Logfile of random's system information tool 1.06 (written by random/random)
Run by Tonda at 2010-01-12 16:57:47
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (3%) free of 76 GB
Total RAM: 1023 MB (10% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57:56, on 12.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Nexus Radio\Nexus Radio.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Webteh\BSplayer\bsplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QIP Infium\infium.exe
C:\Documents and Settings\Tonda\Plocha\RSIT.exe
C:\Program Files\trend micro\Tonda.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [Nexus Radio] C:\Program Files\Nexus Radio\Nexus Radio.exe -0
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\Tonda\Plocha\utorrent.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Rainlendar2.lnk = C:\Program Files\Rainlendar2\Rainlendar2.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F7F6FF4-4B23-4578-9A57-5D7F74DFD9BD}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{18AD2758-2138-423C-AF19-DB0155D17C16}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED3BFDD1-6B15-4D89-8B69-AD06A4BBE2DC}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F7F6FF4-4B23-4578-9A57-5D7F74DFD9BD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{0F7F6FF4-4B23-4578-9A57-5D7F74DFD9BD}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c97cdab02943) (gupdate1c97cdab02943) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXE
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Tonda/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
--
End of file - 11220 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-05-07 722472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2005-01-10 4628480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2005-01-10 86016]
"AudioDrvEmulator"=C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [2005-06-16 49152]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"WinFast Schedule"=C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2006-04-27 344064]
"SpywareTerminator"=C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe [2007-08-10 2776576]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2006-12-26 196608]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]
"Nexus Radio"=C:\Program Files\Nexus Radio\Nexus Radio.exe [2008-04-09 3022848]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-01 77824]
"CTDVDDET"=C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE [2003-06-18 45056]
"CTSysVol"=C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe [2005-02-15 57344]
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2005-06-18 16384]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2007-05-07 23395368]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-03 165784]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1825792]
"uTorrent"=C:\Documents and Settings\Tonda\Plocha\utorrent.exe [2009-10-15 289072]
"Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CamTray.exe [2005-10-27 299008]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Rainlendar2.lnk - C:\Program Files\Rainlendar2\Rainlendar2.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E425A88A-9461-46B2-8E78-34A1A4FC148F}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\geeba.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Tonda\Plocha\utorrent.exe"="C:\Documents and Settings\Tonda\Plocha\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.reg - open - "regedit.exe" "%1"
======List of files/folders created in the last 1 months======
2010-01-12 16:57:47 ----D---- C:\rsit
2010-01-12 16:57:47 ----D---- C:\Program Files\trend micro
2010-01-12 15:46:41 ----D---- C:\Program Files\SpeedFan
2010-01-10 14:34:43 ----D---- C:\babel
2009-12-26 10:46:13 ----D---- C:\Program Files\MSECache
======List of files/folders modified in the last 1 months======
2010-01-12 16:57:47 ----D---- C:\Program Files
2010-01-12 16:25:48 ----D---- C:\Documents and Settings\Tonda\Data aplikací\Skype
2010-01-12 16:08:37 ----D---- C:\Program Files\Mozilla Firefox
2010-01-12 15:38:54 ----D---- C:\Documents and Settings\Tonda\Data aplikací\BSplayer
2010-01-12 15:32:35 ----D---- C:\WINDOWS\system32\LogFiles
2010-01-12 15:32:35 ----D---- C:\WINDOWS\Prefetch
2010-01-12 15:32:34 ----D---- C:\WINDOWS\Minidump
2010-01-12 15:32:34 ----D---- C:\WINDOWS
2010-01-12 15:32:33 ----D---- C:\WINDOWS\Temp
2010-01-12 15:31:37 ----D---- C:\Program Files\CCleaner
2010-01-12 15:26:11 ----D---- C:\Documents and Settings\Tonda\Data aplikací\uTorrent
2010-01-12 15:24:39 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-12 15:20:05 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-01-12 15:12:42 ----D---- C:\WINDOWS\system32\oodag
2010-01-10 17:29:26 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-08 14:57:27 ----A---- C:\WINDOWS\WINCMD.INI
2010-01-06 19:45:15 ----A---- C:\WINDOWS\wcx_ftp.ini
2009-12-26 10:46:38 ----SHD---- C:\WINDOWS\Installer
2009-12-26 10:46:35 ----D---- C:\WINDOWS\Fonts
2009-12-26 10:46:31 ----D---- C:\Program Files\Microsoft Office
2009-12-26 10:46:29 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-21 12:21:30 ----A---- C:\WINDOWS\wwp.INI
2009-12-21 01:32:33 ----DC---- C:\WINDOWS\system32\dllcache
2009-12-21 01:32:28 ----D---- C:\WINDOWS\system32\drivers
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-10-21 35840]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2006-12-15 8704]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 72624]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 CX23880;WinFast CX2388x WDM Video Capture.; C:\WINDOWS\system32\drivers\cx88vid.sys [2005-06-28 163584]
R2 CXTUNE;WinFast CX2388x WDM TVTuner.; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2005-06-28 30976]
R2 Prvflder;Prvflder; C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 70912]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-01 2300928]
R3 aswRdr;aswRdr; \??\C:\WINDOWS\system32\drivers\aswRdr.sys []
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2005-06-18 501760]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2005-06-18 438784]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2005-06-18 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-06-18 142336]
R3 CXAVXBAR;WinFast CX2388x WDM Crossbar.; C:\WINDOWS\system32\drivers\cxavxbar.sys [2005-06-28 9728]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2005-06-18 77824]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2005-06-18 751104]
R3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2005-06-18 178688]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-12-05 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-12-05 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-01-10 3224480]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-05-17 33280]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-05-17 12928]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-06-18 114688]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-07-16 70400]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 V0260VID;Live! Cam Vista IM; C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-03 178913]
