;EagleNT; C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 eusk3usb;SmartKey 3 USB; C:\WINDOWS\System32\Drivers\eusk3usb.sys [2004-11-18 45534]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2003-08-28 135696]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-07-09 52096]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 PAC7302;iSlim 310; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-10-29 458112]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PRODIGY;PRODIGY; C:\WINDOWS\System32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EHttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2007-12-21 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592]
S4 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
S4 gupdate1c98d1a1f97a8ce;Google Update Service (gupdate1c98d1a1f97a8ce); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-12 133104]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-20 182768]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-09 152984]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-22 75064]
S4 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-12-24 215104]
S4 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3
Jdeme na to.
~~~
Vložte sem log z ComboFix.
Stáhněte a uložte na Plochu ComboFix, poté ho spusťte s administrátorským oprávněním.
Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'. Budete také dotázán na instalaci konzole pro zotavení, klikněte na 'Ano'.
Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat. Váš PC bude pravděpodobně restartován, tak se toho neděste. Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
Po skončení skenu na Vás vypadne log, který vkopírujete sem.
~~~
Vložte sem log z ComboFix.
Stáhněte a uložte na Plochu ComboFix, poté ho spusťte s administrátorským oprávněním.
Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'. Budete také dotázán na instalaci konzole pro zotavení, klikněte na 'Ano'.
Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat. Váš PC bude pravděpodobně restartován, tak se toho neděste. Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
Po skončení skenu na Vás vypadne log, který vkopírujete sem.
inactive
Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3
Zde prosim log z CF:
ComboFix 10-01-11.01 - Otomar 11.01.2010 21:21:37.16.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.720 [GMT 1:00]
Spuštěný z: c:\documents and settings\Otomar\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikacˇ\bybulet.vbs
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Otomar\Dokumenty\BackupRegistry(20100111).reg
c:\program files\ICQ6.5\updates\ICQLRun.exe.91c2e91e127ccb34d0b0bbd8b0533169
c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\Data
c:\windows\system32\Data\CT0060W.DAT
c:\windows\system32\Data\CTP0060W.DAT
c:\windows\system32\Data\CTP0061W.DAT
c:\windows\system32\Data\CTP0100W.DAT
c:\windows\system32\Data\CTP0101W.DAT
c:\windows\system32\Data\CTP0102W.DAT
c:\windows\system32\Data\CTP0103W.DAT
c:\windows\system32\Data\CTP0105W.DAT
c:\windows\system32\Data\CTP0170W.DAT
c:\windows\system32\Data\CTP017AW.DAT
c:\windows\system32\Data\CTP017BW.DAT
c:\windows\system32\Data\CTP017CW.DAT
c:\windows\system32\Data\CTP017DW.DAT
c:\windows\system32\Data\CTP017EW.DAT
c:\windows\system32\Data\CTP017FW.DAT
c:\windows\system32\Data\CTP017GW.DAT
c:\windows\system32\Data\CTP017HW.DAT
c:\windows\system32\Data\CTP0221W.DAT
c:\windows\system32\Data\CTP0222W.DAT
c:\windows\system32\Data\CTP0226W.DAT
c:\windows\system32\Data\CTP0228W.DAT
c:\windows\system32\Data\CTP0229W.DAT
c:\windows\system32\Data\CTP1140W.DAT
c:\windows\system32\Data\CTP4620W.DAT
c:\windows\system32\Data\CTP4670W.DAT
c:\windows\system32\Data\CTP4760W.DAT
c:\windows\system32\Data\CTP4780W.DAT
c:\windows\system32\Data\CTP4790W.DAT
c:\windows\system32\Data\CTP4830W.DAT
c:\windows\system32\Data\CTP4831W.DAT
c:\windows\system32\Data\CTP4832W.DAT
c:\windows\system32\Data\CTP4840W.DAT
c:\windows\system32\Data\CTP4850W.DAT
c:\windows\system32\Data\CTP4870W.DAT
c:\windows\system32\Data\CTP4871W.DAT
c:\windows\system32\Data\CTP4872W.DAT
c:\windows\system32\Data\CTP4875W.DAT
c:\windows\system32\Data\CTP4890W.DAT
c:\windows\system32\Data\CTP4891W.DAT
c:\windows\system32\Data\CTP4893W.DAT
c:\windows\system32\Data\CTPDXW.DAT
c:\windows\system32\Data\CTPM002W.DAT
c:\windows\system32\Data\CTSBASW.DAT
----- BITS: Možné infikované stránky -----
hxxp://nds1.nokia.com
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_OREANS32
-------\Service_oreans32
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-11 do 2010-01-11 )))))))))))))))))))))))))))))))
.
2010-01-11 19:50 . 2010-01-11 19:51 -------- d-----w- C:\rsit
2010-01-11 19:50 . 2010-01-11 19:51 -------- d-----w- c:\program files\trend micro
2010-01-11 14:54 . 2010-01-11 15:01 -------- d-----w- c:\program files\WinXP Manager
2010-01-11 13:58 . 2010-01-11 13:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-11 12:32 . 2010-01-11 12:32 -------- d-----w- c:\program files\Codemasters
2010-01-09 14:11 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-01-09 14:11 . 2010-01-09 14:11 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-07 14:52 . 2010-01-07 14:52 -------- d-----w- c:\program files\QuickTime
2010-01-05 12:01 . 2010-01-05 12:01 -------- d-----w- c:\program files\Common Files\PCSuite
2010-01-05 10:34 . 2010-01-05 10:34 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-04 20:20 . 2003-09-08 13:43 89728 ----a-w- c:\windows\system32\drivers\usbvsp.sys
2010-01-04 11:14 . 2010-01-04 11:39 -------- d-----w- c:\program files\Pracovní kalendář_203
2010-01-03 16:59 . 2010-01-11 20:27 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000D-00001102-00000002-100A1102}.dat
2010-01-03 16:59 . 2010-01-11 20:27 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-0000000D-00001102-00000002-100A1102}.dat
2010-01-01 23:41 . 2010-01-01 23:41 -------- d-----w- C:\m64pci
2010-01-01 23:26 . 2005-12-10 03:03 180224 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-12-31 10:43 . 2010-01-05 10:32 -------- d-----w- c:\program files\ATI
2009-12-26 21:51 . 2009-12-26 22:03 -------- d-----w- c:\program files\Rozpisy pro Sportku - free verze 107
2009-12-26 21:50 . 2009-12-26 21:50 796672 ----a-w- c:\windows\GPInstall.exe
2009-12-26 20:07 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2009-12-26 20:07 . 2009-12-26 20:07 -------- d-----w- c:\program files\VS Revo Group
2009-12-24 21:42 . 2009-12-24 21:42 -------- d-----w- c:\program files\VideoLAN
2009-12-24 20:07 . 2009-12-24 21:31 921632 ----a-w- C:\PA7302.DAT
2009-12-24 19:41 . 2007-11-02 10:07 6656 ----a-w- c:\windows\system32\CoInst_071029.dll
2009-12-24 19:41 . 2007-10-29 15:25 458112 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2009-12-24 19:41 . 2009-12-24 19:41 -------- d-----w- c:\windows\Pixart
2009-12-24 19:41 . 2009-12-24 19:41 -------- d-----w- c:\program files\KYE
2009-12-24 19:41 . 2006-11-20 08:01 163840 ----a-w- c:\windows\AMCap.exe
2009-12-24 19:37 . 2008-04-13 23:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-12-24 19:37 . 2008-04-13 23:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-12-20 17:05 . 2009-12-23 17:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-19 19:53 . 2009-12-19 19:53 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-19 19:53 . 2009-12-19 19:53 -------- d-----w- c:\program files\DivX
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 19:26 . 2009-07-18 15:58 3064 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-11 13:58 . 2008-12-09 14:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-09 14:12 . 2009-01-14 07:28 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-09 14:11 . 2008-12-04 09:54 -------- d-----w- c:\program files\Nokia
2010-01-08 15:13 . 2008-12-27 11:23 -------- d-----w- c:\program files\ICQ6.5
2010-01-07 14:50 . 2009-08-07 17:08 -------- d-----w- c:\program files\Common Files\Apple
2010-01-05 11:33 . 2008-12-02 20:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 17:13 . 2009-04-25 22:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-03 00:04 . 2009-08-19 20:49 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000002-100A1102}.dat
2010-01-03 00:04 . 2009-08-19 20:49 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-0000000B-00001102-00000002-100A1102}.dat
2010-01-02 14:44 . 2009-03-02 09:56 -------- d-----w- c:\program files\RegHealer
2009-12-30 13:55 . 2009-10-25 17:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:54 . 2009-10-25 17:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 20:29 . 2008-12-02 21:01 -------- d-----w- c:\program files\totalcmd
2009-12-26 20:10 . 2009-01-01 19:00 -------- d-----w- c:\program files\Google
2009-12-24 15:59 . 2009-09-12 11:05 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-24 15:09 . 2009-09-12 11:19 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-22 17:41 . 2001-10-25 12:00 86856 ----a-w- c:\windows\system32\perfc005.dat
2009-12-22 17:41 . 2001-10-25 12:00 448976 ----a-w- c:\windows\system32\perfh005.dat
2009-12-12 14:43 . 2009-12-12 14:43 18944 ----a-w- c:\windows\system32\vbCPUInf.dll
2009-12-12 14:15 . 2009-12-12 14:15 -------- d-----w- c:\program files\CM Data Software
2009-12-12 14:14 . 2009-12-12 14:15 737280 ----a-w- c:\windows\iun6002.exe
2009-12-04 05:39 . 2009-12-01 13:38 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-03 15:19 . 2009-04-01 16:12 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-03 15:18 . 2009-12-03 15:18 -------- d-----w- c:\program files\vso
2009-12-03 14:44 . 2009-12-03 14:44 -------- d-----w- c:\program files\Common Files\debugmode
2009-12-03 14:44 . 2009-12-03 14:44 -------- d-----w- c:\program files\Debugmode
2009-12-03 12:53 . 2009-12-03 12:53 -------- d-----w- c:\program files\novaPDF Professional Desktop 7
2009-11-27 16:08 . 2009-11-27 16:08 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-11-24 08:15 . 2009-12-03 12:53 22216 ----a-w- c:\windows\system32\novamnp7.dll
2009-11-24 08:15 . 2009-12-03 12:53 19656 ----a-w- c:\windows\system32\novamip7.dll
2009-11-22 23:49 . 2009-07-28 11:13 -------- d-----w- c:\program files\NSS
