Ahoj,během chodu počítače hodně často vyskakují ruzné reklamy v prohlížečovém okně EXPLORERU který vůbec nepoužívám.Jsou to reklamy na GREEN CARD,TRAVIAN ale i další.Jelikož se v tomto ohledu moc neorientuji, pročítal jsem různé stránky a dočetl jsem se že mám počítač oscanovat programem Hijackthis (výsleden scanu je níž). Budu moc vděčný za každou radu.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:21, on 14.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\cacaoweb\cacaoweb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\Ehypoa.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Ep1.exe
C:\Documents and Settings\Administrator\Dokumenty\Downloads\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2269050
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=fbpage1&s ... Terms}&f=4
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [4StoryPrePatch] C:\Program Files\Gameforge4D\4Story\PrePatch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series (kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S173.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S176.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [cacaoweb] "C:\Program Files\cacaoweb\cacaoweb.exe" -noplayer
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [8DDYX0ZBPZ] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Ep1.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm921YYCZ
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/sr ... ab_srl.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Služba Google Update (gupdate1ca3198986498c0) (gupdate1ca3198986498c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 11507 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Vyskakující reklamy
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
chodnik74
- Přítel fóra
- Příspěvky: 4975
- Registrován: 13 zář 2010 21:30
- Bydliště: Napajedla
- Kontaktovat uživatele:
Re: Vyskakující reklamy
Dobrý den 
Odinstalujte Conduit Engine,SweetIM Toolbar,mywebsearch a všechny nepotřebné toolbary 
Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!
Odinstalujte Conduit Engine,SweetIM Toolbar,mywebsearch a všechny nepotřebné toolbary Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!
- Stáhneme si Combofix
- Program uložíme nejlépe na Plochu
- Vypneme všechny rezidentní štíty.Jak antiviru,tak antispywaru a firewallu
- Vypneme všechny běžící aplikace (ICQ,prohlížeč,programy) a necháme pouze Combofix
- Spustíme Combofix.exe s administrátorským oprávněním
U Windows XP se přihlásíme pod účtem správce
Ve Windows 7 a Vista klikněte pravým tlačítkem myši na Combofix.exe a dejte ,,Spustit jako správce,,) - Hned po startu programu na vás vyskočí licenční podmínky,tak potvrdíme tlačítkemANO
- Pokud vám Combofix nabídne instalaci Konzoly pro zotavení,tak souhlaste a nechte nainstalovat(zde je potřeba aktivní připojení na internet)
- Pokračujte dle pokynů programu a během skenování na nic neklikejte,na pc nepracujte(ICQ,jiné aplikace,internet..).Nechte počítač v klidu.
- Celý sken tvá mezi 5-15 min,ale pokud je v PC hodně havěti,tak se čas může lišit.
- Po skončení skenování(případném restartu počítače) se vám zobrazí log z Combofixu,který mi vložte sem(Kdyby se log nezobrazil,tak jej najdete zde: C:\ComboFix.txt
- (Pokud si nevíte rady s kterýmkoliv z výše uvedených kroků,tak se ptejte nebo mrkněte na detailnější návod včetně obrázků http://www.bleepingcomputer.com/combofi ... t-combofix )
Napiš mi: chodnik74@gmail.com nebo 
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| 
Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. 
Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce!
Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!
Jste s naší pomocí spokojeni 
Neváhejte a podpořte forum ZDE.
Pravidla fora: č.1 a č.2
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce! Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.Pravidla fora: č.1 a č.2
Re: Vyskakující reklamy
Docela jsem se bál,ale myslím že jsem to zvládnul.Tady to je.
ComboFix 11-07-14.03 - Administrator 14.07.2011 17:00:04.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.458 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Data aplikací\Uninstal.exe
c:\documents and settings\Administrator\Plocha\cacaoweb.exe
c:\program files\cacaoweb\cacaoweb.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\01CB85E0.dat
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\Steam\Steam.exe
C:\Thumbs.db
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\Ehypoa.exe
c:\windows\system32\Ijl11.dll
c:\windows\system32\sshnas21.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp3.tmp
c:\windows\system32\vbpng1.dll
c:\windows\XSxS
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
-------\Service_SSHNAS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-14 do 2011-07-14 )))))))))))))))))))))))))))))))
.
.
2011-07-14 13:24 . 2011-07-14 13:24 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-07-14 13:23 . 2011-07-14 13:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-06 14:29 . 2011-07-13 21:20 -------- d-----w- c:\program files\Facade
2011-07-05 11:10 . 2011-07-05 11:10 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\runic games
2011-07-05 11:02 . 2011-07-05 11:02 -------- d-----w- c:\program files\Runic Games
2011-06-29 16:24 . 2011-06-29 16:43 -------- d-----w- c:\program files\Max Payne
2011-06-27 14:11 . 2011-06-27 14:11 -------- d-----w- c:\program files\3DO
2011-06-24 13:58 . 2011-07-14 15:05 -------- d-----w- c:\program files\Steam
2011-06-18 19:50 . 2011-06-18 19:50 -------- d-----w- c:\program files\Wanadoo Edition
2011-06-14 17:09 . 2011-06-14 17:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-10 04:48 . 2011-06-10 04:48 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-06 11:35 . 2008-04-14 05:45 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-17 18:26 . 2011-03-23 15:16 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-09 12:57 . 2010-07-27 17:43 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-02 15:32 . 2008-10-18 13:21 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 06:51 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-13 22:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2008-04-14 06:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2008-04-14 06:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:06 . 2008-04-14 06:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 16:06 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2008-04-14 05:50 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-13 22:47 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-12 . C71BB4782833750BF4C02AC30ED670B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-09 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-26 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\robar125\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57769:TCP"= 57769:TCP:Pando Media Booster
"57769:UDP"= 57769:UDP:Pando Media Booster
"57940:TCP"= 57940:TCP:Pando Media Booster
"57940:UDP"= 57940:UDP:Pando Media Booster
"1035:TCP"= 1035:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.10.2009 16:59 721904]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10.6.2011 6:48 218688]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14.4.2008 8:52 14336]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [8.5.2011 21:44 583640]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [15.10.2009 20:06 2368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 gupdate1ca3198986498c0;Služba Google Update (gupdate1ca3198986498c0);c:\program files\Google\Update\GoogleUpdate.exe [9.9.2009 23:57 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21.7.2010 8:28 1691480]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [20.11.2010 22:13 101904]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\ELP168E.tmp --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\ELP168E.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9.9.2009 23:57 133104]
S3 iatmunin;iatmunin;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\iatmunin.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\iatmunin.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
S3 XDva328;XDva328;\??\c:\windows\system32\XDva328.sys --> c:\windows\system32\XDva328.sys [?]
S3 XDva332;XDva332;\??\c:\windows\system32\XDva332.sys --> c:\windows\system32\XDva332.sys [?]
S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]
S3 XDva351;XDva351;\??\c:\windows\system32\XDva351.sys --> c:\windows\system32\XDva351.sys [?]
S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?]
S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-09 21:56]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 21:57]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 21:57]
.
2011-07-13 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Engine\301~1.8\Nss.exe [2011-01-27 02:19]
.