R3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 a7ujn0f4;a7ujn0f4; C:\WINDOWS\system32\drivers\a7ujn0f4.sys []
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2006-12-15 13824]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\Tonda\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-06-07 340176]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-05-13 17480]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2005-06-18 153088]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys []
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys []
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys []
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys []
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys []
S3 M2500;802.11g Wireless Network Driver; C:\WINDOWS\system32\DRIVERS\M2500.sys [2004-06-24 191360]
S3 MSICPL;MSICPL; \??\E:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-07-17 47360]
S3 PSSdk21;PSSdk21; \??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2005-01-10 127043]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
R2 prfldsvc;Private Folder Service; C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe [2006-04-21 69632]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\PROGRA~1\SPYWAR~1\sp_rsser.exe [2007-08-10 965632]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 UxTuneUp;TuneUp Design Expansion; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S2 gupdate1c97cdab02943;Google Update Service (gupdate1c97cdab02943); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-01-22 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-08-02 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PSEXESVC;PsExec; C:\WINDOWS\PSEXESVC.EXE [2008-04-22 95808]
S3 sp_clamsrv;Spyware Terminator Clam Service; C:\Program Files\WinClamAVShield\sp_clamsrv.exe [2007-06-19 320000]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
kontrola
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: kontrola
Dobré ranko 
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe - ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: kontrola
ComboFix 10-01-12.04 - Tonda 13.01.2010 12:22:16.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.306 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tonda\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100112-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\windows\BM3313f500.xml
c:\windows\pskt.ini
c:\windows\system32\abeeg.ini
c:\windows\system32\abeeg.ini2
c:\windows\system32\afqiloow.ini
c:\windows\system32\agdmhdbt.ini
c:\windows\system32\ajwxtisa.ini
c:\windows\system32\baakxxlf.ini
c:\windows\system32\bdrlxfat.ini
c:\windows\system32\cchwfdwf.ini
c:\windows\system32\Data
c:\windows\system32\Data\CT0060W.DAT
c:\windows\system32\Data\CTEAPSW.DAT
c:\windows\system32\Data\CTEDSP2W.DAT
c:\windows\system32\Data\CTEDSPKW.DAT
c:\windows\system32\Data\CTEDSPLW.DAT
c:\windows\system32\Data\CTEDSPPW.DAT
c:\windows\system32\Data\CTEDSPTW.DAT
c:\windows\system32\Data\CTEDSPUW.DAT
c:\windows\system32\Data\CTEDSPW.DAT
c:\windows\system32\Data\CTP0060W.DAT
c:\windows\system32\Data\CTP0061W.DAT
c:\windows\system32\Data\CTP0070W.DAT
c:\windows\system32\Data\CTP0073W.DAT
c:\windows\system32\Data\CTP0090W.DAT
c:\windows\system32\Data\CTP0091W.DAT
c:\windows\system32\Data\CTP0092W.DAT
c:\windows\system32\Data\CTP0095W.DAT
c:\windows\system32\Data\CTP0100W.DAT
c:\windows\system32\Data\CTP0101W.DAT
c:\windows\system32\Data\CTP0102W.DAT
c:\windows\system32\Data\CTP0103W.DAT
c:\windows\system32\Data\CTP0105W.DAT
c:\windows\system32\Data\CTP0150W.DAT
c:\windows\system32\Data\CTP0161W.DAT
c:\windows\system32\Data\CTP0162W.DAT
c:\windows\system32\Data\CTP0170W.DAT
c:\windows\system32\Data\CTP017AW.DAT
c:\windows\system32\Data\CTP017BW.DAT
c:\windows\system32\Data\CTP017CW.DAT
c:\windows\system32\Data\CTP017DW.DAT
c:\windows\system32\Data\CTP017EW.DAT
c:\windows\system32\Data\CTP017FW.DAT
c:\windows\system32\Data\CTP017GW.DAT
c:\windows\system32\Data\CTP017HW.DAT
c:\windows\system32\Data\CTP0191W.DAT
c:\windows\system32\Data\CTP0192W.DAT
c:\windows\system32\Data\CTP0221W.DAT
c:\windows\system32\Data\CTP0222W.DAT
c:\windows\system32\Data\CTP0230W.DAT
c:\windows\system32\Data\CTP0231W.DAT
c:\windows\system32\Data\CTP0232W.DAT
c:\windows\system32\Data\CTP0238W.DAT
c:\windows\system32\Data\CTP0240W.DAT
c:\windows\system32\Data\CTP0242W.DAT
c:\windows\system32\Data\CTP0243W.DAT
c:\windows\system32\Data\CTP0244W.DAT
c:\windows\system32\Data\CTP0245W.DAT
c:\windows\system32\Data\CTP0249W.DAT
c:\windows\system32\Data\CTP0280W.DAT
c:\windows\system32\Data\CTP0320W.DAT
c:\windows\system32\Data\CTP0350W.DAT
c:\windows\system32\Data\CTP0352W.DAT
c:\windows\system32\Data\CTP0360W.DAT
c:\windows\system32\Data\CTP0380W.DAT
c:\windows\system32\Data\CTP0400W.DAT
c:\windows\system32\Data\CTP0530L.DAT
c:\windows\system32\Data\CTP0530W.DAT
c:\windows\system32\Data\CTP0600W.DAT
c:\windows\system32\Data\CTP0610W.DAT
c:\windows\system32\Data\CTP1140W.DAT
c:\windows\system32\Data\CTP4620W.DAT
c:\windows\system32\Data\CTP4670W.DAT
c:\windows\system32\Data\CTP4760W.DAT
c:\windows\system32\Data\CTP4780W.DAT
c:\windows\system32\Data\CTP4790W.DAT
c:\windows\system32\Data\CTP4820W.DAT
c:\windows\system32\Data\CTP4830W.DAT
c:\windows\system32\Data\CTP4831W.DAT
c:\windows\system32\Data\CTP4832W.DAT
c:\windows\system32\Data\CTP4840W.DAT
c:\windows\system32\Data\CTP4850W.DAT
c:\windows\system32\Data\CTP4870W.DAT
c:\windows\system32\Data\CTP4871W.DAT
c:\windows\system32\Data\CTP4872W.DAT
c:\windows\system32\Data\CTP4875W.DAT
c:\windows\system32\Data\CTP4890W.DAT
c:\windows\system32\Data\CTP4891W.DAT
c:\windows\system32\Data\CTP4893W.DAT
c:\windows\system32\Data\CTPDXW.DAT
c:\windows\system32\Data\CTPM002W.DAT
c:\windows\system32\dktvtflk.ini
c:\windows\system32\doawujuo.ini
c:\windows\system32\eeiyljga.ini
c:\windows\system32\fckbdtft.ini
c:\windows\system32\fthakvnr.ini
c:\windows\system32\ftshhgan.ini
c:\windows\system32\hjwidxwr.ini
c:\windows\system32\iekjcedx.ini
c:\windows\system32\ieuinit.inf
c:\windows\system32\Ijl11.dll
c:\windows\system32\jqgljjpc.ini
c:\windows\system32\kifyeuqy.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\oqhccgub.ini
c:\windows\system32\poeuywus.ini
c:\windows\system32\rqtmgxqe.ini
c:\windows\system32\skhppgxa.ini
c:\windows\system32\spsgotti.ini
c:\windows\system32\svnycsdx.ini
c:\windows\system32\svybiaie.ini
c:\windows\system32\tbjbxysw.ini
c:\windows\system32\tcydvvbc.ini
c:\windows\system32\tiexwnan.ini
c:\windows\system32\tmp18.tmp
c:\windows\system32\twain_32.dll
c:\windows\system32\wajqcxkg.ini
c:\windows\system32\wffqxghr.ini
c:\windows\system32\xuwukufb.ini
c:\windows\system32\ywfwlxif.ini
Nakažená kopie c:\windows\system32\midimap.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\VistaMizer\old\midimap.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DOMAINSERVICE
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-13 do 2010-01-13 )))))))))))))))))))))))))))))))
.