2009-11-02 12:45 . 2008-12-02 22:46 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-10-29 07:43 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-24 15:02 . 2009-10-24 15:02 548 ----a-w- c:\windows\eReg.dat
2009-10-22 19:43 . 2009-03-15 19:46 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-21 05:40 . 2004-08-17 13:49 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-17 13:49 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 21:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 13:46 . 2008-09-24 00:19 490 ----a-w- c:\program files\R3Engine.ini
2009-04-11 13:46 . 2009-04-11 13:46 26791 ----a-w- c:\program files\Uninstall.ini
2009-04-11 13:46 . 2008-10-12 13:10 230490 ----a-w- c:\program files\Uninstall.exe
2009-03-31 12:12 . 2009-03-31 12:09 44 ----a-w- c:\program files\error_message.txt
2008-10-04 13:05 . 2008-10-04 13:05 10141468 ----a-w- c:\program files\RF_Online.bin
2008-09-24 00:55 . 2008-09-24 00:55 2288791 ----a-w- c:\program files\CHLOG.TXT
2008-09-20 13:23 . 2008-09-20 13:23 16842 ----a-w- c:\program files\LauncherMessage.ini
2008-07-27 20:34 . 2008-07-27 20:34 48610 ----a-w- c:\program files\GameData.edf
2008-06-06 07:25 . 2008-06-06 07:25 437457 ----a-w- c:\program files\CharacterW.edf
2008-06-06 07:25 . 2008-06-06 07:25 437457 ----a-w- c:\program files\Character.edf
2008-04-25 11:11 . 2008-04-25 11:11 2127673 ----a-w- c:\program files\Language.pak
2007-01-16 13:19 . 2007-01-16 13:19 143360 ----a-w- c:\program files\Updater.lc
2005-12-16 07:51 . 2005-12-16 07:51 126 ----a-w- c:\program files\Ceba.env
2004-12-07 09:11 . 2004-12-07 09:11 258352 ----a-w- c:\program files\unicows.dll
2004-10-08 10:34 . 2004-10-08 10:34 163840 ----a-w- c:\program files\X2PU.dll
2004-08-29 18:31 . 2004-08-29 18:31 14816 ----a-w- c:\program files\x2prtm.sys
2004-08-18 14:20 . 2004-08-18 14:20 184320 ----a-w- c:\program files\TcX2G.dll
2004-08-18 14:20 . 2004-08-18 14:20 15264 ----a-w- c:\program files\x2prm2.sys
2004-08-18 14:20 . 2004-08-18 14:20 106496 ----a-w- c:\program files\X2PMgr.dll
2004-08-17 14:09 . 2004-08-17 14:09 15264 ----a-w- c:\program files\x2prm.sys
2004-08-17 14:09 . 2004-08-17 14:09 106496 ----a-w- c:\program files\X2ProcMon.dll
2004-05-10 18:50 . 2004-05-10 18:50 188416 ----a-w- c:\program files\X2ReportDll.dll
2003-06-14 17:18 . 2003-06-14 17:18 39 ----a-w- c:\program files\dlctemp.db
2003-01-29 13:10 . 2003-01-29 13:10 764928 ----a-w- c:\program files\dbghelp.dll
2003-01-20 10:15 . 2003-01-20 10:15 349696 ----a-w- c:\program files\MSS32.DLL
2003-01-20 10:15 . 2003-01-20 10:15 125952 ----a-w- c:\program files\mssmp3.asi
2002-09-13 12:17 . 2002-09-13 12:17 630 ----a-w- c:\program files\Sound.ini
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Otomar^Nabídka Start^Programy^Po spuštění^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis True Image Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\av_md
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regedit32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2006-12-08 16:01 547840 ----a-w- c:\windows\mHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 07:52 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-08-28 08:45 24576 ----a-w- c:\windows\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-01-15 01:22 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-29 00:00 28672 ----a-w- c:\program files\Creative\SBLive\Program\ADGJDet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2009-10-26 16:26 753664 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
2007-03-15 09:06 2225208 ----a-w- c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-11-07 13:31 21633320 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Cleaner]
2006-07-14 21:12 118784 ----a-w- c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-12-09 06:08 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-20 22:21 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"Dot3svcnapagent"=2 (0x2)
"Bonjour Service"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1c98d1a1f97a8ce"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"42464:TCP"= 42464:TCP:PORT_42464
"7172:TCP"= 7172:TCP:PORT_7172
"40840:TCP"= 40840:TCP:PORT_40840
"21551:TCP"= 21551:TCP:PORT_21551
"29055:TCP"= 29055:TCP:PORT_29055
"51918:TCP"= 51918:TCP:PORT_51918
"31676:TCP"= 31676:TCP:PORT_31676
"12293:TCP"= 12293:TCP:PORT_12293
"17041:TCP"= 17041:TCP:PORT_17041
"62098:TCP"= 62098:TCP:PORT_62098
"57492:TCP"= 57492:TCP:PORT_57492
"16022:TCP"= 16022:TCP:PORT_16022
"47258:TCP"= 47258:TCP:PORT_47258
"59191:TCP"= 59191:TCP:PORT_59191
"38148:TCP"= 38148:TCP:PORT_38148
"43141:TCP"= 43141:TCP:PORT_43141
"31726:TCP"= 31726:TCP:PORT_31726
"33680:TCP"= 33680:TCP:PORT_33680
"10453:TCP"= 10453:TCP:PORT_10453
"5860:TCP"= 5860:TCP:PORT_5860
"14172:TCP"= 14172:TCP:PORT_14172
"15893:TCP"= 15893:TCP:PORT_15893
"37836:TCP"= 37836:TCP:PORT_37836
"23040:TCP"= 23040:TCP:PORT_23040
"45117:TCP"= 45117:TCP:PORT_45117
"33199:TCP"= 33199:TCP:PORT_33199
"57309:TCP"= 57309:TCP:PORT_57309
"31497:TCP"= 31497:TCP:PORT_31497
"51133:TCP"= 51133:TCP:PORT_51133
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.12.2008 20:40 721904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5.1.2010 7:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5.1.2010 7:56 74480]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 7:21 468224]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5.1.2010 7:56 7408]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [12.4.2009 11:40 24786]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [12.4.2009 11:40 45534]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [28.7.2009 12:13 32377]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [26.12.2009 21:07 27064]
S4 gupdate1c98d1a1f97a8ce;Google Update Service (gupdate1c98d1a1f97a8ce);c:\program files\Google\Update\GoogleUpdate.exe [12.2.2009 14:59 133104]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 13:59]
2010-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 13:59]
2010-01-11 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
2010-01-11 c:\windows\Tasks\User_Feed_Synchronization-{9D59650E-0831-4813-8BB2-14ADE04CE5E7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
mStart Page = hxxp://www.google.com
mWindow Title = Microsoft Internet Explorer
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://85.193.52.237/VatDec.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/57.07/uploader2.cab
DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_2.3.37.6.cab
DPF: {EAA105FE-7BBD-4196-8B96-D46743894195} - hxxp://85.193.52.188/plugin/mjpegcontrol.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Notify-AtiExtEvent - (no file)
MSConfigStartUp-regedit - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 21:28
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spas.sys hal.dll >>UNKNOWN [0x86F87938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf78dbf28
\Driver\ACPI -> ACPI.sys @ 0xf7715cb8
\Driver\atapi -> atapi.sys @ 0xf76aab40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf75a0bb0
PacketIndicateHandler -> NDIS.sys @ 0xf75ada21
SendHandler -> NDIS.sys @ 0xf758b87b
user & kernel MBR OK
malicious code @ sector 0x12a18ac1 size 0x18a !
PE file found in sector at 0x012A18AC1 !
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1614895754-1284227242-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(948)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(3684)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\MsPMSPSv.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
.
**************************************************************************
.
Celkový čas: 2010-01-11 21:32:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-11 20:32
Před spuštěním: 7 342 788 608
Po spuštění: 7 196 631 040
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 834DB00CF69CEF418656FFEE30FB2717
ComboFix 10-01-11.01 - Otomar 11.01.2010 21:21:37.16.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.720 [GMT 1:00]
Spuštěný z: c:\documents and settings\Otomar\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikacˇ\bybulet.vbs
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Otomar\Dokumenty\BackupRegistry(20100111).reg
c:\program files\ICQ6.5\updates\ICQLRun.exe.91c2e91e127ccb34d0b0bbd8b0533169
c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\Data
c:\windows\system32\Data\CT0060W.DAT
c:\windows\system32\Data\CTP0060W.DAT
c:\windows\system32\Data\CTP0061W.DAT
c:\windows\system32\Data\CTP0100W.DAT
c:\windows\system32\Data\CTP0101W.DAT
c:\windows\system32\Data\CTP0102W.DAT
c:\windows\system32\Data\CTP0103W.DAT
c:\windows\system32\Data\CTP0105W.DAT
c:\windows\system32\Data\CTP0170W.DAT
c:\windows\system32\Data\CTP017AW.DAT
c:\windows\system32\Data\CTP017BW.DAT
c:\windows\system32\Data\CTP017CW.DAT
c:\windows\system32\Data\CTP017DW.DAT
c:\windows\system32\Data\CTP017EW.DAT
c:\windows\system32\Data\CTP017FW.DAT
c:\windows\system32\Data\CTP017GW.DAT
c:\windows\system32\Data\CTP017HW.DAT
c:\windows\system32\Data\CTP0221W.DAT
c:\windows\system32\Data\CTP0222W.DAT
c:\windows\system32\Data\CTP0226W.DAT
c:\windows\system32\Data\CTP0228W.DAT
c:\windows\system32\Data\CTP0229W.DAT
c:\windows\system32\Data\CTP1140W.DAT
c:\windows\system32\Data\CTP4620W.DAT
c:\windows\system32\Data\CTP4670W.DAT
c:\windows\system32\Data\CTP4760W.DAT
c:\windows\system32\Data\CTP4780W.DAT
c:\windows\system32\Data\CTP4790W.DAT
c:\windows\system32\Data\CTP4830W.DAT
c:\windows\system32\Data\CTP4831W.DAT
c:\windows\system32\Data\CTP4832W.DAT
c:\windows\system32\Data\CTP4840W.DAT
c:\windows\system32\Data\CTP4850W.DAT
c:\windows\system32\Data\CTP4870W.DAT
c:\windows\system32\Data\CTP4871W.DAT
c:\windows\system32\Data\CTP4872W.DAT
c:\windows\system32\Data\CTP4875W.DAT
c:\windows\system32\Data\CTP4890W.DAT
c:\windows\system32\Data\CTP4891W.DAT
c:\windows\system32\Data\CTP4893W.DAT
c:\windows\system32\Data\CTPDXW.DAT
c:\windows\system32\Data\CTPM002W.DAT
c:\windows\system32\Data\CTSBASW.DAT
----- BITS: Možné infikované stránky -----
hxxp://nds1.nokia.com
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_OREANS32
-------\Service_oreans32
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-11 do 2010-01-11 )))))))))))))))))))))))))))))))
.