2011-07-13 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-05-08 06:46]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Free YouTube Download - c:\documents and settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\pizo2y8c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Runescape Community Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - %profile%\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
HKCU-Run-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-cacaoweb - c:\program files\cacaoweb\cacaoweb.exe
HKCU-Run-Steam - c:\program files\Steam\Steam.exe
HKLM-Run-4StoryPrePatch - c:\program files\Gameforge4D\4Story\PrePatch.exe
AddRemove-Minecraft 1.2.0_02 - c:\documents and settings\Administrator\Data aplikací\Uninstal.exe
AddRemove-Steam App 440 - c:\program files\Steam\steam.exe
AddRemove-{9A4C35C5-8558-4837-A9BF-753AF9E3DA3E}_is1 - c:\program files\Instinkt\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-14 17:09
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
cacaoweb = "c:\program files\cacaoweb\cacaoweb.exe" -noplayer?abled:cacaoweb?es??????????????????R???????????????R???R???????????R?\?R???G???????G?????????????( ??????Service Pack 3?????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\ELP168E.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,8d,8e,62,75,7e,ac,4a,a6,b3,79,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,59,a2,40,35,b1,9f,95,4d,95,75,89,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,8d,8e,62,75,7e,ac,4a,a6,b3,79,\
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b8,02,1a,07,5a,f8,ac,d7,2f,9f,7d,5a,e4,a4,7c,9f,9f,29,cc,64,59,67,fc,
18,71,68,cf,8d,63,bf,e6,9e,8b,40,7b,13,f4,ba,0b,a0,aa,06,87,ad,34,8d,a9,da,\
"??"=hex:df,ce,e3,2d,23,73,dd,c0,23,89,95,e8,fb,4e,a2,ec
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\SecuROM\License information*]
"datasecu"=hex:4f,aa,61,66,96,dc,91,5d,2d,23,48,06,58,a2,64,0b,6b,e9,f0,5e,a8,
45,19,44,81,6d,a4,7d,b4,27,ab,42,dc,d6,41,a9,18,93,11,57,ab,89,2c,ca,1d,fc,\
"rkeysecu"=hex:ce,b6,97,16,6a,6c,1a,de,53,21,e5,03,97,81,82,31
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1784)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-07-14 17:13:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-14 15:12
.
Před spuštěním: Volných bajtů: 15 504 457 728
Po spuštění: Volných bajtů: 18 365 362 176
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5A2390644F1BBEBCDA21AA7BDAA6D37D
ComboFix 11-07-14.03 - Administrator 14.07.2011 17:00:04.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.458 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Data aplikací\Uninstal.exe
c:\documents and settings\Administrator\Plocha\cacaoweb.exe
c:\program files\cacaoweb\cacaoweb.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\01CB85E0.dat
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\Steam\Steam.exe
C:\Thumbs.db
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\Ehypoa.exe
c:\windows\system32\Ijl11.dll
c:\windows\system32\sshnas21.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp3.tmp
c:\windows\system32\vbpng1.dll
c:\windows\XSxS
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
-------\Service_SSHNAS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-14 do 2011-07-14 )))))))))))))))))))))))))))))))
.
.
2011-07-14 13:24 . 2011-07-14 13:24 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-07-14 13:23 . 2011-07-14 13:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-06 14:29 . 2011-07-13 21:20 -------- d-----w- c:\program files\Facade
2011-07-05 11:10 . 2011-07-05 11:10 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\runic games
2011-07-05 11:02 . 2011-07-05 11:02 -------- d-----w- c:\program files\Runic Games
2011-06-29 16:24 . 2011-06-29 16:43 -------- d-----w- c:\program files\Max Payne
2011-06-27 14:11 . 2011-06-27 14:11 -------- d-----w- c:\program files\3DO
2011-06-24 13:58 . 2011-07-14 15:05 -------- d-----w- c:\program files\Steam
2011-06-18 19:50 . 2011-06-18 19:50 -------- d-----w- c:\program files\Wanadoo Edition
2011-06-14 17:09 . 2011-06-14 17:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-10 04:48 . 2011-06-10 04:48 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-06 11:35 . 2008-04-14 05:45 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-17 18:26 . 2011-03-23 15:16 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-09 12:57 . 2010-07-27 17:43 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-02 15:32 . 2008-10-18 13:21 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 06:51 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-13 22:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2008-04-14 06:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2008-04-14 06:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:06 . 2008-04-14 06:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 16:06 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2008-04-14 05:50 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-13 22:47 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-12 . C71BB4782833750BF4C02AC30ED670B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-09 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-26 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\robar125\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57769:TCP"= 57769:TCP:Pando Media Booster
"57769:UDP"= 57769:UDP:Pando Media Booster
"57940:TCP"= 57940:TCP:Pando Media Booster
"57940:UDP"= 57940:UDP:Pando Media Booster
"1035:TCP"= 1035:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.10.2009 16:59 721904]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10.6.2011 6:48 218688]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14.4.2008 8:52 14336]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [8.5.2011 21:44 583640]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [15.10.2009 20:06 2368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 gupdate1ca3198986498c0;Služba Google Update (gupdate1ca3198986498c0);c:\program files\Google\Update\GoogleUpdate.exe [9.9.2009 23:57 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21.7.2010 8:28 1691480]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [20.11.2010 22:13 101904]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\ELP168E.tmp --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\ELP168E.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9.9.2009 23:57 133104]
S3 iatmunin;iatmunin;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\iatmunin.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\iatmunin.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
S3 XDva328;XDva328;\??\c:\windows\system32\XDva328.sys --> c:\windows\system32\XDva328.sys [?]
S3 XDva332;XDva332;\??\c:\windows\system32\XDva332.sys --> c:\windows\system32\XDva332.sys [?]
S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]
S3 XDva351;XDva351;\??\c:\windows\system32\XDva351.sys --> c:\windows\system32\XDva351.sys [?]
S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?]
S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-09 21:56]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 21:57]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 21:57]
.
2011-07-13 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Engine\301~1.8\Nss.exe [2011-01-27 02:19]
.
2011-07-13 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-05-08 06:46]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Free YouTube Download - c:\documents and settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\pizo2y8c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Runescape Community Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - %profile%\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
HKCU-Run-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-cacaoweb - c:\program files\cacaoweb\cacaoweb.exe
HKCU-Run-Steam - c:\program files\Steam\Steam.exe
HKLM-Run-4StoryPrePatch - c:\program files\Gameforge4D\4Story\PrePatch.exe
AddRemove-Minecraft 1.2.0_02 - c:\documents and settings\Administrator\Data aplikací\Uninstal.exe
AddRemove-Steam App 440 - c:\program files\Steam\steam.exe
AddRemove-{9A4C35C5-8558-4837-A9BF-753AF9E3DA3E}_is1 - c:\program files\Instinkt\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-14 17:09
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
cacaoweb = "c:\program files\cacaoweb\cacaoweb.exe" -noplayer?abled:cacaoweb?es??????????????????R???????????????R???R???????????R?\?R???G???????G?????????????( ??????Service Pack 3?????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\ELP168E.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,8d,8e,62,75,7e,ac,4a,a6,b3,79,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,59,a2,40,35,b1,9f,95,4d,95,75,89,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,8d,8e,62,75,7e,ac,4a,a6,b3,79,\
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b8,02,1a,07,5a,f8,ac,d7,2f,9f,7d,5a,e4,a4,7c,9f,9f,29,cc,64,59,67,fc,
18,71,68,cf,8d,63,bf,e6,9e,8b,40,7b,13,f4,ba,0b,a0,aa,06,87,ad,34,8d,a9,da,\
"??"=hex:df,ce,e3,2d,23,73,dd,c0,23,89,95,e8,fb,4e,a2,ec
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\SecuROM\License information*]
"datasecu"=hex:4f,aa,61,66,96,dc,91,5d,2d,23,48,06,58,a2,64,0b,6b,e9,f0,5e,a8,
45,19,44,81,6d,a4,7d,b4,27,ab,42,dc,d6,41,a9,18,93,11,57,ab,89,2c,ca,1d,fc,\
"rkeysecu"=hex:ce,b6,97,16,6a,6c,1a,de,53,21,e5,03,97,81,82,31
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1784)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-07-14 17:13:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-14 15:12
.