2010-01-12 15:57 . 2010-01-12 15:58 -------- d-----w- C:\rsit
2010-01-12 15:57 . 2010-01-12 15:57 -------- d-----w- c:\program files\trend micro
2010-01-12 14:46 . 2010-01-12 14:51 -------- d-----w- c:\program files\SpeedFan
2010-01-10 13:34 . 2010-01-10 13:35 -------- d-----w- C:\babel
2009-12-26 09:46 . 2009-12-26 09:46 -------- d-----w- c:\program files\MSECache
2009-12-21 00:32 . 2004-08-03 22:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-12-21 00:32 . 2004-08-03 22:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-12-20 14:25 . 2004-10-19 08:07 9728 ------w- c:\windows\system32\drivers\PfModNT.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 11:42 . 2007-08-03 13:24 -------- d-----w- c:\program files\Nexus Radio
2010-01-12 14:31 . 2007-05-13 18:07 -------- d-----w- c:\program files\CCleaner
2010-01-04 14:28 . 2009-03-29 20:30 3532 ----a-w- C:\drmHeader.bin
2009-12-07 13:01 . 2009-11-03 19:37 -------- d-----w- c:\program files\Stylish Profile
2009-11-24 23:54 . 2007-05-13 18:55 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2007-05-13 18:55 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2007-05-13 18:55 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-04-08 09:25 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-04-08 09:25 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2007-05-13 18:55 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-05-13 18:55 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-05-13 18:55 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2007-05-13 18:55 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-18 16:19 . 2002-12-05 12:00 86746 ----a-w- c:\windows\system32\perfc005.dat
2009-11-18 16:19 . 2002-12-05 12:00 449834 ----a-w- c:\windows\system32\perfh005.dat
2009-11-02 22:44 . 2007-05-13 17:25 81920 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 . 2007-12-04 19:56 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2007-12-04 19:56 31232 --sha-r- c:\windows\system32\msfDX.dll
2004-08-17 13:49 . 2008-08-24 07:19 60416 --sha-w- c:\windows\VistaMizer\old\msimn.exe
.
------- Sigcheck -------
[-] 2004-08-17 . 96112B362A1F419384CE57E5D92C6267 . 541696 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-08-17 . 96112B362A1F419384CE57E5D92C6267 . 541696 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[7] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\VistaMizer\old\winlogon.exe
[-] 2002-12-05 . FF8857D1AF59071F172C0FAD0FD33E87 . 516608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2006-08-25 . D40513CF64FB1BFDE53A1D346CB95299 . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . D40513CF64FB1BFDE53A1D346CB95299 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . D40513CF64FB1BFDE53A1D346CB95299 . 724992 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2006-08-25 . E26B26189B786E6B092F002041D5A1E2 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
[-] 2002-12-05 . 018875C2BB77F304A7CF7153E088DAAA . 557056 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2007-10-30 . 6F5E46E259DC11D0B958EAEEAB901921 . 3472384 . . [6.00.2900.3243] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2007-10-30 . 6F5E46E259DC11D0B958EAEEAB901921 . 3472384 . . [6.00.2900.3243] . . c:\windows\system32\mshtml.dll
[-] 2007-10-30 . 6F5E46E259DC11D0B958EAEEAB901921 . 3472384 . . [6.00.2900.3243] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2007-10-30 . 72A740DB336912F140C4C0F3C6E73EF9 . 3079680 . . [6.00.2900.3243] . . c:\windows\VistaMizer\old\mshtml.dll
[7] 2007-10-30 . F78A71834C592859A55513D7CD22C6E1 . 3086848 . . [6.00.2900.3243] . . c:\windows\$hf_mig$\KB942615\SP2QFE\mshtml.dll
[7] 2007-06-15 . 345CCD93D4E0F5B5F8EA523B08D650F4 . 3085312 . . [6.00.2900.3157] . . c:\windows\$hf_mig$\KB937143\SP2QFE\mshtml.dll
[7] 2007-05-04 . A027B748F87BA6FD7E2CE314A206DB5A . 3085312 . . [6.00.2900.3132] . . c:\windows\$hf_mig$\KB933566\SP2QFE\mshtml.dll
[7] 2007-02-19 . 2C70EDDA08BA09D9CF19F3A46927A278 . 3084288 . . [6.00.2900.3086] . . c:\windows\$hf_mig$\KB931768\SP2QFE\mshtml.dll
[-] 2002-12-05 . 876417092E5341E0A2287D06D3DC27F2 . 2833920 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
[7] 2007-02-28 . D40B4F66D877802EC5E655B91B5490FA . 2184320 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2007-02-28 . C09CA7FAFFC40BBFACEEB9F0F429F673 . 2182528 . . [5.1.2600.3093] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2007-02-28 . 3F45A19DEE4810EF6A5DEF8047A3DFFB . 2439680 . . [5.1.2600.3093] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2007-02-28 . 3F45A19DEE4810EF6A5DEF8047A3DFFB . 2439680 . . [5.1.2600.3093] . . c:\windows\system32\ntoskrnl.exe
[-] 2007-02-28 . 3F45A19DEE4810EF6A5DEF8047A3DFFB . 2439680 . . [5.1.2600.3093] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2007-02-28 . C09CA7FAFFC40BBFACEEB9F0F429F673 . 2182528 . . [5.1.2600.3093] . . c:\windows\VistaMizer\old\ntoskrnl.exe
[7] 2005-03-02 . 7FABE135EAC02A4BC8094B831ADC0CC3 . 2181632 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2002-12-05 . 21CDBE74E5C5F435B6C27DDA1BD27B34 . 2042112 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2007-10-11 . AB6525DB8A79B0C4EDB42DD43ACFEE0E . 805376 . . [6.00.2900.3231] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2007-10-11 . AB6525DB8A79B0C4EDB42DD43ACFEE0E . 805376 . . [6.00.2900.3231] . . c:\windows\system32\wininet.dll
[-] 2007-10-11 . AB6525DB8A79B0C4EDB42DD43ACFEE0E . 805376 . . [6.00.2900.3231] . . c:\windows\system32\dllcache\wininet.dll
[7] 2007-10-11 . 11CAE3F562451FEDA69FEFE453657D2E . 660480 . . [6.00.2900.3231] . . c:\windows\VistaMizer\old\wininet.dll