2010-01-11 19:50 . 2010-01-11 19:51 -------- d-----w- C:\rsit
2010-01-11 19:50 . 2010-01-11 19:51 -------- d-----w- c:\program files\trend micro
2010-01-11 14:54 . 2010-01-11 15:01 -------- d-----w- c:\program files\WinXP Manager
2010-01-11 13:58 . 2010-01-11 13:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-11 12:32 . 2010-01-11 12:32 -------- d-----w- c:\program files\Codemasters
2010-01-09 14:11 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-01-09 14:11 . 2010-01-09 14:11 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-07 14:52 . 2010-01-07 14:52 -------- d-----w- c:\program files\QuickTime
2010-01-05 12:01 . 2010-01-05 12:01 -------- d-----w- c:\program files\Common Files\PCSuite
2010-01-05 10:34 . 2010-01-05 10:34 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-04 20:20 . 2003-09-08 13:43 89728 ----a-w- c:\windows\system32\drivers\usbvsp.sys
2010-01-04 11:14 . 2010-01-04 11:39 -------- d-----w- c:\program files\Pracovní kalendář_203
2010-01-03 16:59 . 2010-01-11 20:27 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000D-00001102-00000002-100A1102}.dat
2010-01-03 16:59 . 2010-01-11 20:27 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-0000000D-00001102-00000002-100A1102}.dat
2010-01-01 23:41 . 2010-01-01 23:41 -------- d-----w- C:\m64pci
2010-01-01 23:26 . 2005-12-10 03:03 180224 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-12-31 10:43 . 2010-01-05 10:32 -------- d-----w- c:\program files\ATI
2009-12-26 21:51 . 2009-12-26 22:03 -------- d-----w- c:\program files\Rozpisy pro Sportku - free verze 107
2009-12-26 21:50 . 2009-12-26 21:50 796672 ----a-w- c:\windows\GPInstall.exe
2009-12-26 20:07 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2009-12-26 20:07 . 2009-12-26 20:07 -------- d-----w- c:\program files\VS Revo Group
2009-12-24 21:42 . 2009-12-24 21:42 -------- d-----w- c:\program files\VideoLAN
2009-12-24 20:07 . 2009-12-24 21:31 921632 ----a-w- C:\PA7302.DAT
2009-12-24 19:41 . 2007-11-02 10:07 6656 ----a-w- c:\windows\system32\CoInst_071029.dll
2009-12-24 19:41 . 2007-10-29 15:25 458112 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2009-12-24 19:41 . 2009-12-24 19:41 -------- d-----w- c:\windows\Pixart
2009-12-24 19:41 . 2009-12-24 19:41 -------- d-----w- c:\program files\KYE
2009-12-24 19:41 . 2006-11-20 08:01 163840 ----a-w- c:\windows\AMCap.exe
2009-12-24 19:37 . 2008-04-13 23:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-12-24 19:37 . 2008-04-13 23:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-12-20 17:05 . 2009-12-23 17:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-19 19:53 . 2009-12-19 19:53 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-19 19:53 . 2009-12-19 19:53 -------- d-----w- c:\program files\DivX
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 19:26 . 2009-07-18 15:58 3064 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-11 13:58 . 2008-12-09 14:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-09 14:12 . 2009-01-14 07:28 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-09 14:11 . 2008-12-04 09:54 -------- d-----w- c:\program files\Nokia
2010-01-08 15:13 . 2008-12-27 11:23 -------- d-----w- c:\program files\ICQ6.5
2010-01-07 14:50 . 2009-08-07 17:08 -------- d-----w- c:\program files\Common Files\Apple
2010-01-05 11:33 . 2008-12-02 20:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 17:13 . 2009-04-25 22:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-03 00:04 . 2009-08-19 20:49 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000002-100A1102}.dat
2010-01-03 00:04 . 2009-08-19 20:49 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-0000000B-00001102-00000002-100A1102}.dat
2010-01-02 14:44 . 2009-03-02 09:56 -------- d-----w- c:\program files\RegHealer
2009-12-30 13:55 . 2009-10-25 17:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:54 . 2009-10-25 17:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 20:29 . 2008-12-02 21:01 -------- d-----w- c:\program files\totalcmd
2009-12-26 20:10 . 2009-01-01 19:00 -------- d-----w- c:\program files\Google
2009-12-24 15:59 . 2009-09-12 11:05 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-24 15:09 . 2009-09-12 11:19 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-22 17:41 . 2001-10-25 12:00 86856 ----a-w- c:\windows\system32\perfc005.dat
2009-12-22 17:41 . 2001-10-25 12:00 448976 ----a-w- c:\windows\system32\perfh005.dat
2009-12-12 14:43 . 2009-12-12 14:43 18944 ----a-w- c:\windows\system32\vbCPUInf.dll
2009-12-12 14:15 . 2009-12-12 14:15 -------- d-----w- c:\program files\CM Data Software
2009-12-12 14:14 . 2009-12-12 14:15 737280 ----a-w- c:\windows\iun6002.exe
2009-12-04 05:39 . 2009-12-01 13:38 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-03 15:19 . 2009-04-01 16:12 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-03 15:18 . 2009-12-03 15:18 -------- d-----w- c:\program files\vso
2009-12-03 14:44 . 2009-12-03 14:44 -------- d-----w- c:\program files\Common Files\debugmode
2009-12-03 14:44 . 2009-12-03 14:44 -------- d-----w- c:\program files\Debugmode
2009-12-03 12:53 . 2009-12-03 12:53 -------- d-----w- c:\program files\novaPDF Professional Desktop 7
2009-11-27 16:08 . 2009-11-27 16:08 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-11-24 08:15 . 2009-12-03 12:53 22216 ----a-w- c:\windows\system32\novamnp7.dll
2009-11-24 08:15 . 2009-12-03 12:53 19656 ----a-w- c:\windows\system32\novamip7.dll
2009-11-22 23:49 . 2009-07-28 11:13 -------- d-----w- c:\program files\NSS
2009-11-02 12:45 . 2008-12-02 22:46 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-10-29 07:43 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-24 15:02 . 2009-10-24 15:02 548 ----a-w- c:\windows\eReg.dat
2009-10-22 19:43 . 2009-03-15 19:46 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-21 05:40 . 2004-08-17 13:49 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-17 13:49 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 21:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 13:46 . 2008-09-24 00:19 490 ----a-w- c:\program files\R3Engine.ini
2009-04-11 13:46 . 2009-04-11 13:46 26791 ----a-w- c:\program files\Uninstall.ini
2009-04-11 13:46 . 2008-10-12 13:10 230490 ----a-w- c:\program files\Uninstall.exe
2009-03-31 12:12 . 2009-03-31 12:09 44 ----a-w- c:\program files\error_message.txt
2008-10-04 13:05 . 2008-10-04 13:05 10141468 ----a-w- c:\program files\RF_Online.bin
2008-09-24 00:55 . 2008-09-24 00:55 2288791 ----a-w- c:\program files\CHLOG.TXT
2008-09-20 13:23 . 2008-09-20 13:23 16842 ----a-w- c:\program files\LauncherMessage.ini
2008-07-27 20:34 . 2008-07-27 20:34 48610 ----a-w- c:\program files\GameData.edf
2008-06-06 07:25 . 2008-06-06 07:25 437457 ----a-w- c:\program files\CharacterW.edf
2008-06-06 07:25 . 2008-06-06 07:25 437457 ----a-w- c:\program files\Character.edf
2008-04-25 11:11 . 2008-04-25 11:11 2127673 ----a-w- c:\program files\Language.pak
2007-01-16 13:19 . 2007-01-16 13:19 143360 ----a-w- c:\program files\Updater.lc
2005-12-16 07:51 . 2005-12-16 07:51 126 ----a-w- c:\program files\Ceba.env
2004-12-07 09:11 . 2004-12-07 09:11 258352 ----a-w- c:\program files\unicows.dll
2004-10-08 10:34 . 2004-10-08 10:34 163840 ----a-w- c:\program files\X2PU.dll
2004-08-29 18:31 . 2004-08-29 18:31 14816 ----a-w- c:\program files\x2prtm.sys
2004-08-18 14:20 . 2004-08-18 14:20 184320 ----a-w- c:\program files\TcX2G.dll
2004-08-18 14:20 . 2004-08-18 14:20 15264 ----a-w- c:\program files\x2prm2.sys
2004-08-18 14:20 . 2004-08-18 14:20 106496 ----a-w- c:\program files\X2PMgr.dll
2004-08-17 14:09 . 2004-08-17 14:09 15264 ----a-w- c:\program files\x2prm.sys
2004-08-17 14:09 . 2004-08-17 14:09 106496 ----a-w- c:\program files\X2ProcMon.dll
2004-05-10 18:50 . 2004-05-10 18:50 188416 ----a-w- c:\program files\X2ReportDll.dll
2003-06-14 17:18 . 2003-06-14 17:18 39 ----a-w- c:\program files\dlctemp.db
2003-01-29 13:10 . 2003-01-29 13:10 764928 ----a-w- c:\program files\dbghelp.dll
2003-01-20 10:15 . 2003-01-20 10:15 349696 ----a-w- c:\program files\MSS32.DLL
2003-01-20 10:15 . 2003-01-20 10:15 125952 ----a-w- c:\program files\mssmp3.asi
2002-09-13 12:17 . 2002-09-13 12:17 630 ----a-w- c:\program files\Sound.ini