Před spuštěním: Volných bajtů: 15 504 457 728
Po spuštění: Volných bajtů: 18 365 362 176
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5A2390644F1BBEBCDA21AA7BDAA6D37D
-
chodnik74
- Přítel fóra
- Příspěvky: 4975
- Registrován: 13 zář 2010 21:30
- Bydliště: Napajedla
- Kontaktovat uživatele:
Re: Vyskakující reklamy
Otevřeme si Poznámkový blok 
- (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
- Vložíme do něj následující script:
Kód: Vybrat vše
KillAll:: Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"=- "DAEMON Tools Lite"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"=- "NeroFilterCheck"=- "StartCCC"=- "SunJavaUpdateSched"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57769:TCP"=- "57769:UDP"=- "57940:TCP"=- "57940:UDP"=- Reglock:: [HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences] [HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\Microsoft\SystemCertificates\AddressBook*] [HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] [HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\SecuROM\License information*] Regnull:: [HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences] Driver:: XDva328 XDva332 XDva349 XDva351 XDva352 XDva370 iatmunin GarenaPEngine File:: c:\windows\system32\XDva328.sys c:\windows\system32\XDva332.sys c:\windows\system32\XDva349.sys c:\windows\system32\XDva351.sys c:\windows\system32\XDva352.sys c:\windows\system32\XDva370.sys c:\docume~1\ADMINI~1\LOCALS~1\Temp\iatmunin.sys c:\docume~1\ADMINI~1\LOCALS~1\Temp\ELP168E.tmp Folder:: c:\program files\cacaoweb\ DDS:: uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2269050 mStart Page = hxxp://home.sweetim.com Firefox:: FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\pizo2y8c.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com FF - Ext: Runescape Community Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - %profile%\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3} FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com Reboot:: - Soubor uložíme na Plochu jako CFScript.txt
- Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
- Poté Combofix provede všechny operace a udělá nový log,který sem vložte
Napiš mi: chodnik74@gmail.com nebo
>RSIT<>MBAM<>VirusTotal
Doporučuji: |
Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce!
Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!
Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.
Pravidla fora: č.1 a č.2
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce! Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.Pravidla fora: č.1 a č.2
Re: Vyskakující reklamy
ComboFix 11-07-15.02 - Administrator 15.07.2011 19:44:38.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.629 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\ELP168E.tmp"
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\iatmunin.sys"
"c:\windows\system32\XDva328.sys"
"c:\windows\system32\XDva332.sys"
"c:\windows\system32\XDva349.sys"
"c:\windows\system32\XDva351.sys"
"c:\windows\system32\XDva352.sys"
"c:\windows\system32\XDva370.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\cacaoweb
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GARENAPENGINE
-------\Legacy_IATMUNIN
-------\Legacy_XDVA328
-------\Legacy_XDVA332
-------\Legacy_XDVA349
-------\Legacy_XDVA351
-------\Legacy_XDVA352
-------\Legacy_XDVA370
-------\Service_GarenaPEngine
-------\Service_iatmunin
-------\Service_XDva328
-------\Service_XDva332
-------\Service_XDva349
-------\Service_XDva351
-------\Service_XDva352
-------\Service_XDva370
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-15 do 2011-07-15 )))))))))))))))))))))))))))))))
.
.
2011-07-14 15:34 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-14 15:34 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-14 15:34 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-14 15:34 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-14 15:34 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-14 15:34 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-14 15:34 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-14 15:34 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-14 15:34 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-14 15:34 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-14 15:34 . 2011-07-14 15:34 -------- d-----w- c:\program files\AVAST Software
2011-07-14 15:34 . 2011-07-14 15:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-07-14 13:24 . 2011-07-14 13:24 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-07-14 13:23 . 2011-07-14 13:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-06 14:29 . 2011-07-13 21:20 -------- d-----w- c:\program files\Facade
2011-07-05 11:10 . 2011-07-05 11:10 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\runic games
2011-07-05 11:02 . 2011-07-05 11:02 -------- d-----w- c:\program files\Runic Games
2011-06-29 16:24 . 2011-06-29 16:43 -------- d-----w- c:\program files\Max Payne
2011-06-27 14:11 . 2011-06-27 14:11 -------- d-----w- c:\program files\3DO
2011-06-24 13:58 . 2011-07-14 15:05 -------- d-----w- c:\program files\Steam
2011-06-18 19:50 . 2011-06-18 19:50 -------- d-----w- c:\program files\Wanadoo Edition
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-10 04:48 . 2011-06-10 04:48 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-06 11:35 . 2008-04-14 05:45 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-17 18:26 . 2011-03-23 15:16 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-09 12:57 . 2010-07-27 17:43 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-02 15:32 . 2008-10-18 13:21 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 06:51 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-13 22:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2008-04-14 06:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2008-04-14 06:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:06 . 2008-04-14 06:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 16:06 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2008-04-14 05:50 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-13 22:47 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-12 . C71BB4782833750BF4C02AC30ED670B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-07-14_15.09.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-15 17:58 . 2011-07-15 17:58 16384 c:\windows\Temp\Perflib_Perfdata_740.dat
+ 2011-07-15 17:58 . 2011-07-15 17:58 16384 c:\windows\Temp\Perflib_Perfdata_4d0.dat
+ 2011-07-14 18:21 . 2011-07-14 18:21 11502 c:\windows\Installer\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\ARPPRODUCTICON.exe
+ 2011-07-14 18:21 . 2011-07-14 18:21 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-14 18:20 . 2011-07-14 18:21 35029504 c:\windows\Installer\a1f4a4.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\robar125\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.10.2009 16:59 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.7.2011 17:34 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.7.2011 17:34 309848]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10.6.2011 6:48 218688]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14.4.2008 8:52 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.7.2011 17:34 19544]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [8.5.2011 21:44 583640]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [15.10.2009 20:06 2368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 gupdate1ca3198986498c0;Služba Google Update (gupdate1ca3198986498c0);c:\program files\Google\Update\GoogleUpdate.exe [9.9.2009 23:57 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21.7.2010 8:28 1691480]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [20.11.2010 22:13 101904]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9.9.2009 23:57 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-09 21:56]
.