[7] 2007-10-11 . 20DBD2AA8E1BC32BC8CAA03BD44F8D4E . 667136 . . [6.00.2900.3231] . . c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
[7] 2007-06-26 . 59F33ED26E4F253DC4EB4E7CEA766953 . 666624 . . [6.00.2900.3164] . . c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
[7] 2007-04-18 . 0C48AC2AB588FA90689C01FF40F6984C . 666624 . . [6.00.2900.3121] . . c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
[7] 2007-02-19 . 1B6588693895000623B366CD4D4786CC . 666624 . . [6.00.2900.3086] . . c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
[-] 2002-12-05 . D1A616D5337E344A0DD6C6DF7733A6C3 . 600064 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2007-06-13 . 3AC47EAC2BD0B93621B55DCD4C547956 . 1551872 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 3AC47EAC2BD0B93621B55DCD4C547956 . 1551872 . . [6.00.2900.3156] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 3AC47EAC2BD0B93621B55DCD4C547956 . 1551872 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[7] 2007-06-13 . ED7B460B142A32097B8A8F6ECC941815 . 1033728 . . [6.00.2900.3156] . . c:\windows\VistaMizer\old\explorer.exe
[7] 2007-06-13 . 9B32416BD5988C97B6397CE0B02CAF97 . 1033728 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2002-12-05 . 11D80755545CFB5EB9659EE88440EAE2 . 1004544 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-17 . 5050A0B550CCF3FFBC3DAD33524A4DC1 . 25088 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-17 . 5050A0B550CCF3FFBC3DAD33524A4DC1 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\VistaMizer\old\ctfmon.exe
[-] 2002-12-05 . 8708BE15AC5F27386B5D5FE7A1EBAF26 . 13312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2007-02-28 . A873FF1754E2A81CB1A34588CAB363D6 . 2061568 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2007-02-28 . C80BCA19AA7D4DC37857E9F8250756DA . 2059776 . . [5.1.2600.3093] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2007-02-28 . 2AD238C6374FB8878CC47329CFA6905D . 2316928 . . [5.1.2600.3093] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 2AD238C6374FB8878CC47329CFA6905D . 2316928 . . [5.1.2600.3093] . . c:\windows\system32\ntkrnlpa.exe
[-] 2007-02-28 . 2AD238C6374FB8878CC47329CFA6905D . 2316928 . . [5.1.2600.3093] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2007-02-28 . C80BCA19AA7D4DC37857E9F8250756DA . 2059776 . . [5.1.2600.3093] . . c:\windows\VistaMizer\old\ntkrnlpa.exe
[7] 2005-03-02 . 9355304DD565E23F8EE294720B2C03E5 . 2059008 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2002-12-05 . 42D5A8CF5E356F48FB36E388B1D87E6E . 1947776 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-05-07 23395368]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1825792]
"uTorrent"="c:\documents and settings\Tonda\Plocha\utorrent.exe" [2009-10-15 289072]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-01-10 4628480]
"nwiz"="nwiz.exe" [2005-01-10 921600]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-01-10 86016]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-04-27 344064]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2007-08-10 2776576]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 196608]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Nexus Radio"="c:\program files\Nexus Radio\Nexus Radio.exe" [2008-04-09 3022848]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 77824]
"CTDVDDET"="c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTSysVol"="c:\program files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"CTHelper"="CTHELPER.EXE" [2005-06-18 16384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 25088]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Rainlendar2.lnk - c:\program files\Rainlendar2\Rainlendar2.exe [2007-7-24 1298432]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Tonda\\Plocha\\utorrent.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.5.2007 19:10 682232]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8.4.2008 10:25 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.4.2007 9:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.4.2007 9:21 72624]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [13.5.2007 18:43 138624]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.4.2008 10:25 20560]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21.4.2006 7:22 70912]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26.4.2007 9:21 1234480]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [13.12.2007 19:55 178913]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [13.5.2007 18:32 9446]
S2 gupdate1c97cdab02943;Google Update Service (gupdate1c97cdab02943);c:\program files\Google\Update\GoogleUpdate.exe [22.1.2009 22:40 133104]
S3 PSEXESVC;PsExec;c:\windows\PSEXESVC.EXE [22.4.2008 20:04 95808]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-12-25 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-05-20 17:17]
2009-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]
2010-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-22 21:40]
2010-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-22 21:40]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search13.net/
uDefault_Search_URL = hxxp://search13.net/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
TCP: {0F7F6FF4-4B23-4578-9A57-5D7F74DFD9BD} = 192.168.1.1
TCP: {18AD2758-2138-423C-AF19-DB0155D17C16} = 192.168.1.1