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Otomar^Nabídka Start^Programy^Po spuštění^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis True Image Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\av_md
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regedit32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2006-12-08 16:01 547840 ----a-w- c:\windows\mHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 07:52 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-08-28 08:45 24576 ----a-w- c:\windows\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-01-15 01:22 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-29 00:00 28672 ----a-w- c:\program files\Creative\SBLive\Program\ADGJDet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2009-10-26 16:26 753664 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
2007-03-15 09:06 2225208 ----a-w- c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-11-07 13:31 21633320 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Cleaner]
2006-07-14 21:12 118784 ----a-w- c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-12-09 06:08 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-20 22:21 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"Dot3svcnapagent"=2 (0x2)
"Bonjour Service"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1c98d1a1f97a8ce"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"42464:TCP"= 42464:TCP:PORT_42464
"7172:TCP"= 7172:TCP:PORT_7172
"40840:TCP"= 40840:TCP:PORT_40840
"21551:TCP"= 21551:TCP:PORT_21551
"29055:TCP"= 29055:TCP:PORT_29055
"51918:TCP"= 51918:TCP:PORT_51918
"31676:TCP"= 31676:TCP:PORT_31676
"12293:TCP"= 12293:TCP:PORT_12293
"17041:TCP"= 17041:TCP:PORT_17041
"62098:TCP"= 62098:TCP:PORT_62098
"57492:TCP"= 57492:TCP:PORT_57492
"16022:TCP"= 16022:TCP:PORT_16022
"47258:TCP"= 47258:TCP:PORT_47258
"59191:TCP"= 59191:TCP:PORT_59191
"38148:TCP"= 38148:TCP:PORT_38148
"43141:TCP"= 43141:TCP:PORT_43141
"31726:TCP"= 31726:TCP:PORT_31726
"33680:TCP"= 33680:TCP:PORT_33680
"10453:TCP"= 10453:TCP:PORT_10453
"5860:TCP"= 5860:TCP:PORT_5860
"14172:TCP"= 14172:TCP:PORT_14172
"15893:TCP"= 15893:TCP:PORT_15893
"37836:TCP"= 37836:TCP:PORT_37836
"23040:TCP"= 23040:TCP:PORT_23040
"45117:TCP"= 45117:TCP:PORT_45117
"33199:TCP"= 33199:TCP:PORT_33199
"57309:TCP"= 57309:TCP:PORT_57309
"31497:TCP"= 31497:TCP:PORT_31497
"51133:TCP"= 51133:TCP:PORT_51133
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.12.2008 20:40 721904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5.1.2010 7:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5.1.2010 7:56 74480]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 7:21 468224]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5.1.2010 7:56 7408]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [12.4.2009 11:40 24786]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [12.4.2009 11:40 45534]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [28.7.2009 12:13 32377]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [26.12.2009 21:07 27064]
S4 gupdate1c98d1a1f97a8ce;Google Update Service (gupdate1c98d1a1f97a8ce);c:\program files\Google\Update\GoogleUpdate.exe [12.2.2009 14:59 133104]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 13:59]
2010-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 13:59]
2010-01-11 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
2010-01-11 c:\windows\Tasks\User_Feed_Synchronization-{9D59650E-0831-4813-8BB2-14ADE04CE5E7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
mStart Page = hxxp://www.google.com
mWindow Title = Microsoft Internet Explorer
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://85.193.52.237/VatDec.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/57.07/uploader2.cab
DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_2.3.37.6.cab
DPF: {EAA105FE-7BBD-4196-8B96-D46743894195} - hxxp://85.193.52.188/plugin/mjpegcontrol.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Notify-AtiExtEvent - (no file)
MSConfigStartUp-regedit - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 21:28
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spas.sys hal.dll >>UNKNOWN [0x86F87938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf78dbf28
\Driver\ACPI -> ACPI.sys @ 0xf7715cb8
\Driver\atapi -> atapi.sys @ 0xf76aab40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf75a0bb0
PacketIndicateHandler -> NDIS.sys @ 0xf75ada21
SendHandler -> NDIS.sys @ 0xf758b87b
user & kernel MBR OK
malicious code @ sector 0x12a18ac1 size 0x18a !
PE file found in sector at 0x012A18AC1 !
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1614895754-1284227242-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(948)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(3684)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\MsPMSPSv.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
.
**************************************************************************
.
Celkový čas: 2010-01-11 21:32:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-11 20:32
Před spuštěním: 7 342 788 608
Po spuštění: 7 196 631 040
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 834DB00CF69CEF418656FFEE30FB2717
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3
Je tam toho kupa 
~~~
Znáte následující porty?
~~~
Odinstalujte všechny virtuální mechaniky (Daemon, Alcohol atp.)
~~~
Stáhněte MBR.exe
Uložte tuto utilitu na Plochu.
Stiskněte Start -> Spustit [Win+R] -> zadejte / vkopírujte následující:
a stiskněte Enter.
Na ploše se vytvoří textový soubor s názvem mbr.log, jehož obsah mi sem vkopírujete.
~~~
Stáhněte GMER a dvojklikem spusťte.
Několik sekund bude skenovat. Poté klikněte na 'Save' v pravém dolním rohu a uložte první log - ten vložte sem do fóra.
Poté vytvořte druhý log, přičemž se budete řídit tímto návodem. Tento log sem také vložte.
~~~
Otestujte na VirusTotal soubory:
Jednoduše tam vkopírujete cesty, co jsem napsal do code, když Vám to napíše, že soubor byl testován, dejte otestovat znovu. Poté jsem vložíte linky (odkazy) na jednotlivé testy.
~~~
Znáte následující porty?
Kód: Vybrat vše
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"42464:TCP"= 42464:TCP:PORT_42464
"7172:TCP"= 7172:TCP:PORT_7172
"40840:TCP"= 40840:TCP:PORT_40840
"21551:TCP"= 21551:TCP:PORT_21551
"29055:TCP"= 29055:TCP:PORT_29055
"51918:TCP"= 51918:TCP:PORT_51918
"31676:TCP"= 31676:TCP:PORT_31676
"12293:TCP"= 12293:TCP:PORT_12293
"17041:TCP"= 17041:TCP:PORT_17041
"62098:TCP"= 62098:TCP:PORT_62098
"57492:TCP"= 57492:TCP:PORT_57492
"16022:TCP"= 16022:TCP:PORT_16022
"47258:TCP"= 47258:TCP:PORT_47258
"59191:TCP"= 59191:TCP:PORT_59191
"38148:TCP"= 38148:TCP:PORT_38148
"43141:TCP"= 43141:TCP:PORT_43141
"31726:TCP"= 31726:TCP:PORT_31726
"33680:TCP"= 33680:TCP:PORT_33680
"10453:TCP"= 10453:TCP:PORT_10453
"5860:TCP"= 5860:TCP:PORT_5860
"14172:TCP"= 14172:TCP:PORT_14172
"15893:TCP"= 15893:TCP:PORT_15893
"37836:TCP"= 37836:TCP:PORT_37836
"23040:TCP"= 23040:TCP:PORT_23040
"45117:TCP"= 45117:TCP:PORT_45117
"33199:TCP"= 33199:TCP:PORT_33199
"57309:TCP"= 57309:TCP:PORT_57309
"31497:TCP"= 31497:TCP:PORT_31497
"51133:TCP"= 51133:TCP:PORT_51133Odinstalujte všechny virtuální mechaniky (Daemon, Alcohol atp.)
~~~
~~~motji píše:Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
Stáhněte MBR.exe
Uložte tuto utilitu na Plochu.
Stiskněte Start -> Spustit [Win+R] -> zadejte / vkopírujte následující:
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -tNa ploše se vytvoří textový soubor s názvem mbr.log, jehož obsah mi sem vkopírujete.
~~~
Stáhněte GMER a dvojklikem spusťte.
Několik sekund bude skenovat. Poté klikněte na 'Save' v pravém dolním rohu a uložte první log - ten vložte sem do fóra.
Poté vytvořte druhý log, přičemž se budete řídit tímto návodem. Tento log sem také vložte.
~~~
Otestujte na VirusTotal soubory:
Kód: Vybrat vše
c:\windows\system32\drivers\revoflt.sysinactive
Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3
Tak zde vysledky:
1. Následující porty mi nic neříkají
2. Log z MBR:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x12a18ac1 size 0x18a !
PE file found in sector at 0x012A18AC1 !
