Prosim o kontrol logu...autorun.inf a ketonneker.exe

Zpráva

dj_blade · #1 Příspěvek od **dj_blade** » 04 úno 2010 00:27

Zdravim....na notebooku jsem se snazi reflashnout bios a stahoval si bootimg diskety a asi tam byl nejaky smejd.Po spusteni PC nebo vlozeni vsech mych flashdisku(uz jsou taky zamorene) se mi spusti instalace nejake pitome aplikace kterou normlane schodim...ale na flashdisky se mi vzdy nakopiruje skryte ketonneker.exe a DEsktop.ini.....

zde je log(nechal sem u RSIT otevrenou tu instalaci te aplikace)

Diky moc.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-02-04 00:26:25
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 76 GB (50%) free of 150 GB
Total RAM: 3070 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:26:27, on 4.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\OrgScheduler1p1Server\SERVER\bin\fbguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\OrgScheduler1p1Server\SERVER\bin\fbserver.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Program Files\Secure Data Organizer\SecureDataOrganizer.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\TC UP\TOTALCMD.EXE
C:\DOCUME~1\Owner\LOCALS~1\Temp\setup.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\is-AV784.tmp\setup.tmp
C:\Documents and Settings\Owner\Plocha\BIOS\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [C:\Documents and Settings\Owner\Data aplikací\Sprinx Systems\SprinxCRM 6.1.3.2\install.exe] C:\Documents and Settings\Owner\Data aplikací\Sprinx Systems\SprinxCRM 6.1.3.2\install.exe /l*v "C:\Documents and Settings\Owner\Data aplikací\Sprinx Systems\SprinxCRM 6.1.3.2\msilog.txt" ProductLanguage=1029 INSTALL_TYPE=1 DB_INSTALL=1 CLOG="C:\Documents and Settings\Owner\Data aplikací\Sprinx Systems\SprinxCRM 6.1.3.2\CLOG.txt" WEB_SITE_NEW_HOST="DJ-E0981F6CAA1C" CM="false" UID="{2890504D-E230-4922-95BD-046143E7906B}" WIN_EDITION=""
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Secure Data Organizer.lnk = ?
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8157869606
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... ctivex.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\OrgScheduler1p1Server\SERVER\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\OrgScheduler1p1Server\SERVER\bin\fbserver.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 15232 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2010-01-13 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll [2009-08-22 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL [2009-08-22 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Program Files\pdfforge Toolbar\SearchSettings.dll [2009-01-30 1114112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll [2009-08-22 378736]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2010-01-13 520192]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-02-18 13680640]
"nwiz"=nwiz.exe /install []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SearchSettings"=C:\Program Files\pdfforge Toolbar\SearchSettings.exe [2009-01-30 992256]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-02-18 86016]
"M-Audio Taskbar Icon"=C:\WINDOWS\System32\M-AudioTaskBarIcon.exe [2008-05-15 356864]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"dvd43"=C:\Program Files\dvd43\dvd43_tray.exe [2006-05-22 694272]
"vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2009-10-22 129584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-09-20 202024]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-07-02 220544]
"OEXPRESS"=C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE [2010-01-13 26624]
"C:\Documents and Settings\Owner\Data aplikací\Sprinx Systems\SprinxCRM 6.1.3.2\install.exe"=C:\Documents and Settings\Owner\Data aplikací\Sprinx Systems\SprinxCRM 6.1.3.2\install.exe [2009-12-10 304040]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

C:\Documents and Settings\Owner\Nabídka Start\Programy\Po spuštění
Secure Data Organizer.lnk - C:\Documents and Settings\Owner\Data aplikací\Microsoft\Installer\{7A5AAE9B-8633-4446-8118-49218CB7D62F}\_68985996F6EA3E4BBEFEFE.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe"="C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe"="C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0136c9d6-60f7-11de-8767-0018f3d54846}]
shell\AutoRun\command - G:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57797006-5acf-11de-8760-0018f3d54846}]
shell\AutoRun\command - G:\hbcd\wintools\autorun.exe
shell\Option1\command - G:\hbcd\wintools\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59fab0c7-7f7b-11de-876f-0018f3d54846}]
shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aaf1f5f2-5f18-11de-8763-0018f3d54846}]
shell\AutoRun\command - WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba082a0a-2207-11de-8744-0018f3d54846}]
shell\AutoRun\command - H:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dda50dab-1a43-11de-b005-806d6172696f}]
shell\AutoRun\command - D:\Setup.exe