TCP: {ED3BFDD1-6B15-4D89-8B69-AD06A4BBE2DC} = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Tonda\Data aplikací\Mozilla\Firefox\Profiles\77lv25t6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search13.net/search.php?clid=486&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-owns stop site - c:\docume~1\Tonda\DATAAP~1\SETUPC~1\Obj Comp.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 12:42
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys sptd.sys >>UNKNOWN [0x873728A8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf76d9fc3
\Driver\ACPI -> ACPI.sys @ 0xf744ccb8
\Driver\atapi -> 0x873bc1e8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSSdk21]
"ImagePath"="\??\c:\windows\system32\Drivers\HNPsSdk.drv"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1614895754-1606980848-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3e,95,1a,7d,fb,33,00,84,36,35,cc,59,f0,d7,c3,db,d9,b3,07,43,7e,79,74,
5a,ab,ad,6c,e1,61,7f,cd,ad,58,ef,f9,14,8a,05,e6,64,a1,6b,a7,81,44,aa,fc,56,\
"??"=hex:8c,70,ba,2c,50,2b,ba,da,7e,3b,fc,00,8d,cd,49,51
[HKEY_USERS\S-1-5-21-1614895754-1606980848-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:57,ee,17,99,73,b5,b5,d6,4e,f2,a4,51,89,f3,84,e4,f1,5f,88,8e,1a,
c4,c0,a9,b7,55,5f,71,69,59,f9,74,4c,98,6b,d9,82,1d,67,f6,07,57,ef,8c,79,e2,\
"rkeysecu"=hex:28,c8,e0,1b,94,9d,51,39,26,64,c8,ae,78,9c,db,88
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="630B3303897273E088B7984833849BB6863035EE2F90122EFBEF7506D3F589CE869141B8828D9407D7796EF78381214CE65A3B0EFCF6FB83A0845DE3F28565BFBB812631DB043DCF100D296B409936977ED17E89F22DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CA6171C11EC38DE3DC038D530D6EB345262458D551759B821344A32F1300CD4414EF66711B75ED72548E2595CA40F23DF3BA77C339D5FD0E5FE3D796D3262ED6DEAA5A5672E853429AE6F8DE6F77BE256B7F71349FAF0208A2A919303AA0E65E6E36AA4F48FCF0E8816CA5C8563A4DDD76AA1309845E82B9937E059CA6FA90CDD4CA9D60591339D3643C7EFD9A17DD4BCE78355B9D5DBDE6EAEB5C7711E8394D43D3AD1F9B0DD01F8FEAC179A2E30EE32C9EF2BD7CB0E0A3D99107BB6121D19A1516C4CC82D2D3AEC95B242904B97B4B9AF2F7A3288F7E08B8765BAED70AE95F0A800A5F98CB5AC02D789879CFDC416A7B97BB49A3348F9310B9CED0121A1683F66A85D2D15BEA2FC99CF222E0F7D65A48C836BFAB46050DD3A929EEBCD15D86132119711D3C3C973B41F6ECD8B3958AD54EB55CC3CD6C492AF157F3EE65B0EFCB8551FEB9874B4D30580EF94C4248A133CC9CC9FBB731AA58B6AE11D1FFA948D2808DF97F73456DB6BEF4BB0D09EF87978295217E8B3773F6EC9BFBF6DADDC6035ACEA80491A0A20CC6249E5873E085A3C080869BE4B68DF016034F30CE3BA9A963CF4282AF20C8892BBDA88074B7B82C25BB4E37A9CDBD66BCCFD987B3EE63109A3D6A4F83D7ECF27D71083B0417F12490943E39EC3264B5F2303A2FE15FD6F4CC50E9D5CACE687FC831F562851A2FE126CC3DDF08DFEB68D6C4A1A1D7181F32375BAD139292D1209806111D6E0D61061D3E6587C7B00E62CA37F9A2112D331D5FD2311BDCDA0A74385555CEA08F0E30103056F0EC2A9FCF739F2569A69BDEF2F192EC25AE9F154A6BC1D70D512ADEABF301851B9CCDF6F2D11188FDA1FEC487F7B695E420136F737C3FD1D4B01AA686F8741C1D4B7E8871083089FFB8C702A1AC787F2ED4B67C4F62DE1C3C5886AF76427409878D47164675CFCF257C0BDD85797DA9F1A346244707E575B8112D283F822FE40842907767DDB57888CFD2CE912785E9A465BE8512EB190EC00B8AE4D0A808539196F9F0420361B76FD3B79C9AB6AAC2DB514201DC1346219074EAD6AFA3C85161E149026A29271E3D322C43605628935F265122A41E9478F9E575F43AF4450FCBDB8954BDB8E240D789192C1874B5823478A2BD0C2275C97148BBB1392FCDCAA65B2CE35A6B725439B1D4CD39E81A17CC5F43D3B6536650CF8D71EEC12BA456E460DBFF9E09406E9AF0BBD27B95413DABF467E6B4856"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'explorer.exe'(2440)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\System32\mshtml.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\program files\Microsoft Private Folder 1.0\ShellExt.dll
c:\windows\system32\PFLib.dll
c:\windows\System32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\System32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\program files\Microsoft Private Folder 1.0\PrfldSvc.exe
c:\progra~1\SPYWAR~1\sp_rsser.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\msiexec.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-01-13 12:52:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-13 11:52
Před spuštěním: 2 059 890 688
Po spuštění: 1 925 328 896
- - End Of File - - ED2D0CFF026626367505DE4176F46AE4
jinak ComboFix si celkem pohral s nastavenim, predevsim s nasatavenim zvuku, ale uz sem si to dal do poradku.. akorat sem musel preinstalovat ovladace..
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.306 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tonda\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100112-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\windows\BM3313f500.xml
c:\windows\pskt.ini
c:\windows\system32\abeeg.ini
c:\windows\system32\abeeg.ini2
c:\windows\system32\afqiloow.ini
c:\windows\system32\agdmhdbt.ini
c:\windows\system32\ajwxtisa.ini
c:\windows\system32\baakxxlf.ini
c:\windows\system32\bdrlxfat.ini
c:\windows\system32\cchwfdwf.ini
c:\windows\system32\Data
c:\windows\system32\Data\CT0060W.DAT
c:\windows\system32\Data\CTEAPSW.DAT
c:\windows\system32\Data\CTEDSP2W.DAT
c:\windows\system32\Data\CTEDSPKW.DAT
c:\windows\system32\Data\CTEDSPLW.DAT
c:\windows\system32\Data\CTEDSPPW.DAT
c:\windows\system32\Data\CTEDSPTW.DAT
c:\windows\system32\Data\CTEDSPUW.DAT
c:\windows\system32\Data\CTEDSPW.DAT
c:\windows\system32\Data\CTP0060W.DAT
c:\windows\system32\Data\CTP0061W.DAT
c:\windows\system32\Data\CTP0070W.DAT
c:\windows\system32\Data\CTP0073W.DAT
c:\windows\system32\Data\CTP0090W.DAT
c:\windows\system32\Data\CTP0091W.DAT
c:\windows\system32\Data\CTP0092W.DAT
c:\windows\system32\Data\CTP0095W.DAT
c:\windows\system32\Data\CTP0100W.DAT
c:\windows\system32\Data\CTP0101W.DAT
c:\windows\system32\Data\CTP0102W.DAT
c:\windows\system32\Data\CTP0103W.DAT