3. Zde log z GMER_prvni:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-11 23:43:43
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Otomar\LOCALS~1\Temp\fgtdapob.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x12a18ac1 size 0x18a
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
---- EOF - GMER 1.0.15 ----
4. Zde log z GMER_druhy:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-12 03:57:15
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Otomar\LOCALS~1\Temp\fgtdapob.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF312B0B0]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[384] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0xBA 0x55 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x47 0x8A 0x1A 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8D 0xFC 0x6B 0xD0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x93 0xEC 0x59 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x17 0x33 0x9C 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x86 0x8A 0xAC 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x8C 0xB1 0xCE 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxitlewxdu.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCE 0x03 0xE0 0xD2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x17 0x33 0x9C 0x5C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD6 0xB1 0x7B 0x01 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0xBA 0x55 0xCC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x47 0x8A 0x1A 0x27 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8D 0xFC 0x6B 0xD0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x93 0xEC 0x59 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x17 0x33 0x9C 0x5C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x86 0x8A 0xAC 0xA7 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x8C 0xB1 0xCE 0xD9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xC6 0xB5 0x0F 0x93 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x12a18ac1 size 0x18a
---- EOF - GMER 1.0.15 ----
5. Test VirusTotalu:
a-squared 4.5.0.48 2010.01.12 -
AhnLab-V3 5.0.0.2 2010.01.12 -
AntiVir 7.9.1.134 2010.01.11 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.12 -
Avast 4.8.1351.0 2010.01.11 -
AVG 9.0.0.725 2010.01.11 -
BitDefender 7.2 2010.01.12 -
CAT-QuickHeal 10.00 2010.01.12 -
ClamAV 0.94.1 2010.01.12 -
Comodo 3554 2010.01.12 -
DrWeb 5.0.1.12222 2010.01.12 -
eSafe 7.0.17.0 2010.01.11 -
eTrust-Vet 35.2.7232 2010.01.12 -
F-Prot 4.5.1.85 2010.01.12 -
F-Secure 9.0.15370.0 2010.01.12 -
Fortinet 4.0.14.0 2010.01.12 -
GData 19 2010.01.12 -
Ikarus T3.1.1.80.0 2010.01.12 -
Jiangmin 13.0.900 2010.01.12 -
K7AntiVirus 7.10.944 2010.01.11 -
Kaspersky 7.0.0.125 2010.01.12 -
McAfee 5858 2010.01.11 -
McAfee+Artemis 5858 2010.01.11 -
McAfee-GW-Edition 6.8.5 2010.01.12 -
Microsoft 1.5302 2010.01.12 -
NOD32 4762 2010.01.11 -
Norman 6.04.03 2010.01.11 -
nProtect 2009.1.8.0 2010.01.12 -
Panda 10.0.2.2 2010.01.11 -
PCTools 7.0.3.5 2010.01.12 -
Prevx 3.0 2010.01.12 -
Rising 22.30.01.03 2010.01.12 -
Sophos 4.49.0 2010.01.12 -
Sunbelt 3.2.1858.2 2010.01.12 -
Symantec 20091.2.0.41 2010.01.12 -
TheHacker 6.5.0.3.147 2010.01.12 -
TrendMicro 9.120.0.1004 2010.01.12 -
VBA32 3.12.12.1 2010.01.12 -
ViRobot 2010.1.12.2131 2010.01.12 -
VirusBuster 5.0.21.0 2010.01.11 -
Rozšiřující informace
File size: 27064 bytes
MD5...: 8b5b8a11306190c6963d3473f052d3c8
SHA1..: e32af66c483cd57d349dd9779adf07c731791a8c
SHA256: bebcca8109c742447c862907b7a3924548303ac720e3fb16563f24df3238f82b
ssdeep: 384:IomlqViPUGwnqeoLjN91do5w5RXJcJYB1sDwsvbuJYJLyebCY1M6jK:YqKUG
yWuw5ROJYsDwcbNL7bCEMmK
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x4117
timedatestamp.....: 0x4b3b1a60 (Wed Dec 30 09:16:16 2009)
machinetype.......: 0x14c (I386)
( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0x28a3 0x2900 6.56 9899aa53f99a2b12ff2ddd6d046359b0
.rdata 0x2d80 0x24c 0x280 3.59 a82958169b2aa967bb79ca2f39c63108
.data 0x3000 0x810 0x880 0.05 d658d6d43012307207c15614491e9525
PAGE 0x3880 0x53b 0x580 5.99 853d8144755e317a00c0302ec64137ce
INIT 0x3e00 0x92e 0x980 5.60 6e4605a10b66746164ab374e8b33de39
.rsrc 0x4780 0x3b0 0x400 3.11 7cc4b938d8e76ac7e7ce6a9be3443565
.reloc 0x4b80 0x39e 0x400 5.96 c53269711b9b17a6bcb6a29bc0d049b9
( 3 imports )
> ntoskrnl.exe: ZwClose, ZwQueryKey, ObOpenObjectByPointer, CmRegisterCallback, KeQuerySystemTime, ExInitializeNPagedLookasideList, ZwEnumerateValueKey, ExInterlockedPushEntrySList, PsGetCurrentThreadId, ZwOpenKey, KeTickCount, KeBugCheckEx, PsGetCurrentProcessId, memset, ObfReferenceObject, IoVolumeDeviceToDosName, ObfDereferenceObject, MmIsAddressValid, ObQueryNameString, PsSetCreateProcessNotifyRoutine, CmUnRegisterCallback, ExDeleteNPagedLookasideList, memcpy, RtlInitUnicodeString, ExAllocatePoolWithTag, ZwQueryValueKey, ExFreePoolWithTag, ExInterlockedPopEntrySList, DbgPrint, RtlUnwind
> HAL.dll: KfReleaseSpinLock, KfAcquireSpinLock
> FLTMGR.SYS: FltRegisterFilter, FltBuildDefaultSecurityDescriptor, FltCreateCommunicationPort, FltFreeSecurityDescriptor, FltStartFiltering, FltGetFileNameInformation, FltParseFileNameInformation, FltReleaseFileNameInformation, FltIsDirectory, FltCloseCommunicationPort, FltUnregisterFilter, FltCloseClientPort, FltGetDestinationFileNameInformation
( 0 exports )
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: VS Revo Group
copyright....: (c) VS Revo Group, Ltd. All rights reserved.
product......: Revo Uninstaller Pro
description..: Revo Uninstaller Minifilter
original name: revoflt.sys
internal name: revoflt.sys
file version.: 1, 0, 0, 4 built by: WinDDK
comments.....: n/a
signers......: VS Revo Group
VeriSign Class 3 Code Signing 2009-2 CA
Class 3 Public Primary Certification Authority
signing date.: 10:20 AM 12/30/2009
verified.....: -
pdfid.: -
trid..: Win32 Executable Generic (58.4%)
Clipper DOS Executable (13.8%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.7%)
VXD Driver (0.2%)
Tot vse
1. Následující porty mi nic neříkají
2. Log z MBR:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x12a18ac1 size 0x18a !
PE file found in sector at 0x012A18AC1 !
3. Zde log z GMER_prvni:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-11 23:43:43
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Otomar\LOCALS~1\Temp\fgtdapob.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x12a18ac1 size 0x18a
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
---- EOF - GMER 1.0.15 ----
4. Zde log z GMER_druhy:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-12 03:57:15
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Otomar\LOCALS~1\Temp\fgtdapob.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF312B0B0]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[384] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0xBA 0x55 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x47 0x8A 0x1A 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8D 0xFC 0x6B 0xD0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x93 0xEC 0x59 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x17 0x33 0x9C 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x86 0x8A 0xAC 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x8C 0xB1 0xCE 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxitlewxdu.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCE 0x03 0xE0 0xD2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x17 0x33 0x9C 0x5C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD6 0xB1 0x7B 0x01 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0xBA 0x55 0xCC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x47 0x8A 0x1A 0x27 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8D 0xFC 0x6B 0xD0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x93 0xEC 0x59 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x17 0x33 0x9C 0x5C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x86 0x8A 0xAC 0xA7 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x8C 0xB1 0xCE 0xD9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xC6 0xB5 0x0F 0x93 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x12a18ac1 size 0x18a
---- EOF - GMER 1.0.15 ----
5. Test VirusTotalu:
a-squared 4.5.0.48 2010.01.12 -
AhnLab-V3 5.0.0.2 2010.01.12 -
AntiVir 7.9.1.134 2010.01.11 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.12 -
Avast 4.8.1351.0 2010.01.11 -
AVG 9.0.0.725 2010.01.11 -
BitDefender 7.2 2010.01.12 -
CAT-QuickHeal 10.00 2010.01.12 -
ClamAV 0.94.1 2010.01.12 -
Comodo 3554 2010.01.12 -
DrWeb 5.0.1.12222 2010.01.12 -
eSafe 7.0.17.0 2010.01.11 -
eTrust-Vet 35.2.7232 2010.01.12 -
F-Prot 4.5.1.85 2010.01.12 -
F-Secure 9.0.15370.0 2010.01.12 -
Fortinet 4.0.14.0 2010.01.12 -
GData 19 2010.01.12 -
Ikarus T3.1.1.80.0 2010.01.12 -
Jiangmin 13.0.900 2010.01.12 -
K7AntiVirus 7.10.944 2010.01.11 -
Kaspersky 7.0.0.125 2010.01.12 -
McAfee 5858 2010.01.11 -
McAfee+Artemis 5858 2010.01.11 -
McAfee-GW-Edition 6.8.5 2010.01.12 -
Microsoft 1.5302 2010.01.12 -
NOD32 4762 2010.01.11 -
Norman 6.04.03 2010.01.11 -
nProtect 2009.1.8.0 2010.01.12 -
Panda 10.0.2.2 2010.01.11 -
PCTools 7.0.3.5 2010.01.12 -
Prevx 3.0 2010.01.12 -
Rising 22.30.01.03 2010.01.12 -
Sophos 4.49.0 2010.01.12 -
Sunbelt 3.2.1858.2 2010.01.12 -
Symantec 20091.2.0.41 2010.01.12 -
TheHacker 6.5.0.3.147 2010.01.12 -
TrendMicro 9.120.0.1004 2010.01.12 -
VBA32 3.12.12.1 2010.01.12 -
ViRobot 2010.1.12.2131 2010.01.12 -
VirusBuster 5.0.21.0 2010.01.11 -
Rozšiřující informace
File size: 27064 bytes
MD5...: 8b5b8a11306190c6963d3473f052d3c8
SHA1..: e32af66c483cd57d349dd9779adf07c731791a8c
SHA256: bebcca8109c742447c862907b7a3924548303ac720e3fb16563f24df3238f82b
ssdeep: 384:IomlqViPUGwnqeoLjN91do5w5RXJcJYB1sDwsvbuJYJLyebCY1M6jK:YqKUG
yWuw5ROJYsDwcbNL7bCEMmK
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x4117
timedatestamp.....: 0x4b3b1a60 (Wed Dec 30 09:16:16 2009)
machinetype.......: 0x14c (I386)
( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0x28a3 0x2900 6.56 9899aa53f99a2b12ff2ddd6d046359b0
.rdata 0x2d80 0x24c 0x280 3.59 a82958169b2aa967bb79ca2f39c63108
.data 0x3000 0x810 0x880 0.05 d658d6d43012307207c15614491e9525
PAGE 0x3880 0x53b 0x580 5.99 853d8144755e317a00c0302ec64137ce
INIT 0x3e00 0x92e 0x980 5.60 6e4605a10b66746164ab374e8b33de39
.rsrc 0x4780 0x3b0 0x400 3.11 7cc4b938d8e76ac7e7ce6a9be3443565
.reloc 0x4b80 0x39e 0x400 5.96 c53269711b9b17a6bcb6a29bc0d049b9
( 3 imports )
> ntoskrnl.exe: ZwClose, ZwQueryKey, ObOpenObjectByPointer, CmRegisterCallback, KeQuerySystemTime, ExInitializeNPagedLookasideList, ZwEnumerateValueKey, ExInterlockedPushEntrySList, PsGetCurrentThreadId, ZwOpenKey, KeTickCount, KeBugCheckEx, PsGetCurrentProcessId, memset, ObfReferenceObject, IoVolumeDeviceToDosName, ObfDereferenceObject, MmIsAddressValid, ObQueryNameString, PsSetCreateProcessNotifyRoutine, CmUnRegisterCallback, ExDeleteNPagedLookasideList, memcpy, RtlInitUnicodeString, ExAllocatePoolWithTag, ZwQueryValueKey, ExFreePoolWithTag, ExInterlockedPopEntrySList, DbgPrint, RtlUnwind
> HAL.dll: KfReleaseSpinLock, KfAcquireSpinLock
> FLTMGR.SYS: FltRegisterFilter, FltBuildDefaultSecurityDescriptor, FltCreateCommunicationPort, FltFreeSecurityDescriptor, FltStartFiltering, FltGetFileNameInformation, FltParseFileNameInformation, FltReleaseFileNameInformation, FltIsDirectory, FltCloseCommunicationPort, FltUnregisterFilter, FltCloseClientPort, FltGetDestinationFileNameInformation
( 0 exports )
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: VS Revo Group
copyright....: (c) VS Revo Group, Ltd. All rights reserved.
product......: Revo Uninstaller Pro
description..: Revo Uninstaller Minifilter
original name: revoflt.sys
internal name: revoflt.sys
file version.: 1, 0, 0, 4 built by: WinDDK
comments.....: n/a
signers......: VS Revo Group
VeriSign Class 3 Code Signing 2009-2 CA
Class 3 Public Primary Certification Authority
signing date.: 10:20 AM 12/30/2009
verified.....: -
pdfid.: -
trid..: Win32 Executable Generic (58.4%)
Clipper DOS Executable (13.8%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.7%)
VXD Driver (0.2%)
Tot vse
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3
Jedeme dál.