2011-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 21:57]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 21:57]
.
2011-07-13 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Engine\301~1.8\Nss.exe [2011-01-27 02:19]
.
2011-07-14 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-05-08 06:46]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Free YouTube Download - c:\documents and settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\pizo2y8c.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Runescape Community Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - %profile%\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-15 19:58
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b8,02,1a,07,5a,f8,ac,d7,2f,9f,7d,5a,e4,a4,7c,9f,9f,29,cc,64,59,67,fc,
18,71,68,cf,8d,63,bf,e6,9e,8b,40,7b,13,f4,ba,0b,a0,aa,06,87,ad,34,8d,a9,da,\
"??"=hex:df,ce,e3,2d,23,73,dd,c0,23,89,95,e8,fb,4e,a2,ec
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\SecuROM\License information*]
"datasecu"=hex:4f,aa,61,66,96,dc,91,5d,2d,23,48,06,58,a2,64,0b,6b,e9,f0,5e,a8,
45,19,44,81,6d,a4,7d,b4,27,ab,42,dc,d6,41,a9,18,93,11,57,ab,89,2c,ca,1d,fc,\
"rkeysecu"=hex:ce,b6,97,16,6a,6c,1a,de,53,21,e5,03,97,81,82,31
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2612)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-07-15 20:03:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-15 18:03
ComboFix2.txt 2011-07-14 15:13
.
Před spuštěním: Volných bajtů: 10 563 858 432
Po spuštění: Volných bajtů: 10 550 435 840
.
- - End Of File - - C266428443DD0BF6473D52BAFDEC0686
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.629 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\ELP168E.tmp"
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\iatmunin.sys"
"c:\windows\system32\XDva328.sys"
"c:\windows\system32\XDva332.sys"
"c:\windows\system32\XDva349.sys"
"c:\windows\system32\XDva351.sys"
"c:\windows\system32\XDva352.sys"
"c:\windows\system32\XDva370.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\cacaoweb
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GARENAPENGINE
-------\Legacy_IATMUNIN
-------\Legacy_XDVA328
-------\Legacy_XDVA332
-------\Legacy_XDVA349
-------\Legacy_XDVA351
-------\Legacy_XDVA352
-------\Legacy_XDVA370
-------\Service_GarenaPEngine
-------\Service_iatmunin
-------\Service_XDva328
-------\Service_XDva332
-------\Service_XDva349
-------\Service_XDva351
-------\Service_XDva352
-------\Service_XDva370
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-15 do 2011-07-15 )))))))))))))))))))))))))))))))
.
.
2011-07-14 15:34 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-14 15:34 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-14 15:34 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-14 15:34 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-14 15:34 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-14 15:34 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-14 15:34 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-14 15:34 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-14 15:34 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-14 15:34 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-14 15:34 . 2011-07-14 15:34 -------- d-----w- c:\program files\AVAST Software
2011-07-14 15:34 . 2011-07-14 15:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-07-14 13:24 . 2011-07-14 13:24 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-07-14 13:23 . 2011-07-14 13:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-06 14:29 . 2011-07-13 21:20 -------- d-----w- c:\program files\Facade
2011-07-05 11:10 . 2011-07-05 11:10 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\runic games
2011-07-05 11:02 . 2011-07-05 11:02 -------- d-----w- c:\program files\Runic Games
2011-06-29 16:24 . 2011-06-29 16:43 -------- d-----w- c:\program files\Max Payne
2011-06-27 14:11 . 2011-06-27 14:11 -------- d-----w- c:\program files\3DO
2011-06-24 13:58 . 2011-07-14 15:05 -------- d-----w- c:\program files\Steam
2011-06-18 19:50 . 2011-06-18 19:50 -------- d-----w- c:\program files\Wanadoo Edition
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-10 04:48 . 2011-06-10 04:48 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-06 11:35 . 2008-04-14 05:45 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-17 18:26 . 2011-03-23 15:16 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-09 12:57 . 2010-07-27 17:43 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-02 15:32 . 2008-10-18 13:21 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 06:51 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-13 22:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2008-04-14 06:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2008-04-14 06:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:06 . 2008-04-14 06:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 16:06 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2008-04-14 05:50 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-13 22:47 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-12 . C71BB4782833750BF4C02AC30ED670B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-07-14_15.09.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-15 17:58 . 2011-07-15 17:58 16384 c:\windows\Temp\Perflib_Perfdata_740.dat
+ 2011-07-15 17:58 . 2011-07-15 17:58 16384 c:\windows\Temp\Perflib_Perfdata_4d0.dat
+ 2011-07-14 18:21 . 2011-07-14 18:21 11502 c:\windows\Installer\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\ARPPRODUCTICON.exe
+ 2011-07-14 18:21 . 2011-07-14 18:21 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-14 18:21 . 2011-07-14 18:21 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-14 18:20 . 2011-07-14 18:21 35029504 c:\windows\Installer\a1f4a4.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\robar125\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.10.2009 16:59 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.7.2011 17:34 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.7.2011 17:34 309848]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10.6.2011 6:48 218688]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14.4.2008 8:52 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.7.2011 17:34 19544]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [8.5.2011 21:44 583640]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [15.10.2009 20:06 2368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 gupdate1ca3198986498c0;Služba Google Update (gupdate1ca3198986498c0);c:\program files\Google\Update\GoogleUpdate.exe [9.9.2009 23:57 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21.7.2010 8:28 1691480]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [20.11.2010 22:13 101904]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9.9.2009 23:57 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-09 21:56]
.
2011-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 21:57]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 21:57]
.
2011-07-13 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Engine\301~1.8\Nss.exe [2011-01-27 02:19]
.
2011-07-14 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-05-08 06:46]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Free YouTube Download - c:\documents and settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\pizo2y8c.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Runescape Community Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - %profile%\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-15 19:58
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b8,02,1a,07,5a,f8,ac,d7,2f,9f,7d,5a,e4,a4,7c,9f,9f,29,cc,64,59,67,fc,
18,71,68,cf,8d,63,bf,e6,9e,8b,40,7b,13,f4,ba,0b,a0,aa,06,87,ad,34,8d,a9,da,\
"??"=hex:df,ce,e3,2d,23,73,dd,c0,23,89,95,e8,fb,4e,a2,ec
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\SecuROM\License information*]
"datasecu"=hex:4f,aa,61,66,96,dc,91,5d,2d,23,48,06,58,a2,64,0b,6b,e9,f0,5e,a8,
45,19,44,81,6d,a4,7d,b4,27,ab,42,dc,d6,41,a9,18,93,11,57,ab,89,2c,ca,1d,fc,\
"rkeysecu"=hex:ce,b6,97,16,6a,6c,1a,de,53,21,e5,03,97,81,82,31
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2612)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-07-15 20:03:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-15 18:03
ComboFix2.txt 2011-07-14 15:13
.
Před spuštěním: Volných bajtů: 10 563 858 432
Po spuštění: Volných bajtů: 10 550 435 840
.