c:\windows\system32\Data\CTP0105W.DAT
c:\windows\system32\Data\CTP0150W.DAT
c:\windows\system32\Data\CTP0161W.DAT
c:\windows\system32\Data\CTP0162W.DAT
c:\windows\system32\Data\CTP0170W.DAT
c:\windows\system32\Data\CTP017AW.DAT
c:\windows\system32\Data\CTP017BW.DAT
c:\windows\system32\Data\CTP017CW.DAT
c:\windows\system32\Data\CTP017DW.DAT
c:\windows\system32\Data\CTP017EW.DAT
c:\windows\system32\Data\CTP017FW.DAT
c:\windows\system32\Data\CTP017GW.DAT
c:\windows\system32\Data\CTP017HW.DAT
c:\windows\system32\Data\CTP0191W.DAT
c:\windows\system32\Data\CTP0192W.DAT
c:\windows\system32\Data\CTP0221W.DAT
c:\windows\system32\Data\CTP0222W.DAT
c:\windows\system32\Data\CTP0230W.DAT
c:\windows\system32\Data\CTP0231W.DAT
c:\windows\system32\Data\CTP0232W.DAT
c:\windows\system32\Data\CTP0238W.DAT
c:\windows\system32\Data\CTP0240W.DAT
c:\windows\system32\Data\CTP0242W.DAT
c:\windows\system32\Data\CTP0243W.DAT
c:\windows\system32\Data\CTP0244W.DAT
c:\windows\system32\Data\CTP0245W.DAT
c:\windows\system32\Data\CTP0249W.DAT
c:\windows\system32\Data\CTP0280W.DAT
c:\windows\system32\Data\CTP0320W.DAT
c:\windows\system32\Data\CTP0350W.DAT
c:\windows\system32\Data\CTP0352W.DAT
c:\windows\system32\Data\CTP0360W.DAT
c:\windows\system32\Data\CTP0380W.DAT
c:\windows\system32\Data\CTP0400W.DAT
c:\windows\system32\Data\CTP0530L.DAT
c:\windows\system32\Data\CTP0530W.DAT
c:\windows\system32\Data\CTP0600W.DAT
c:\windows\system32\Data\CTP0610W.DAT
c:\windows\system32\Data\CTP1140W.DAT
c:\windows\system32\Data\CTP4620W.DAT
c:\windows\system32\Data\CTP4670W.DAT
c:\windows\system32\Data\CTP4760W.DAT
c:\windows\system32\Data\CTP4780W.DAT
c:\windows\system32\Data\CTP4790W.DAT
c:\windows\system32\Data\CTP4820W.DAT
c:\windows\system32\Data\CTP4830W.DAT
c:\windows\system32\Data\CTP4831W.DAT
c:\windows\system32\Data\CTP4832W.DAT
c:\windows\system32\Data\CTP4840W.DAT
c:\windows\system32\Data\CTP4850W.DAT
c:\windows\system32\Data\CTP4870W.DAT
c:\windows\system32\Data\CTP4871W.DAT
c:\windows\system32\Data\CTP4872W.DAT
c:\windows\system32\Data\CTP4875W.DAT
c:\windows\system32\Data\CTP4890W.DAT
c:\windows\system32\Data\CTP4891W.DAT
c:\windows\system32\Data\CTP4893W.DAT
c:\windows\system32\Data\CTPDXW.DAT
c:\windows\system32\Data\CTPM002W.DAT
c:\windows\system32\dktvtflk.ini
c:\windows\system32\doawujuo.ini
c:\windows\system32\eeiyljga.ini
c:\windows\system32\fckbdtft.ini
c:\windows\system32\fthakvnr.ini
c:\windows\system32\ftshhgan.ini
c:\windows\system32\hjwidxwr.ini
c:\windows\system32\iekjcedx.ini
c:\windows\system32\ieuinit.inf
c:\windows\system32\Ijl11.dll
c:\windows\system32\jqgljjpc.ini
c:\windows\system32\kifyeuqy.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\oqhccgub.ini
c:\windows\system32\poeuywus.ini
c:\windows\system32\rqtmgxqe.ini
c:\windows\system32\skhppgxa.ini
c:\windows\system32\spsgotti.ini
c:\windows\system32\svnycsdx.ini
c:\windows\system32\svybiaie.ini
c:\windows\system32\tbjbxysw.ini
c:\windows\system32\tcydvvbc.ini
c:\windows\system32\tiexwnan.ini
c:\windows\system32\tmp18.tmp
c:\windows\system32\twain_32.dll
c:\windows\system32\wajqcxkg.ini
c:\windows\system32\wffqxghr.ini
c:\windows\system32\xuwukufb.ini
c:\windows\system32\ywfwlxif.ini
Nakažená kopie c:\windows\system32\midimap.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\VistaMizer\old\midimap.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DOMAINSERVICE
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-13 do 2010-01-13 )))))))))))))))))))))))))))))))
.
2010-01-12 15:57 . 2010-01-12 15:58 -------- d-----w- C:\rsit
2010-01-12 15:57 . 2010-01-12 15:57 -------- d-----w- c:\program files\trend micro
2010-01-12 14:46 . 2010-01-12 14:51 -------- d-----w- c:\program files\SpeedFan
2010-01-10 13:34 . 2010-01-10 13:35 -------- d-----w- C:\babel
2009-12-26 09:46 . 2009-12-26 09:46 -------- d-----w- c:\program files\MSECache
2009-12-21 00:32 . 2004-08-03 22:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-12-21 00:32 . 2004-08-03 22:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-12-20 14:25 . 2004-10-19 08:07 9728 ------w- c:\windows\system32\drivers\PfModNT.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 11:42 . 2007-08-03 13:24 -------- d-----w- c:\program files\Nexus Radio
2010-01-12 14:31 . 2007-05-13 18:07 -------- d-----w- c:\program files\CCleaner
2010-01-04 14:28 . 2009-03-29 20:30 3532 ----a-w- C:\drmHeader.bin
2009-12-07 13:01 . 2009-11-03 19:37 -------- d-----w- c:\program files\Stylish Profile
2009-11-24 23:54 . 2007-05-13 18:55 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2007-05-13 18:55 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2007-05-13 18:55 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-04-08 09:25 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-04-08 09:25 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2007-05-13 18:55 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-05-13 18:55 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-05-13 18:55 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2007-05-13 18:55 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-18 16:19 . 2002-12-05 12:00 86746 ----a-w- c:\windows\system32\perfc005.dat
2009-11-18 16:19 . 2002-12-05 12:00 449834 ----a-w- c:\windows\system32\perfh005.dat
2009-11-02 22:44 . 2007-05-13 17:25 81920 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 . 2007-12-04 19:56 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2007-12-04 19:56 31232 --sha-r- c:\windows\system32\msfDX.dll
2004-08-17 13:49 . 2008-08-24 07:19 60416 --sha-w- c:\windows\VistaMizer\old\msimn.exe
.