~~~
Stáhněte The Avenger.
Dvojklikem spusťte a klikněte na OK.
Otevře se Vám samotné okno programu. Následující skript v zeleném poli vkopírujte do okna 'Input Script Here'.
Klikněte na 'Execute'. Následně potvrdíte spuštění skriptu a restart.
Po restartu Vám program vyhodí log, ten mi sem vkopírujete.
~~~
Stáhněte The Avenger.
Dvojklikem spusťte a klikněte na OK.
Otevře se Vám samotné okno programu. Následující skript v zeleném poli vkopírujte do okna 'Input Script Here'.
Kód: Vybrat vše
Files to delete:
C:\Windows\system32\drivers\gaopdxserv.sys
C:\Windows\system32\drivers\gaopdxitlewxdu.sys
Drivers to delete:
gaopdxserv.sysPo restartu Vám program vyhodí log, ten mi sem vkopírujete.
Naposledy upravil(a) Unlimited_Killer dne 12 led 2010 21:28, celkem upraveno 1 x.
inactive
Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3
Provedu!:) Ale až ráno,jsem na noční směně a koukám na to v mobilu.Prozatím díky
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3
Jasně, je tam rootkit, až se vrátím ze školy, jsem zvědav na výsledek
inactive
Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3
Mno zajimave 
zde log z Avengeru:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "C:\Windows\system32\drivers\gaopdxserv.sys" not found!
Deletion of file "C:\Windows\system32\drivers\gaopdxserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\Windows\system32\drivers\gaopdxitlewxdu.sys" not found!
Deletion of file "C:\Windows\system32\drivers\gaopdxitlewxdu.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\gaopdxserv.sys" not found!
Deletion of driver "gaopdxserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
Koukal jsem, že v C:\Windows\system32\drivers výše uvedené soubory nejsou a v registrech v:
HKLM\SYSTEM\ControlSet003\Services\ zustal prazdny klíč gaopdxserv.sys
zde log z Avengeru:Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "C:\Windows\system32\drivers\gaopdxserv.sys" not found!
Deletion of file "C:\Windows\system32\drivers\gaopdxserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\Windows\system32\drivers\gaopdxitlewxdu.sys" not found!
Deletion of file "C:\Windows\system32\drivers\gaopdxitlewxdu.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\gaopdxserv.sys" not found!
Deletion of driver "gaopdxserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
Koukal jsem, že v C:\Windows\system32\drivers výše uvedené soubory nejsou a v registrech v:
HKLM\SYSTEM\ControlSet003\Services\ zustal prazdny klíč gaopdxserv.sys
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3
Ještě jeden skript zkusíme, pravděpodobně tam je již jen pozůstatek.
~~~
Stáhněte The Avenger.
Dvojklikem spusťte a klikněte na OK.
Otevře se Vám samotné okno programu. Následující skript v zeleném poli vkopírujte do okna 'Input Script Here'.
Klikněte na 'Execute'. Následně potvrdíte spuštění skriptu a restart.
Po restartu Vám program vyhodí log, ten mi sem vkopírujete.
~~~
Stáhněte The Avenger.
Dvojklikem spusťte a klikněte na OK.
Otevře se Vám samotné okno programu. Následující skript v zeleném poli vkopírujte do okna 'Input Script Here'.
Kód: Vybrat vše
Registry keys to delete:
HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sysPo restartu Vám program vyhodí log, ten mi sem vkopírujete.
inactive
Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3
Zde log:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Registry key "HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Registry key "HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3
Jeste dovetek - dopoledne mi vyskocil ESET s hlaskou napadeni timto:
D:System Volume Information\_restore{A946BDF1-8A36-438F-86C1-BDB647370081}RP18\A0010967.exe
tak jsem vypnul obnoveni systemu, restart a znovu zapnul.
D:System Volume Information\_restore{A946BDF1-8A36-438F-86C1-BDB647370081}RP18\A0010967.exe
tak jsem vypnul obnoveni systemu, restart a znovu zapnul.
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3
To jste udělal dobře, teď Vám jen dopíšu skript do ComboFixu.
inactive
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3
Je tu
~~~
Otevřete si Poznámkový blok a zkopírujte do něj
uložte to na Plochu jako CFScript.txt Pak jej myší přetáhněte nad ComboFix (!musí být na Ploše!) a pusťte.
ComboFix vykoná příkazy ze skriptu, PC může být opět restartován.
Po skončení mi sem dejte log, který na Vás po dočistění vybafne.
~~~
Otevřete si Poznámkový blok a zkopírujte do něj
Kód: Vybrat vše
KillAll::
MBR::
File::
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"42464:TCP"=-
"7172:TCP"=-
"40840:TCP"=-
"21551:TCP"=-
"29055:TCP"=-
"51918:TCP"=-
"31676:TCP"=-
"12293:TCP"=-
"17041:TCP"=-
"62098:TCP"=-
"57492:TCP"=-
"16022:TCP"=-
"47258:TCP"=-
"59191:TCP"=-
"38148:TCP"=-
"43141:TCP"=-
"31726:TCP"=-
"33680:TCP"=-
"10453:TCP"=-
"5860:TCP"=-
"14172:TCP"=-
"15893:TCP"=-
"37836:TCP"=-
"23040:TCP"=-
"45117:TCP"=-
"33199:TCP"=-
"57309:TCP"=-
"31497:TCP"=-
"51133:TCP"=-
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis True Image Monitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\av_md]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regedit32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"=-ComboFix vykoná příkazy ze skriptu, PC může být opět restartován.
Po skončení mi sem dejte log, který na Vás po dočistění vybafne.
inactive
Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3
Tak zde log z CF :
ComboFix 10-01-12.05 - Otomar 13.01.2010 16:32:06.17.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.518 [GMT 1:00]
Spuštěný z: c:\documents and settings\Otomar\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Otomar\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
FILE ::
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\Scheduled Update for Ask Toolbar.job"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikacˇ\bybulet.vbs
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-13 do 2010-01-13 )))))))))))))))))))))))))))))))
.
2010-01-13 06:04 . 2010-01-13 06:04 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-11 19:50 . 2010-01-11 19:51 -------- d-----w- C:\rsit
2010-01-11 19:50 . 2010-01-11 19:51 -------- d-----w- c:\program files\trend micro
2010-01-11 14:54 . 2010-01-11 15:01 -------- d-----w- c:\program files\WinXP Manager
2010-01-11 13:58 . 2010-01-11 13:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-11 12:32 . 2010-01-11 12:32 -------- d-----w- c:\program files\Codemasters
2010-01-09 14:11 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-01-09 14:11 . 2010-01-09 14:11 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-07 14:52 . 2010-01-07 14:52 -------- d-----w- c:\program files\QuickTime
2010-01-05 12:01 . 2010-01-05 12:01 -------- d-----w- c:\program files\Common Files\PCSuite
2010-01-05 10:34 . 2010-01-05 10:34 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-04 20:20 . 2003-09-08 13:43 89728 ----a-w- c:\windows\system32\drivers\usbvsp.sys
2010-01-04 11:14 . 2010-01-04 11:39 -------- d-----w- c:\program files\Pracovní kalendář_203
2010-01-03 16:59 . 2010-01-11 20:27 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000D-00001102-00000002-100A1102}.dat
2010-01-03 16:59 . 2010-01-11 20:27 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-0000000D-00001102-00000002-100A1102}.dat
2010-01-01 23:41 . 2010-01-01 23:41 -------- d-----w- C:\m64pci
2010-01-01 23:26 . 2005-12-10 03:03 180224 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-12-31 10:43 . 2010-01-05 10:32 -------- d-----w- c:\program files\ATI
2009-12-26 21:51 . 2009-12-26 22:03 -------- d-----w- c:\program files\Rozpisy pro Sportku - free verze 107
2009-12-26 21:50 . 2009-12-26 21:50 796672 ----a-w- c:\windows\GPInstall.exe
2009-12-26 20:07 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2009-12-26 20:07 . 2009-12-26 20:07 -------- d-----w- c:\program files\VS Revo Group
2009-12-24 21:42 . 2009-12-24 21:42 -------- d-----w- c:\program files\VideoLAN
2009-12-24 20:07 . 2009-12-24 21:31 921632 ----a-w- C:\PA7302.DAT
2009-12-24 19:41 . 2007-11-02 10:07 6656 ----a-w- c:\windows\system32\CoInst_071029.dll
2009-12-24 19:41 . 2007-10-29 15:25 458112 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2009-12-24 19:41 . 2009-12-24 19:41 -------- d-----w- c:\windows\Pixart
2009-12-24 19:41 . 2009-12-24 19:41 -------- d-----w- c:\program files\KYE
2009-12-24 19:41 . 2006-11-20 08:01 163840 ----a-w- c:\windows\AMCap.exe
2009-12-24 19:37 . 2008-04-13 23:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-12-24 19:37 . 2008-04-13 23:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-12-20 17:05 . 2009-12-23 17:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-19 19:53 . 2009-12-19 19:53 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-19 19:53 . 2009-12-19 19:53 -------- d-----w- c:\program files\DivX
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 14:17 . 2009-07-18 15:58 3064 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-11 13:58 . 2008-12-09 14:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-09 14:12 . 2009-01-14 07:28 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-09 14:11 . 2008-12-04 09:54 -------- d-----w- c:\program files\Nokia