- - End Of File - - C266428443DD0BF6473D52BAFDEC0686
-
chodnik74
- Přítel fóra
- Příspěvky: 4975
- Registrován: 13 zář 2010 21:30
- Bydliště: Napajedla
- Kontaktovat uživatele:
Re: Vyskakující reklamy
Otevřeme si Poznámkový blok
- (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
- Vložíme do něj následující script:
Kód: Vybrat vše
KillAll:: Driver:: Akamai NetSvc:: Akamai Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1036:TCP"=- "5000:UDP"=- Reboot:: - Soubor uložíme na Plochu jako CFScript.txt
- Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
- Poté Combofix provede všechny operace a udělá nový log,který sem vložte
Jak se chová PC? Napiš mi: chodnik74@gmail.com nebo
>RSIT<>MBAM<>VirusTotal
Doporučuji: |
Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce!
Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!
Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.
Pravidla fora: č.1 a č.2
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce! Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.Pravidla fora: č.1 a č.2
Re: Vyskakující reklamy
Od prvním použití ComboFixu je vše v pořádku.Moc vám dekuju
Tady je ještě ten log :
ComboFix 11-07-15.03 - Administrator 16.07.2011 17:31:09.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.594 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AKAMAI
-------\Service_Akamai
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-16 do 2011-07-16 )))))))))))))))))))))))))))))))
.
.
2011-07-16 08:22 . 2011-07-16 08:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Activision
2011-07-14 15:34 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-14 15:34 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-14 15:34 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-14 15:34 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-14 15:34 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-14 15:34 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-14 15:34 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-14 15:34 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-14 15:34 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-14 15:34 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-14 15:34 . 2011-07-14 15:34 -------- d-----w- c:\program files\AVAST Software
2011-07-14 15:34 . 2011-07-14 15:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-07-14 13:24 . 2011-07-14 13:24 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-07-14 13:23 . 2011-07-14 13:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-06 14:29 . 2011-07-13 21:20 -------- d-----w- c:\program files\Facade
2011-07-05 11:10 . 2011-07-05 11:10 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\runic games
2011-07-05 11:02 . 2011-07-05 11:02 -------- d-----w- c:\program files\Runic Games
2011-06-29 16:24 . 2011-06-29 16:43 -------- d-----w- c:\program files\Max Payne
2011-06-27 14:11 . 2011-06-27 14:11 -------- d-----w- c:\program files\3DO
2011-06-24 13:58 . 2011-07-14 15:05 -------- d-----w- c:\program files\Steam
2011-06-18 19:50 . 2011-06-18 19:50 -------- d-----w- c:\program files\Wanadoo Edition
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-10 04:48 . 2011-06-10 04:48 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-06 11:35 . 2008-04-14 05:45 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-17 18:26 . 2011-03-23 15:16 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-09 12:57 . 2010-07-27 17:43 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-02 15:32 . 2008-10-18 13:21 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 06:51 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-13 22:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2008-04-14 06:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2008-04-14 06:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:06 . 2008-04-14 06:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 16:06 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2008-04-14 05:50 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-13 22:47 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-12 . C71BB4782833750BF4C02AC30ED670B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-07-14_15.09.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-16 15:45 . 2011-07-16 15:45 16384 c:\windows\Temp\Perflib_Perfdata_708.dat
+ 2011-07-16 08:20 . 2011-07-16 08:20 11502 c:\windows\Installer\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\ARPPRODUCTICON.exe
- 2011-07-13 13:45 . 2011-07-13 13:45 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:20 . 2011-07-16 08:20 35029504 c:\windows\Installer\1c35dc.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\robar125\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.10.2009 16:59 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.7.2011 17:34 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.7.2011 17:34 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.7.2011 17:34 19544]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [8.5.2011 21:44 583640]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [15.10.2009 20:06 2368]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10.6.2011 6:48 218688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 gupdate1ca3198986498c0;Služba Google Update (gupdate1ca3198986498c0);c:\program files\Google\Update\GoogleUpdate.exe [9.9.2009 23:57 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21.7.2010 8:28 1691480]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [20.11.2010 22:13 101904]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9.9.2009 23:57 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-09 21:56]
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 21:57]
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 21:57]
.
2011-07-13 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Engine\301~1.8\Nss.exe [2011-01-27 02:19]
.
2011-07-14 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-05-08 06:46]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Free YouTube Download - c:\documents and settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\pizo2y8c.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Runescape Community Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - %profile%\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-16 17:45
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b8,02,1a,07,5a,f8,ac,d7,2f,9f,7d,5a,e4,a4,7c,9f,9f,29,cc,64,59,67,fc,
18,71,68,cf,8d,63,bf,e6,9e,8b,40,7b,13,f4,ba,0b,a0,aa,06,87,ad,34,8d,a9,da,\
"??"=hex:df,ce,e3,2d,23,73,dd,c0,23,89,95,e8,fb,4e,a2,ec
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\SecuROM\License information*]
"datasecu"=hex:4f,aa,61,66,96,dc,91,5d,2d,23,48,06,58,a2,64,0b,6b,e9,f0,5e,a8,
45,19,44,81,6d,a4,7d,b4,27,ab,42,dc,d6,41,a9,18,93,11,57,ab,89,2c,ca,1d,fc,\
"rkeysecu"=hex:ce,b6,97,16,6a,6c,1a,de,53,21,e5,03,97,81,82,31
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3216)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-07-16 17:50:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-16 15:50
ComboFix2.txt 2011-07-15 18:03
ComboFix3.txt 2011-07-14 15:13
.
Před spuštěním: Volných bajtů: 10 135 949 312
Po spuštění: Volných bajtů: 10 119 262 208
.
- - End Of File - - 5309FA35F1A1E3565ED27B6E667E855B
Tady je ještě ten log :
ComboFix 11-07-15.03 - Administrator 16.07.2011 17:31:09.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.594 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AKAMAI
-------\Service_Akamai
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-16 do 2011-07-16 )))))))))))))))))))))))))))))))
.
.
2011-07-16 08:22 . 2011-07-16 08:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Activision
2011-07-14 15:34 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-14 15:34 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-14 15:34 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-14 15:34 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-14 15:34 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-14 15:34 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-14 15:34 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-14 15:34 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-14 15:34 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-14 15:34 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-14 15:34 . 2011-07-14 15:34 -------- d-----w- c:\program files\AVAST Software
2011-07-14 15:34 . 2011-07-14 15:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-07-14 13:24 . 2011-07-14 13:24 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-07-14 13:23 . 2011-07-14 13:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-06 14:29 . 2011-07-13 21:20 -------- d-----w- c:\program files\Facade
2011-07-05 11:10 . 2011-07-05 11:10 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\runic games
2011-07-05 11:02 . 2011-07-05 11:02 -------- d-----w- c:\program files\Runic Games
2011-06-29 16:24 . 2011-06-29 16:43 -------- d-----w- c:\program files\Max Payne
2011-06-27 14:11 . 2011-06-27 14:11 -------- d-----w- c:\program files\3DO
2011-06-24 13:58 . 2011-07-14 15:05 -------- d-----w- c:\program files\Steam
2011-06-18 19:50 . 2011-06-18 19:50 -------- d-----w- c:\program files\Wanadoo Edition
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-10 04:48 . 2011-06-10 04:48 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-06 11:35 . 2008-04-14 05:45 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-17 18:26 . 2011-03-23 15:16 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-09 12:57 . 2010-07-27 17:43 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-02 15:32 . 2008-10-18 13:21 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 06:51 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-13 22:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2008-04-14 06:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2008-04-14 06:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:06 . 2008-04-14 06:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 16:06 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2008-04-14 05:50 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-13 22:47 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-12 . C71BB4782833750BF4C02AC30ED670B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-07-14_15.09.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-16 15:45 . 2011-07-16 15:45 16384 c:\windows\Temp\Perflib_Perfdata_708.dat
+ 2011-07-16 08:20 . 2011-07-16 08:20 11502 c:\windows\Installer\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\ARPPRODUCTICON.exe
- 2011-07-13 13:45 . 2011-07-13 13:45 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:20 . 2011-07-16 08:20 35029504 c:\windows\Installer\1c35dc.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\robar125\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.10.2009 16:59 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.7.2011 17:34 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.7.2011 17:34 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.7.2011 17:34 19544]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [8.5.2011 21:44 583640]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [15.10.2009 20:06 2368]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10.6.2011 6:48 218688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 gupdate1ca3198986498c0;Služba Google Update (gupdate1ca3198986498c0);c:\program files\Google\Update\GoogleUpdate.exe [9.9.2009 23:57 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21.7.2010 8:28 1691480]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [20.11.2010 22:13 101904]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9.9.2009 23:57 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-09 21:56]
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 21:57]
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 21:57]
.