------- Sigcheck -------
[-] 2004-08-17 . 96112B362A1F419384CE57E5D92C6267 . 541696 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-08-17 . 96112B362A1F419384CE57E5D92C6267 . 541696 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[7] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\VistaMizer\old\winlogon.exe
[-] 2002-12-05 . FF8857D1AF59071F172C0FAD0FD33E87 . 516608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2006-08-25 . D40513CF64FB1BFDE53A1D346CB95299 . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . D40513CF64FB1BFDE53A1D346CB95299 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . D40513CF64FB1BFDE53A1D346CB95299 . 724992 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2006-08-25 . E26B26189B786E6B092F002041D5A1E2 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
[-] 2002-12-05 . 018875C2BB77F304A7CF7153E088DAAA . 557056 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2007-10-30 . 6F5E46E259DC11D0B958EAEEAB901921 . 3472384 . . [6.00.2900.3243] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2007-10-30 . 6F5E46E259DC11D0B958EAEEAB901921 . 3472384 . . [6.00.2900.3243] . . c:\windows\system32\mshtml.dll
[-] 2007-10-30 . 6F5E46E259DC11D0B958EAEEAB901921 . 3472384 . . [6.00.2900.3243] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2007-10-30 . 72A740DB336912F140C4C0F3C6E73EF9 . 3079680 . . [6.00.2900.3243] . . c:\windows\VistaMizer\old\mshtml.dll
[7] 2007-10-30 . F78A71834C592859A55513D7CD22C6E1 . 3086848 . . [6.00.2900.3243] . . c:\windows\$hf_mig$\KB942615\SP2QFE\mshtml.dll
[7] 2007-06-15 . 345CCD93D4E0F5B5F8EA523B08D650F4 . 3085312 . . [6.00.2900.3157] . . c:\windows\$hf_mig$\KB937143\SP2QFE\mshtml.dll
[7] 2007-05-04 . A027B748F87BA6FD7E2CE314A206DB5A . 3085312 . . [6.00.2900.3132] . . c:\windows\$hf_mig$\KB933566\SP2QFE\mshtml.dll
[7] 2007-02-19 . 2C70EDDA08BA09D9CF19F3A46927A278 . 3084288 . . [6.00.2900.3086] . . c:\windows\$hf_mig$\KB931768\SP2QFE\mshtml.dll
[-] 2002-12-05 . 876417092E5341E0A2287D06D3DC27F2 . 2833920 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
[7] 2007-02-28 . D40B4F66D877802EC5E655B91B5490FA . 2184320 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2007-02-28 . C09CA7FAFFC40BBFACEEB9F0F429F673 . 2182528 . . [5.1.2600.3093] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2007-02-28 . 3F45A19DEE4810EF6A5DEF8047A3DFFB . 2439680 . . [5.1.2600.3093] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2007-02-28 . 3F45A19DEE4810EF6A5DEF8047A3DFFB . 2439680 . . [5.1.2600.3093] . . c:\windows\system32\ntoskrnl.exe
[-] 2007-02-28 . 3F45A19DEE4810EF6A5DEF8047A3DFFB . 2439680 . . [5.1.2600.3093] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2007-02-28 . C09CA7FAFFC40BBFACEEB9F0F429F673 . 2182528 . . [5.1.2600.3093] . . c:\windows\VistaMizer\old\ntoskrnl.exe
[7] 2005-03-02 . 7FABE135EAC02A4BC8094B831ADC0CC3 . 2181632 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2002-12-05 . 21CDBE74E5C5F435B6C27DDA1BD27B34 . 2042112 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2007-10-11 . AB6525DB8A79B0C4EDB42DD43ACFEE0E . 805376 . . [6.00.2900.3231] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2007-10-11 . AB6525DB8A79B0C4EDB42DD43ACFEE0E . 805376 . . [6.00.2900.3231] . . c:\windows\system32\wininet.dll
[-] 2007-10-11 . AB6525DB8A79B0C4EDB42DD43ACFEE0E . 805376 . . [6.00.2900.3231] . . c:\windows\system32\dllcache\wininet.dll
[7] 2007-10-11 . 11CAE3F562451FEDA69FEFE453657D2E . 660480 . . [6.00.2900.3231] . . c:\windows\VistaMizer\old\wininet.dll
[7] 2007-10-11 . 20DBD2AA8E1BC32BC8CAA03BD44F8D4E . 667136 . . [6.00.2900.3231] . . c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
[7] 2007-06-26 . 59F33ED26E4F253DC4EB4E7CEA766953 . 666624 . . [6.00.2900.3164] . . c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
[7] 2007-04-18 . 0C48AC2AB588FA90689C01FF40F6984C . 666624 . . [6.00.2900.3121] . . c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
[7] 2007-02-19 . 1B6588693895000623B366CD4D4786CC . 666624 . . [6.00.2900.3086] . . c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
[-] 2002-12-05 . D1A616D5337E344A0DD6C6DF7733A6C3 . 600064 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2007-06-13 . 3AC47EAC2BD0B93621B55DCD4C547956 . 1551872 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 3AC47EAC2BD0B93621B55DCD4C547956 . 1551872 . . [6.00.2900.3156] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 3AC47EAC2BD0B93621B55DCD4C547956 . 1551872 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[7] 2007-06-13 . ED7B460B142A32097B8A8F6ECC941815 . 1033728 . . [6.00.2900.3156] . . c:\windows\VistaMizer\old\explorer.exe
[7] 2007-06-13 . 9B32416BD5988C97B6397CE0B02CAF97 . 1033728 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2002-12-05 . 11D80755545CFB5EB9659EE88440EAE2 . 1004544 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-17 . 5050A0B550CCF3FFBC3DAD33524A4DC1 . 25088 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-17 . 5050A0B550CCF3FFBC3DAD33524A4DC1 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\VistaMizer\old\ctfmon.exe
[-] 2002-12-05 . 8708BE15AC5F27386B5D5FE7A1EBAF26 . 13312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2007-02-28 . A873FF1754E2A81CB1A34588CAB363D6 . 2061568 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2007-02-28 . C80BCA19AA7D4DC37857E9F8250756DA . 2059776 . . [5.1.2600.3093] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2007-02-28 . 2AD238C6374FB8878CC47329CFA6905D . 2316928 . . [5.1.2600.3093] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 2AD238C6374FB8878CC47329CFA6905D . 2316928 . . [5.1.2600.3093] . . c:\windows\system32\ntkrnlpa.exe
[-] 2007-02-28 . 2AD238C6374FB8878CC47329CFA6905D . 2316928 . . [5.1.2600.3093] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2007-02-28 . C80BCA19AA7D4DC37857E9F8250756DA . 2059776 . . [5.1.2600.3093] . . c:\windows\VistaMizer\old\ntkrnlpa.exe
[7] 2005-03-02 . 9355304DD565E23F8EE294720B2C03E5 . 2059008 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2002-12-05 . 42D5A8CF5E356F48FB36E388B1D87E6E . 1947776 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-05-07 23395368]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1825792]
"uTorrent"="c:\documents and settings\Tonda\Plocha\utorrent.exe" [2009-10-15 289072]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-01-10 4628480]
"nwiz"="nwiz.exe" [2005-01-10 921600]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-01-10 86016]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-04-27 344064]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2007-08-10 2776576]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 196608]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Nexus Radio"="c:\program files\Nexus Radio\Nexus Radio.exe" [2008-04-09 3022848]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 77824]