2010-01-08 15:13 . 2008-12-27 11:23 -------- d-----w- c:\program files\ICQ6.5
2010-01-07 14:50 . 2009-08-07 17:08 -------- d-----w- c:\program files\Common Files\Apple
2010-01-05 11:33 . 2008-12-02 20:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 17:13 . 2009-04-25 22:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-03 00:04 . 2009-08-19 20:49 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000002-100A1102}.dat
2010-01-03 00:04 . 2009-08-19 20:49 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-0000000B-00001102-00000002-100A1102}.dat
2010-01-02 14:44 . 2009-03-02 09:56 -------- d-----w- c:\program files\RegHealer
2009-12-30 13:55 . 2009-10-25 17:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:54 . 2009-10-25 17:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 20:29 . 2008-12-02 21:01 -------- d-----w- c:\program files\totalcmd
2009-12-26 20:10 . 2009-01-01 19:00 -------- d-----w- c:\program files\Google
2009-12-24 15:59 . 2009-09-12 11:05 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-24 15:09 . 2009-09-12 11:19 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-22 17:41 . 2001-10-25 12:00 86856 ----a-w- c:\windows\system32\perfc005.dat
2009-12-22 17:41 . 2001-10-25 12:00 448976 ----a-w- c:\windows\system32\perfh005.dat
2009-12-12 14:43 . 2009-12-12 14:43 18944 ----a-w- c:\windows\system32\vbCPUInf.dll
2009-12-12 14:15 . 2009-12-12 14:15 -------- d-----w- c:\program files\CM Data Software
2009-12-12 14:14 . 2009-12-12 14:15 737280 ----a-w- c:\windows\iun6002.exe
2009-12-04 05:39 . 2009-12-01 13:38 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-03 15:19 . 2009-04-01 16:12 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-03 15:18 . 2009-12-03 15:18 -------- d-----w- c:\program files\vso
2009-12-03 14:44 . 2009-12-03 14:44 -------- d-----w- c:\program files\Common Files\debugmode
2009-12-03 14:44 . 2009-12-03 14:44 -------- d-----w- c:\program files\Debugmode
2009-12-03 12:53 . 2009-12-03 12:53 -------- d-----w- c:\program files\novaPDF Professional Desktop 7
2009-11-27 16:08 . 2009-11-27 16:08 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-11-24 08:15 . 2009-12-03 12:53 22216 ----a-w- c:\windows\system32\novamnp7.dll
2009-11-24 08:15 . 2009-12-03 12:53 19656 ----a-w- c:\windows\system32\novamip7.dll
2009-11-22 23:49 . 2009-07-28 11:13 -------- d-----w- c:\program files\NSS
2009-11-02 12:45 . 2008-12-02 22:46 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-10-29 07:43 . 2004-08-17 13:49 916480 ------w- c:\windows\system32\wininet.dll
2009-10-24 15:02 . 2009-10-24 15:02 548 ----a-w- c:\windows\eReg.dat
2009-10-22 19:43 . 2009-03-15 19:46 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-21 05:40 . 2004-08-17 13:49 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-17 13:49 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 21:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 13:46 . 2008-09-24 00:19 490 ----a-w- c:\program files\R3Engine.ini
2009-04-11 13:46 . 2009-04-11 13:46 26791 ----a-w- c:\program files\Uninstall.ini
2009-04-11 13:46 . 2008-10-12 13:10 230490 ----a-w- c:\program files\Uninstall.exe
2009-03-31 12:12 . 2009-03-31 12:09 44 ----a-w- c:\program files\error_message.txt
2008-10-04 13:05 . 2008-10-04 13:05 10141468 ----a-w- c:\program files\RF_Online.bin
2008-09-24 00:55 . 2008-09-24 00:55 2288791 ----a-w- c:\program files\CHLOG.TXT
2008-09-20 13:23 . 2008-09-20 13:23 16842 ----a-w- c:\program files\LauncherMessage.ini
2008-07-27 20:34 . 2008-07-27 20:34 48610 ----a-w- c:\program files\GameData.edf
2008-06-06 07:25 . 2008-06-06 07:25 437457 ----a-w- c:\program files\CharacterW.edf
2008-06-06 07:25 . 2008-06-06 07:25 437457 ----a-w- c:\program files\Character.edf
2008-04-25 11:11 . 2008-04-25 11:11 2127673 ----a-w- c:\program files\Language.pak
2007-01-16 13:19 . 2007-01-16 13:19 143360 ----a-w- c:\program files\Updater.lc
2005-12-16 07:51 . 2005-12-16 07:51 126 ----a-w- c:\program files\Ceba.env
2004-12-07 09:11 . 2004-12-07 09:11 258352 ----a-w- c:\program files\unicows.dll
2004-10-08 10:34 . 2004-10-08 10:34 163840 ----a-w- c:\program files\X2PU.dll
2004-08-29 18:31 . 2004-08-29 18:31 14816 ----a-w- c:\program files\x2prtm.sys
2004-08-18 14:20 . 2004-08-18 14:20 184320 ----a-w- c:\program files\TcX2G.dll
2004-08-18 14:20 . 2004-08-18 14:20 15264 ----a-w- c:\program files\x2prm2.sys
2004-08-18 14:20 . 2004-08-18 14:20 106496 ----a-w- c:\program files\X2PMgr.dll
2004-08-17 14:09 . 2004-08-17 14:09 15264 ----a-w- c:\program files\x2prm.sys
2004-08-17 14:09 . 2004-08-17 14:09 106496 ----a-w- c:\program files\X2ProcMon.dll
2004-05-10 18:50 . 2004-05-10 18:50 188416 ----a-w- c:\program files\X2ReportDll.dll
2003-06-14 17:18 . 2003-06-14 17:18 39 ----a-w- c:\program files\dlctemp.db
2003-01-29 13:10 . 2003-01-29 13:10 764928 ----a-w- c:\program files\dbghelp.dll
2003-01-20 10:15 . 2003-01-20 10:15 349696 ----a-w- c:\program files\MSS32.DLL
2003-01-20 10:15 . 2003-01-20 10:15 125952 ----a-w- c:\program files\mssmp3.asi
2002-09-13 12:17 . 2002-09-13 12:17 630 ----a-w- c:\program files\Sound.ini
.
((((((((((((((((((((((((((((( SnapShot@2010-01-11_20.28.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-13 06:04 . 2010-01-13 06:04 470528 c:\windows\Installer\20afc.msi
+ 2008-11-05 11:02 . 2008-11-05 11:02 119296 c:\windows\Installer\20af3.msp
+ 2005-10-26 13:59 . 2005-10-26 13:59 2883072 c:\windows\Installer\20b01.msp
+ 2009-11-20 14:00 . 2009-11-20 14:00 5521408 c:\windows\Installer\20afd.msp
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Otomar^Nabídka Start^Programy^Po spuštění^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2006-12-08 16:01 547840 ----a-w- c:\windows\mHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 07:52 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-08-28 08:45 24576 ----a-w- c:\windows\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-01-15 01:22 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-29 00:00 28672 ----a-w- c:\program files\Creative\SBLive\Program\ADGJDet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2009-10-26 16:26 753664 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
2007-03-15 09:06 2225208 ----a-w- c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-11-07 13:31 21633320 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Cleaner]
2006-07-14 21:12 118784 ----a-w- c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"Dot3svcnapagent"=2 (0x2)
"Bonjour Service"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1c98d1a1f97a8ce"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5.1.2010 7:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5.1.2010 7:56 74480]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 7:21 468224]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5.1.2010 7:56 7408]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [12.4.2009 11:40 24786]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [12.4.2009 11:40 45534]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [28.7.2009 12:13 32377]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [26.12.2009 21:07 27064]
S4 gupdate1c98d1a1f97a8ce;Google Update Service (gupdate1c98d1a1f97a8ce);c:\program files\Google\Update\GoogleUpdate.exe [12.2.2009 14:59 133104]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
2010-01-13 c:\windows\Tasks\User_Feed_Synchronization-{9D59650E-0831-4813-8BB2-14ADE04CE5E7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
mStart Page = hxxp://www.google.com
mWindow Title = Microsoft Internet Explorer
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://85.193.52.237/VatDec.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/57.07/uploader2.cab
DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_2.3.37.6.cab
DPF: {EAA105FE-7BBD-4196-8B96-D46743894195} - hxxp://85.193.52.188/plugin/mjpegcontrol.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 16:40
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1614895754-1284227242-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(944)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(3860)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\MsPMSPSv.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
.
**************************************************************************
.
Celkový čas: 2010-01-13 16:45:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-13 15:45
ComboFix2.txt 2010-01-11 20:32
Před spuštěním: 8 481 067 008
Po spuštění: 8 563 105 792
- - End Of File - - 5F3EE2A1BFE6733C2DDCE4837B56F8D9
:ComboFix 10-01-12.05 - Otomar 13.01.2010 16:32:06.17.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.518 [GMT 1:00]
Spuštěný z: c:\documents and settings\Otomar\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Otomar\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
FILE ::
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\Scheduled Update for Ask Toolbar.job"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikacˇ\bybulet.vbs
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-13 do 2010-01-13 )))))))))))))))))))))))))))))))
.