2011-07-13 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Engine\301~1.8\Nss.exe [2011-01-27 02:19]
.
2011-07-14 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-05-08 06:46]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Free YouTube Download - c:\documents and settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\pizo2y8c.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Runescape Community Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - %profile%\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-16 17:45
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b8,02,1a,07,5a,f8,ac,d7,2f,9f,7d,5a,e4,a4,7c,9f,9f,29,cc,64,59,67,fc,
18,71,68,cf,8d,63,bf,e6,9e,8b,40,7b,13,f4,ba,0b,a0,aa,06,87,ad,34,8d,a9,da,\
"??"=hex:df,ce,e3,2d,23,73,dd,c0,23,89,95,e8,fb,4e,a2,ec
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\SecuROM\License information*]
"datasecu"=hex:4f,aa,61,66,96,dc,91,5d,2d,23,48,06,58,a2,64,0b,6b,e9,f0,5e,a8,
45,19,44,81,6d,a4,7d,b4,27,ab,42,dc,d6,41,a9,18,93,11,57,ab,89,2c,ca,1d,fc,\
"rkeysecu"=hex:ce,b6,97,16,6a,6c,1a,de,53,21,e5,03,97,81,82,31
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3216)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-07-16 17:50:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-16 15:50
ComboFix2.txt 2011-07-15 18:03
ComboFix3.txt 2011-07-14 15:13
.
Před spuštěním: Volných bajtů: 10 135 949 312
Po spuštění: Volných bajtů: 10 119 262 208
.
- - End Of File - - 5309FA35F1A1E3565ED27B6E667E855B
-
chodnik74
- Přítel fóra
- Příspěvky: 4975
- Registrován: 13 zář 2010 21:30
- Bydliště: Napajedla
- Kontaktovat uživatele:
Re: Vyskakující reklamy
Otevřeme si Poznámkový blok
- (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
- Vložíme do něj následující script:
Kód: Vybrat vše
KillAll:: RegLock:: [HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\Microsoft\SystemCertificates\AddressBook*] [HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] [HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\SecuROM\License information*] DDS:: FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\pizo2y8c.default\ FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com FF - Ext: Runescape Community Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - %profile%\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3} FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com NetSvc:: Akamai File:: c:\windows\Tasks\Norton Security Scan for Administrator.job Reboot:: - Soubor uložíme na Plochu jako CFScript.txt
- Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
- Poté Combofix provede všechny operace a udělá nový log,který sem vložte
Stáhneme a spustíme SystemLook http://jpshortstuff.247fixes.com/SystemLook.exe
Do okna vložíme následující script a stiskneme tlačítko Look
Kód: Vybrat vše
:reg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost /subNapiš mi: chodnik74@gmail.com nebo
>RSIT<>MBAM<>VirusTotal
Doporučuji: |
Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce!
Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!
Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.
Pravidla fora: č.1 a č.2
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce! Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.Pravidla fora: č.1 a č.2
Re: Vyskakující reklamy
ComboFix 11-07-19.02 - Administrator 19.07.2011 18:00:54.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.732 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\Norton Security Scan for Administrator.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\Norton Security Scan for Administrator.job
.
Nakažená kopie c:\windows\system32\drivers\ntfs.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\ntfs.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-19 do 2011-07-19 )))))))))))))))))))))))))))))))
.
.
2011-07-16 08:22 . 2011-07-16 08:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Activision
2011-07-14 15:34 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-14 15:34 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-14 15:34 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-14 15:34 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-14 15:34 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-14 15:34 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-14 15:34 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-14 15:34 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-14 15:34 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-14 15:34 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-14 15:34 . 2011-07-14 15:34 -------- d-----w- c:\program files\AVAST Software
2011-07-14 15:34 . 2011-07-14 15:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-07-14 13:24 . 2011-07-14 13:24 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-07-14 13:23 . 2011-07-14 13:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-06 14:29 . 2011-07-13 21:20 -------- d-----w- c:\program files\Facade
2011-07-05 11:10 . 2011-07-05 11:10 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\runic games
2011-07-05 11:02 . 2011-07-05 11:02 -------- d-----w- c:\program files\Runic Games
2011-06-29 16:24 . 2011-06-29 16:43 -------- d-----w- c:\program files\Max Payne
2011-06-27 14:11 . 2011-06-27 14:11 -------- d-----w- c:\program files\3DO
2011-06-24 13:58 . 2011-07-14 15:05 -------- d-----w- c:\program files\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-10 04:48 . 2011-06-10 04:48 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-06 11:35 . 2008-04-14 05:45 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-17 18:26 . 2011-03-23 15:16 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-09 12:57 . 2010-07-27 17:43 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-02 15:32 . 2008-10-18 13:21 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 06:51 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-13 22:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2008-04-14 06:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2008-04-14 06:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:06 . 2008-04-14 06:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 16:06 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2008-04-14 05:50 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-13 22:47 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-12 . C71BB4782833750BF4C02AC30ED670B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-07-14_15.09.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-19 16:14 . 2011-07-19 16:14 16384 c:\windows\temp\Perflib_Perfdata_21c.dat
+ 2011-07-16 08:20 . 2011-07-16 08:20 11502 c:\windows\Installer\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\ARPPRODUCTICON.exe
- 2011-07-13 13:45 . 2011-07-13 13:45 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:20 . 2011-07-16 08:20 35029504 c:\windows\Installer\1c35dc.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\robar125\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.10.2009 16:59 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.7.2011 17:34 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.7.2011 17:34 309848]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10.6.2011 6:48 218688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.7.2011 17:34 19544]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [8.5.2011 21:44 583640]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [15.10.2009 20:06 2368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 gupdate1ca3198986498c0;Služba Google Update (gupdate1ca3198986498c0);c:\program files\Google\Update\GoogleUpdate.exe [9.9.2009 23:57 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21.7.2010 8:28 1691480]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [20.11.2010 22:13 101904]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9.9.2009 23:57 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-09 21:56]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 21:57]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 21:57]
.