"CTDVDDET"="c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTSysVol"="c:\program files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"CTHelper"="CTHELPER.EXE" [2005-06-18 16384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 25088]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Rainlendar2.lnk - c:\program files\Rainlendar2\Rainlendar2.exe [2007-7-24 1298432]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Tonda\\Plocha\\utorrent.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.5.2007 19:10 682232]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8.4.2008 10:25 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.4.2007 9:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.4.2007 9:21 72624]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [13.5.2007 18:43 138624]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.4.2008 10:25 20560]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21.4.2006 7:22 70912]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26.4.2007 9:21 1234480]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [13.12.2007 19:55 178913]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [13.5.2007 18:32 9446]
S2 gupdate1c97cdab02943;Google Update Service (gupdate1c97cdab02943);c:\program files\Google\Update\GoogleUpdate.exe [22.1.2009 22:40 133104]
S3 PSEXESVC;PsExec;c:\windows\PSEXESVC.EXE [22.4.2008 20:04 95808]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-12-25 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-05-20 17:17]
2009-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]
2010-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-22 21:40]
2010-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-22 21:40]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search13.net/
uDefault_Search_URL = hxxp://search13.net/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
TCP: {0F7F6FF4-4B23-4578-9A57-5D7F74DFD9BD} = 192.168.1.1
TCP: {18AD2758-2138-423C-AF19-DB0155D17C16} = 192.168.1.1
TCP: {ED3BFDD1-6B15-4D89-8B69-AD06A4BBE2DC} = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Tonda\Data aplikací\Mozilla\Firefox\Profiles\77lv25t6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search13.net/search.php?clid=486&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-owns stop site - c:\docume~1\Tonda\DATAAP~1\SETUPC~1\Obj Comp.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 12:42
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys sptd.sys >>UNKNOWN [0x873728A8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf76d9fc3
\Driver\ACPI -> ACPI.sys @ 0xf744ccb8
\Driver\atapi -> 0x873bc1e8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSSdk21]
"ImagePath"="\??\c:\windows\system32\Drivers\HNPsSdk.drv"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1614895754-1606980848-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3e,95,1a,7d,fb,33,00,84,36,35,cc,59,f0,d7,c3,db,d9,b3,07,43,7e,79,74,
5a,ab,ad,6c,e1,61,7f,cd,ad,58,ef,f9,14,8a,05,e6,64,a1,6b,a7,81,44,aa,fc,56,\
"??"=hex:8c,70,ba,2c,50,2b,ba,da,7e,3b,fc,00,8d,cd,49,51
[HKEY_USERS\S-1-5-21-1614895754-1606980848-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:57,ee,17,99,73,b5,b5,d6,4e,f2,a4,51,89,f3,84,e4,f1,5f,88,8e,1a,
c4,c0,a9,b7,55,5f,71,69,59,f9,74,4c,98,6b,d9,82,1d,67,f6,07,57,ef,8c,79,e2,\
"rkeysecu"=hex:28,c8,e0,1b,94,9d,51,39,26,64,c8,ae,78,9c,db,88
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="630B3303897273E088B7984833849BB6863035EE2F90122EFBEF7506D3F589CE869141B8828D9407D7796EF78381214CE65A3B0EFCF6FB83A0845DE3F28565BFBB812631DB043DCF100D296B409936977ED17E89F22DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CA6171C11EC38DE3DC038D530D6EB345262458D551759B821344A32F1300CD4414EF66711B75ED72548E2595CA40F23DF3BA77C339D5FD0E5FE3D796D3262ED6DEAA5A5672E853429AE6F8DE6F77BE256B7F71349FAF0208A2A919303AA0E65E6E36AA4F48FCF0E8816CA5C8563A4DDD76AA1309845E82B9937E059CA6FA90CDD4CA9D60591339D3643C7EFD9A17DD4BCE78355B9D5DBDE6EAEB5C7711E8394D43D3AD1F9B0DD01F8FEAC179A2E30EE32C9EF2BD7CB0E0A3D99107BB6121D19A1516C4CC82D2D3AEC95B242904B97B4B9AF2F7A3288F7E08B8765BAED70AE95F0A800A5F98CB5AC02D789879CFDC416A7B97BB49A3348F9310B9CED0121A1683F66A85D2D15BEA2FC99CF222E0F7D65A48C836BFAB46050DD3A929EEBCD15D86132119711D3C3C973B41F6ECD8B3958AD54EB55CC3CD6C492AF157F3EE65B0EFCB8551FEB9874B4D30580EF94C4248A133CC9CC9FBB731AA58B6AE11D1FFA948D2808DF97F73456DB6BEF4BB0D09EF87978295217E8B3773F6EC9BFBF6DADDC6035ACEA80491A0A20CC6249E5873E085A3C080869BE4B68DF016034F30CE3BA9A963CF4282AF20C8892BBDA88074B7B82C25BB4E37A9CDBD66BCCFD987B3EE63109A3D6A4F83D7ECF27D71083B0417F12490943E39EC3264B5F2303A2FE15FD6F4CC50E9D5CACE687FC831F562851A2FE126CC3DDF08DFEB68D6C4A1A1D7181F32375BAD139292D1209806111D6E0D61061D3E6587C7B00E62CA37F9A2112D331D5FD2311BDCDA0A74385555CEA08F0E30103056F0EC2A9FCF739F2569A69BDEF2F192EC25AE9F154A6BC1D70D512ADEABF301851B9CCDF6F2D11188FDA1FEC487F7B695E420136F737C3FD1D4B01AA686F8741C1D4B7E8871083089FFB8C702A1AC787F2ED4B67C4F62DE1C3C5886AF76427409878D47164675CFCF257C0BDD85797DA9F1A346244707E575B8112D283F822FE40842907767DDB57888CFD2CE912785E9A465BE8512EB190EC00B8AE4D0A808539196F9F0420361B76FD3B79C9AB6AAC2DB514201DC1346219074EAD6AFA3C85161E149026A29271E3D322C43605628935F265122A41E9478F9E575F43AF4450FCBDB8954BDB8E240D789192C1874B5823478A2BD0C2275C97148BBB1392FCDCAA65B2CE35A6B725439B1D4CD39E81A17CC5F43D3B6536650CF8D71EEC12BA456E460DBFF9E09406E9AF0BBD27B95413DABF467E6B4856"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'explorer.exe'(2440)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\System32\mshtml.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\program files\Microsoft Private Folder 1.0\ShellExt.dll
c:\windows\system32\PFLib.dll
c:\windows\System32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\System32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\program files\Microsoft Private Folder 1.0\PrfldSvc.exe
c:\progra~1\SPYWAR~1\sp_rsser.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\msiexec.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-01-13 12:52:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-13 11:52
Před spuštěním: 2 059 890 688
Po spuštění: 1 925 328 896
- - End Of File - - ED2D0CFF026626367505DE4176F46AE4
jinak ComboFix si celkem pohral s nastavenim, predevsim s nasatavenim zvuku, ale uz sem si to dal do poradku.. akorat sem musel preinstalovat ovladace..
Re: kontrola
Start - ovládací panely - možnosti složky - zobrazení - odkrýt skryté a systémové soubory Dejte soubor otestovat na http://www.virustotal.comc:\windows\system32\Drivers\HNPsSdk.drv
c:\windows\system32\winlogon.exe
c:\windows\system32\comctl32.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\ntoskrnl.exe
c:\windows\system32\wininet.dll
c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\ntkrnlpa.exe
Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
Sem vložte link s výsledky.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?