2010-01-13 06:04 . 2010-01-13 06:04 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-11 19:50 . 2010-01-11 19:51 -------- d-----w- C:\rsit
2010-01-11 19:50 . 2010-01-11 19:51 -------- d-----w- c:\program files\trend micro
2010-01-11 14:54 . 2010-01-11 15:01 -------- d-----w- c:\program files\WinXP Manager
2010-01-11 13:58 . 2010-01-11 13:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-11 12:32 . 2010-01-11 12:32 -------- d-----w- c:\program files\Codemasters
2010-01-09 14:11 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-01-09 14:11 . 2010-01-09 14:11 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-07 14:52 . 2010-01-07 14:52 -------- d-----w- c:\program files\QuickTime
2010-01-05 12:01 . 2010-01-05 12:01 -------- d-----w- c:\program files\Common Files\PCSuite
2010-01-05 10:34 . 2010-01-05 10:34 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-04 20:20 . 2003-09-08 13:43 89728 ----a-w- c:\windows\system32\drivers\usbvsp.sys
2010-01-04 11:14 . 2010-01-04 11:39 -------- d-----w- c:\program files\Pracovní kalendář_203
2010-01-03 16:59 . 2010-01-11 20:27 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000D-00001102-00000002-100A1102}.dat
2010-01-03 16:59 . 2010-01-11 20:27 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-0000000D-00001102-00000002-100A1102}.dat
2010-01-01 23:41 . 2010-01-01 23:41 -------- d-----w- C:\m64pci
2010-01-01 23:26 . 2005-12-10 03:03 180224 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-12-31 10:43 . 2010-01-05 10:32 -------- d-----w- c:\program files\ATI
2009-12-26 21:51 . 2009-12-26 22:03 -------- d-----w- c:\program files\Rozpisy pro Sportku - free verze 107
2009-12-26 21:50 . 2009-12-26 21:50 796672 ----a-w- c:\windows\GPInstall.exe
2009-12-26 20:07 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2009-12-26 20:07 . 2009-12-26 20:07 -------- d-----w- c:\program files\VS Revo Group
2009-12-24 21:42 . 2009-12-24 21:42 -------- d-----w- c:\program files\VideoLAN
2009-12-24 20:07 . 2009-12-24 21:31 921632 ----a-w- C:\PA7302.DAT
2009-12-24 19:41 . 2007-11-02 10:07 6656 ----a-w- c:\windows\system32\CoInst_071029.dll
2009-12-24 19:41 . 2007-10-29 15:25 458112 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2009-12-24 19:41 . 2009-12-24 19:41 -------- d-----w- c:\windows\Pixart
2009-12-24 19:41 . 2009-12-24 19:41 -------- d-----w- c:\program files\KYE
2009-12-24 19:41 . 2006-11-20 08:01 163840 ----a-w- c:\windows\AMCap.exe
2009-12-24 19:37 . 2008-04-13 23:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-12-24 19:37 . 2008-04-13 23:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-12-20 17:05 . 2009-12-23 17:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-19 19:53 . 2009-12-19 19:53 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-19 19:53 . 2009-12-19 19:53 -------- d-----w- c:\program files\DivX
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 14:17 . 2009-07-18 15:58 3064 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-11 13:58 . 2008-12-09 14:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-09 14:12 . 2009-01-14 07:28 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-09 14:11 . 2008-12-04 09:54 -------- d-----w- c:\program files\Nokia
2010-01-08 15:13 . 2008-12-27 11:23 -------- d-----w- c:\program files\ICQ6.5
2010-01-07 14:50 . 2009-08-07 17:08 -------- d-----w- c:\program files\Common Files\Apple
2010-01-05 11:33 . 2008-12-02 20:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 17:13 . 2009-04-25 22:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-03 00:04 . 2009-08-19 20:49 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000002-100A1102}.dat
2010-01-03 00:04 . 2009-08-19 20:49 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-0000000B-00001102-00000002-100A1102}.dat
2010-01-02 14:44 . 2009-03-02 09:56 -------- d-----w- c:\program files\RegHealer
2009-12-30 13:55 . 2009-10-25 17:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:54 . 2009-10-25 17:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 20:29 . 2008-12-02 21:01 -------- d-----w- c:\program files\totalcmd
2009-12-26 20:10 . 2009-01-01 19:00 -------- d-----w- c:\program files\Google
2009-12-24 15:59 . 2009-09-12 11:05 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-24 15:09 . 2009-09-12 11:19 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-22 17:41 . 2001-10-25 12:00 86856 ----a-w- c:\windows\system32\perfc005.dat
2009-12-22 17:41 . 2001-10-25 12:00 448976 ----a-w- c:\windows\system32\perfh005.dat
2009-12-12 14:43 . 2009-12-12 14:43 18944 ----a-w- c:\windows\system32\vbCPUInf.dll
2009-12-12 14:15 . 2009-12-12 14:15 -------- d-----w- c:\program files\CM Data Software
2009-12-12 14:14 . 2009-12-12 14:15 737280 ----a-w- c:\windows\iun6002.exe
2009-12-04 05:39 . 2009-12-01 13:38 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-03 15:19 . 2009-04-01 16:12 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-03 15:18 . 2009-12-03 15:18 -------- d-----w- c:\program files\vso
2009-12-03 14:44 . 2009-12-03 14:44 -------- d-----w- c:\program files\Common Files\debugmode
2009-12-03 14:44 . 2009-12-03 14:44 -------- d-----w- c:\program files\Debugmode
2009-12-03 12:53 . 2009-12-03 12:53 -------- d-----w- c:\program files\novaPDF Professional Desktop 7
2009-11-27 16:08 . 2009-11-27 16:08 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-11-24 08:15 . 2009-12-03 12:53 22216 ----a-w- c:\windows\system32\novamnp7.dll
2009-11-24 08:15 . 2009-12-03 12:53 19656 ----a-w- c:\windows\system32\novamip7.dll
2009-11-22 23:49 . 2009-07-28 11:13 -------- d-----w- c:\program files\NSS
2009-11-02 12:45 . 2008-12-02 22:46 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-10-29 07:43 . 2004-08-17 13:49 916480 ------w- c:\windows\system32\wininet.dll
2009-10-24 15:02 . 2009-10-24 15:02 548 ----a-w- c:\windows\eReg.dat
2009-10-22 19:43 . 2009-03-15 19:46 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-21 05:40 . 2004-08-17 13:49 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-17 13:49 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 21:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 13:46 . 2008-09-24 00:19 490 ----a-w- c:\program files\R3Engine.ini
2009-04-11 13:46 . 2009-04-11 13:46 26791 ----a-w- c:\program files\Uninstall.ini
2009-04-11 13:46 . 2008-10-12 13:10 230490 ----a-w- c:\program files\Uninstall.exe
2009-03-31 12:12 . 2009-03-31 12:09 44 ----a-w- c:\program files\error_message.txt
2008-10-04 13:05 . 2008-10-04 13:05 10141468 ----a-w- c:\program files\RF_Online.bin
2008-09-24 00:55 . 2008-09-24 00:55 2288791 ----a-w- c:\program files\CHLOG.TXT
2008-09-20 13:23 . 2008-09-20 13:23 16842 ----a-w- c:\program files\LauncherMessage.ini
2008-07-27 20:34 . 2008-07-27 20:34 48610 ----a-w- c:\program files\GameData.edf
2008-06-06 07:25 . 2008-06-06 07:25 437457 ----a-w- c:\program files\CharacterW.edf
2008-06-06 07:25 . 2008-06-06 07:25 437457 ----a-w- c:\program files\Character.edf
2008-04-25 11:11 . 2008-04-25 11:11 2127673 ----a-w- c:\program files\Language.pak
2007-01-16 13:19 . 2007-01-16 13:19 143360 ----a-w- c:\program files\Updater.lc
2005-12-16 07:51 . 2005-12-16 07:51 126 ----a-w- c:\program files\Ceba.env
2004-12-07 09:11 . 2004-12-07 09:11 258352 ----a-w- c:\program files\unicows.dll
2004-10-08 10:34 . 2004-10-08 10:34 163840 ----a-w- c:\program files\X2PU.dll
2004-08-29 18:31 . 2004-08-29 18:31 14816 ----a-w- c:\program files\x2prtm.sys
2004-08-18 14:20 . 2004-08-18 14:20 184320 ----a-w- c:\program files\TcX2G.dll
2004-08-18 14:20 . 2004-08-18 14:20 15264 ----a-w- c:\program files\x2prm2.sys
2004-08-18 14:20 . 2004-08-18 14:20 106496 ----a-w- c:\program files\X2PMgr.dll
2004-08-17 14:09 . 2004-08-17 14:09 15264 ----a-w- c:\program files\x2prm.sys
2004-08-17 14:09 . 2004-08-17 14:09 106496 ----a-w- c:\program files\X2ProcMon.dll
2004-05-10 18:50 . 2004-05-10 18:50 188416 ----a-w- c:\program files\X2ReportDll.dll
2003-06-14 17:18 . 2003-06-14 17:18 39 ----a-w- c:\program files\dlctemp.db
2003-01-29 13:10 . 2003-01-29 13:10 764928 ----a-w- c:\program files\dbghelp.dll
2003-01-20 10:15 . 2003-01-20 10:15 349696 ----a-w- c:\program files\MSS32.DLL
2003-01-20 10:15 . 2003-01-20 10:15 125952 ----a-w- c:\program files\mssmp3.asi
2002-09-13 12:17 . 2002-09-13 12:17 630 ----a-w- c:\program files\Sound.ini
.
((((((((((((((((((((((((((((( SnapShot@2010-01-11_20.28.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-13 06:04 . 2010-01-13 06:04 470528 c:\windows\Installer\20afc.msi
+ 2008-11-05 11:02 . 2008-11-05 11:02 119296 c:\windows\Installer\20af3.msp
+ 2005-10-26 13:59 . 2005-10-26 13:59 2883072 c:\windows\Installer\20b01.msp
+ 2009-11-20 14:00 . 2009-11-20 14:00 5521408 c:\windows\Installer\20afd.msp
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Otomar^Nabídka Start^Programy^Po spuštění^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2006-12-08 16:01 547840 ----a-w- c:\windows\mHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 07:52 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-08-28 08:45 24576 ----a-w- c:\windows\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-01-15 01:22 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-29 00:00 28672 ----a-w- c:\program files\Creative\SBLive\Program\ADGJDet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2009-10-26 16:26 753664 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
2007-03-15 09:06 2225208 ----a-w- c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-11-07 13:31 21633320 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Cleaner]
2006-07-14 21:12 118784 ----a-w- c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"Dot3svcnapagent"=2 (0x2)
"Bonjour Service"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1c98d1a1f97a8ce"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5.1.2010 7:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5.1.2010 7:56 74480]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 7:21 468224]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5.1.2010 7:56 7408]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [12.4.2009 11:40 24786]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [12.4.2009 11:40 45534]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [28.7.2009 12:13 32377]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [26.12.2009 21:07 27064]
S4 gupdate1c98d1a1f97a8ce;Google Update Service (gupdate1c98d1a1f97a8ce);c:\program files\Google\Update\GoogleUpdate.exe [12.2.2009 14:59 133104]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
2010-01-13 c:\windows\Tasks\User_Feed_Synchronization-{9D59650E-0831-4813-8BB2-14ADE04CE5E7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
mStart Page = hxxp://www.google.com
mWindow Title = Microsoft Internet Explorer
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://85.193.52.237/VatDec.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/57.07/uploader2.cab
DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_2.3.37.6.cab
DPF: {EAA105FE-7BBD-4196-8B96-D46743894195} - hxxp://85.193.52.188/plugin/mjpegcontrol.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 16:40
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1614895754-1284227242-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(944)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(3860)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\MsPMSPSv.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
.
**************************************************************************
.
Celkový čas: 2010-01-13 16:45:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-13 15:45
ComboFix2.txt 2010-01-11 20:32
Před spuštěním: 8 481 067 008
Po spuštění: 8 563 105 792
- - End Of File - - 5F3EE2A1BFE6733C2DDCE4837B56F8D9
Přispějete na provoz fóra?