2011-07-18 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-05-08 06:46]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Free YouTube Download - c:\documents and settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\pizo2y8c.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Runescape Community Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - %profile%\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-19 18:15
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b8,02,1a,07,5a,f8,ac,d7,2f,9f,7d,5a,e4,a4,7c,9f,9f,29,cc,64,59,67,fc,
18,71,68,cf,8d,63,bf,e6,9e,8b,40,7b,13,f4,ba,0b,a0,aa,06,87,ad,34,8d,a9,da,\
"??"=hex:df,ce,e3,2d,23,73,dd,c0,23,89,95,e8,fb,4e,a2,ec
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\SecuROM\License information*]
"datasecu"=hex:4f,aa,61,66,96,dc,91,5d,2d,23,48,06,58,a2,64,0b,6b,e9,f0,5e,a8,
45,19,44,81,6d,a4,7d,b4,27,ab,42,dc,d6,41,a9,18,93,11,57,ab,89,2c,ca,1d,fc,\
"rkeysecu"=hex:ce,b6,97,16,6a,6c,1a,de,53,21,e5,03,97,81,82,31
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2800)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-07-19 18:21:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-19 16:20
ComboFix2.txt 2011-07-16 15:50
ComboFix3.txt 2011-07-15 18:03
ComboFix4.txt 2011-07-14 15:13
.
Před spuštěním: Volných bajtů: 11 423 797 248
Po spuštění: Volných bajtů: 11 414 073 344
.
- - End Of File - - FC4476F7E9EBAF31D2F94CF10716913C
SystemLook 04.09.10 by jpshortstuff
Log created at 18:24 on 19/07/2011 by Administrator
Administrator - Elevation successful
========== reg ==========
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"HTTPFilter"="HTTPFilter"
"LocalService"="Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV"
"NetworkService"="DnsCache"
"netsvcs"="6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule Seclogon SENS Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt wscsvc xmlprov napagent hkmsvc BITS wuauserv ShellHWDetection helpsvc WmdmPmSN"
"DcomLaunch"="DcomLaunch TermService"
"rpcss"="RpcSs"
"eapsvcs"="eaphost"
"dot3svc"="dot3svc"
"imgsvc"="StiSvc"
"termsvcs"="TermService"
"WudfServiceGroup"="WUDFSvc"
"Akamai"="Akamai"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\DComLaunch]
"CoInitializeSecurityParam"= 0x0000000001 (1)
"DefaultRpcStackSize"= 0x0000000008 (8)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\dot3svc]
"AuthenticationCapabilities"= 0x0000003020 (12320)
"CoInitializeSecurityParam"= 0x0000000001 (1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\eapsvcs]
"AuthenticationCapabilities"= 0x0000003020 (12320)
"CoInitializeSecurityParam"= 0x0000000001 (1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\HTTPFilter]
"CoInitializeSecurityParam"= 0x0000000001 (1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
"CoInitializeSecurityParam"= 0x0000000001 (1)
"AuthenticationCapabilities"= 0x0000002000 (8192)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
"CoInitializeSecurityParam"= 0x0000000001 (1)
"AuthenticationCapabilities"= 0x0000003020 (12320)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\PCHealth]
"CoInitializeSecurityParam"= 0x0000000002 (2)
"AuthenticationCapabilities"= 0x0000000040 (64)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
"CoInitializeSecurityParam"= 0x0000000001 (1)
"DefaultRpcStackSize"= 0x0000000008 (8)
-= EOF =-
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.732 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\Norton Security Scan for Administrator.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\Norton Security Scan for Administrator.job
.
Nakažená kopie c:\windows\system32\drivers\ntfs.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\ntfs.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-19 do 2011-07-19 )))))))))))))))))))))))))))))))
.
.
2011-07-16 08:22 . 2011-07-16 08:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Activision
2011-07-14 15:34 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-14 15:34 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-14 15:34 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-14 15:34 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-14 15:34 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-14 15:34 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-14 15:34 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-14 15:34 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-14 15:34 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-14 15:34 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-14 15:34 . 2011-07-14 15:34 -------- d-----w- c:\program files\AVAST Software
2011-07-14 15:34 . 2011-07-14 15:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-07-14 13:24 . 2011-07-14 13:24 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-07-14 13:23 . 2011-07-14 13:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-06 14:29 . 2011-07-13 21:20 -------- d-----w- c:\program files\Facade
2011-07-05 11:10 . 2011-07-05 11:10 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\runic games
2011-07-05 11:02 . 2011-07-05 11:02 -------- d-----w- c:\program files\Runic Games
2011-06-29 16:24 . 2011-06-29 16:43 -------- d-----w- c:\program files\Max Payne
2011-06-27 14:11 . 2011-06-27 14:11 -------- d-----w- c:\program files\3DO
2011-06-24 13:58 . 2011-07-14 15:05 -------- d-----w- c:\program files\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-10 04:48 . 2011-06-10 04:48 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-06 11:35 . 2008-04-14 05:45 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-17 18:26 . 2011-03-23 15:16 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-09 12:57 . 2010-07-27 17:43 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-02 15:32 . 2008-10-18 13:21 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 06:51 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-13 22:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2008-04-14 06:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2008-04-14 06:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:06 . 2008-04-14 06:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 16:06 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2008-04-14 05:50 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-13 22:47 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-12 . C71BB4782833750BF4C02AC30ED670B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-07-14_15.09.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-19 16:14 . 2011-07-19 16:14 16384 c:\windows\temp\Perflib_Perfdata_21c.dat
+ 2011-07-16 08:20 . 2011-07-16 08:20 11502 c:\windows\Installer\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\ARPPRODUCTICON.exe
- 2011-07-13 13:45 . 2011-07-13 13:45 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:21 . 2011-07-16 08:21 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-13 13:45 . 2011-07-13 13:45 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-16 08:20 . 2011-07-16 08:20 35029504 c:\windows\Installer\1c35dc.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\robar125\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.10.2009 16:59 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.7.2011 17:34 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.7.2011 17:34 309848]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10.6.2011 6:48 218688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.7.2011 17:34 19544]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [8.5.2011 21:44 583640]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [15.10.2009 20:06 2368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 gupdate1ca3198986498c0;Služba Google Update (gupdate1ca3198986498c0);c:\program files\Google\Update\GoogleUpdate.exe [9.9.2009 23:57 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21.7.2010 8:28 1691480]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [20.11.2010 22:13 101904]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9.9.2009 23:57 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-09 21:56]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 21:57]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 21:57]
.
2011-07-18 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-05-08 06:46]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Free YouTube Download - c:\documents and settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\pizo2y8c.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Runescape Community Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - %profile%\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-19 18:15
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b8,02,1a,07,5a,f8,ac,d7,2f,9f,7d,5a,e4,a4,7c,9f,9f,29,cc,64,59,67,fc,
18,71,68,cf,8d,63,bf,e6,9e,8b,40,7b,13,f4,ba,0b,a0,aa,06,87,ad,34,8d,a9,da,\
"??"=hex:df,ce,e3,2d,23,73,dd,c0,23,89,95,e8,fb,4e,a2,ec
.
[HKEY_USERS\S-1-5-21-1078081533-879983540-1177238915-500\Software\SecuROM\License information*]
"datasecu"=hex:4f,aa,61,66,96,dc,91,5d,2d,23,48,06,58,a2,64,0b,6b,e9,f0,5e,a8,
45,19,44,81,6d,a4,7d,b4,27,ab,42,dc,d6,41,a9,18,93,11,57,ab,89,2c,ca,1d,fc,\
"rkeysecu"=hex:ce,b6,97,16,6a,6c,1a,de,53,21,e5,03,97,81,82,31
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2800)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-07-19 18:21:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-19 16:20
ComboFix2.txt 2011-07-16 15:50
ComboFix3.txt 2011-07-15 18:03
ComboFix4.txt 2011-07-14 15:13
.
Před spuštěním: Volných bajtů: 11 423 797 248
Po spuštění: Volných bajtů: 11 414 073 344
.
- - End Of File - - FC4476F7E9EBAF31D2F94CF10716913C
SystemLook 04.09.10 by jpshortstuff
Log created at 18:24 on 19/07/2011 by Administrator
Administrator - Elevation successful
========== reg ==========
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"HTTPFilter"="HTTPFilter"
"LocalService"="Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV"
"NetworkService"="DnsCache"
"netsvcs"="6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule Seclogon SENS Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt wscsvc xmlprov napagent hkmsvc BITS wuauserv ShellHWDetection helpsvc WmdmPmSN"
"DcomLaunch"="DcomLaunch TermService"
"rpcss"="RpcSs"
"eapsvcs"="eaphost"
"dot3svc"="dot3svc"
"imgsvc"="StiSvc"
"termsvcs"="TermService"
"WudfServiceGroup"="WUDFSvc"
"Akamai"="Akamai"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\DComLaunch]
"CoInitializeSecurityParam"= 0x0000000001 (1)
"DefaultRpcStackSize"= 0x0000000008 (8)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\dot3svc]
"AuthenticationCapabilities"= 0x0000003020 (12320)
"CoInitializeSecurityParam"= 0x0000000001 (1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\eapsvcs]
"AuthenticationCapabilities"= 0x0000003020 (12320)
"CoInitializeSecurityParam"= 0x0000000001 (1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\HTTPFilter]
"CoInitializeSecurityParam"= 0x0000000001 (1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
"CoInitializeSecurityParam"= 0x0000000001 (1)
"AuthenticationCapabilities"= 0x0000002000 (8192)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
"CoInitializeSecurityParam"= 0x0000000001 (1)
"AuthenticationCapabilities"= 0x0000003020 (12320)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\PCHealth]
"CoInitializeSecurityParam"= 0x0000000002 (2)
"AuthenticationCapabilities"= 0x0000000040 (64)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
"CoInitializeSecurityParam"= 0x0000000001 (1)
"DefaultRpcStackSize"= 0x0000000008 (8)
-= EOF =-
-
chodnik74
- Přítel fóra
- Příspěvky: 4975
- Registrován: 13 zář 2010 21:30
- Bydliště: Napajedla
- Kontaktovat uživatele:
Re: Vyskakující reklamy
Odinstalovat Facemoods a všechny toolbary Otevřeme si Poznámkový blok
- (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
- Vložíme do něj následující script:
Kód: Vybrat vše
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] "Akamai"=- - Soubor uložíme jako oprava.reg (při ukládání nastavte Uložit jako typ:Všechny soubory)
- Poté tento soubor spustíme a potvrdíme
Otevřeme si Služby 
- Stiskněte klávesovou kombinaci WIN+R( nebo start-spustit ),čímž se vám otevře okno pro zadání příkazu pro spuštění. Zkopírujte a vložte sem následujíci text: services.msc a dejte enter
- Otevře se vám okno se službami vašeho pc,najděte následující služby,dvojklikem rozklikněte,klikneme na Zastavit a dále nastavte Typ spuštění:Zakázano
Kód: Vybrat vše
Služba Google Update (gupdate1ca3198986498c0) Služba Google Update (gupdatem)
Stiskněte klávesovou kombinaci WIN+R( nebo start-spustit ),čímž se vám otevře okno pro zadání příkazu pro spuštění a zkopírujte a vložte sem následujíci text: Combofix /Uninstall a dejte enter 
T-Cleaner
- Spustíme,zmáčkneme klávesu A a potvrdíme ENTER(některé antiviry mohou detekovat utilitu jako vir-jedá se o falešný poplach,proto IGNOROVAT nebo dočasně vypnout antivir )
- po použití T-Cleaner smažte
TFC
- Stáhneme a spustíme program
- Klikneme na Start a potvrdíme OK
- Program začne uklízet,poté restartuje pc
- po použití program smažte
1)Čištění dočasných složek + neplatné registry
- Stáhneme a nainstalujeme program
- Spustíme program
- ČISTIČ
Windows zde necháme vše jak je (pokud používáme IE,tak odškrkneme jeho položky) a zaškrkneme položky Start Menu zástupci a Zástupci na ploše
Aplikace - necháme jak je,ale pokud používáme nějaký prohlížeč (Google chrome,Firefox,Opera..) tak odškrkneme jeho položky
>Stiskeneme tlačítko Analyzovat a poté Spustit Cleaner - Registry
>Stiskneme tlačítko Hledej problémy,program začne hledat neplatné registry..podé zvolíme Opravit vybrané problémy..
>Program se zeptá,zda chceme vytvořit zálohu registrů,zvolíme ano a uložíme si někde zálohu(kdyby byli po opravení registru s něčím problémy,tak zálohu obnovíme tak,že spustíme uloženou zálohu a potvrdíme ano),dále zvolíme Opravit všechny problémy a Zavřít
>opakujte dokud nebude registr bez problémů - Program používáme 1x 14dní (záleží na používání pc,můžeme i jednou týdně)
Defraggler
- Stáhneme a nainstalujeme program
- Spustíme program
- Vybereme disk ( C:,D:..prostě který používáme)
- Pokud je ve sloupci Fragmentace více než 5% dejte Defragmentovat
- Proveďte se všemi používanými disky
- Provádíme 1x za měsíc
FileHippo.com Update Checker
- Stáhneme a nainstalujeme program(Při instalaci odškrkneme volbu Run at Startup )
- Spustíme program
- Program vyhledá nainstalované programy v PC a zjistí dostupné aktualizace
- Poté se vám otevře internetová stránka,kde budou nabídnuté aplikace k aktualizování
>X Updates Detected..to jsou dostupné aktualizace..
> klikneme na zelenou šipečku a stáhneme program,poté nainstalujeme jeho aktuální verzi
> X Beta Updates Detected..tyto aktualizace nestahujte,jedná se o betaverze,které jsou ve vývoji a jsou nestabilní - Provádíme 1x za 14 dní nebo jednou za měsíc
Jak se chová PC + nový RSITNapiš mi: chodnik74@gmail.com nebo
>RSIT<>MBAM<>VirusTotal
Doporučuji: |
Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce!
Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!
Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.
Pravidla fora: č.1 a č.2
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce! Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.Pravidla fora: č.1 a č.2
Přispějete na provoz fóra?