======List of files/folders created in the last 1 months======

2010-02-03 23:57:54 ----D---- C:\Program Files\trend micro
2010-02-03 23:57:52 ----D---- C:\rsit
2010-02-03 19:17:51 ----D---- C:\Program Files\FlashBoot
2010-02-03 18:39:44 ----D---- C:\Program Files\Compaq
2010-02-02 20:48:29 ----D---- C:\Program Files\7-Zip
2010-02-02 16:15:13 ----D---- C:\Program Files\Lavalys
2010-02-01 23:15:16 ----D---- C:\Program Files\Ask.com
2010-02-01 22:06:30 ----D---- C:\Program Files\MagicISO
2010-02-01 18:29:40 ----D---- C:\Documents and Settings\Owner\Data aplikací\VMware
2010-02-01 18:10:51 ----RA---- C:\WINDOWS\system32\vnetinst.dll
2010-02-01 18:10:44 ----A---- C:\WINDOWS\system32\vmnetdhcp.exe
2010-02-01 18:10:38 ----A---- C:\WINDOWS\system32\vmnat.exe
2010-02-01 18:10:18 ----A---- C:\WINDOWS\system32\vnetlib.dll
2010-02-01 18:06:57 ----D---- C:\Program Files\Common Files\VMware
2010-02-01 18:03:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\VMware
2010-02-01 18:00:56 ----D---- C:\Program Files\VMware
2010-02-01 16:30:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2010-01-31 18:13:02 ----D---- C:\Documents and Settings\Owner\Data aplikací\HEXelon
2010-01-30 20:04:02 ----D---- C:\Config.Msi
2010-01-29 18:32:50 ----D---- C:\Program Files\OrgScheduler1p1Server
2010-01-29 12:15:51 ----D---- C:\Program Files\CRMfree
2010-01-29 11:55:36 ----D---- C:\Program Files\MSXML 6.0
2010-01-28 23:29:28 ----D---- C:\Documents and Settings\Owner\Data aplikací\Memos
2010-01-28 22:12:11 ----D---- C:\Documents and Settings\Owner\Data aplikací\Sprinx Systems
2010-01-28 21:51:40 ----D---- C:\Documents and Settings\Owner\Data aplikací\Vitolab
2010-01-26 20:16:20 ----D---- C:\INSTALL
2010-01-21 21:12:26 ----D---- C:\Program Files\Mozilla Firefox
2010-01-17 23:22:21 ----D---- C:\Program Files\Yahoo!
2010-01-17 20:54:08 ----D---- C:\Documents and Settings\Owner\Data aplikací\Gamaroff
2010-01-17 16:44:56 ----D---- C:\Documents and Settings\Owner\Data aplikací\Mozilla
2010-01-17 16:44:56 ----D---- C:\Documents and Settings\Owner\Data aplikací\Flock
2010-01-13 11:59:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 11:58:52 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 01:27:54 ----A---- C:\WINDOWS\TRNCOM.INI
2010-01-13 01:25:21 ----A---- C:\WINDOWS\WTRDCTM.INI
2010-01-13 01:24:10 ----D---- C:\TRANSLAT
2010-01-13 01:23:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\LangSoft
2010-01-13 01:22:09 ----D---- C:\Documents and Settings\Owner\Data aplikací\LangSoft
2010-01-12 22:21:51 ----D---- C:\Documents and Settings\Owner\Data aplikací\ERGOM
2010-01-12 22:20:58 ----D---- C:\Program Files\Business Objects
2010-01-12 22:06:58 ----D---- C:\Documents and Settings\Owner\Data aplikací\Chaos Software
2010-01-12 22:06:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Chaos Software
2010-01-12 18:03:23 ----D---- C:\WINDOWS\SQLTools9_KB970892_ENU
2010-01-12 17:57:59 ----D---- C:\WINDOWS\SQL9_KB970892_ENU
2010-01-10 23:57:11 ----D---- C:\Program Files\Microsoft SQL Server
2010-01-10 23:55:06 ----D---- C:\Program Files\MSSQL2005
2010-01-10 23:35:24 ----D---- C:\Program Files\OrgScheduler1p1User
2010-01-10 23:05:05 ----D---- C:\Program Files\Kroll Ontrack
2010-01-10 22:04:19 ----D---- C:\Program Files\PhotoLabCalendarServer
2010-01-10 15:20:28 ----D---- C:\Program Files\Firebird
2010-01-10 15:16:41 ----D---- C:\Documents and Settings\Owner\Data aplikací\Open Source Applications Foundation
2010-01-08 00:07:00 ----RD---- C:\Program Files\Norton Support
2010-01-07 18:51:07 ----D---- C:\Program Files\Kalkulace nové komíny

======List of files/folders modified in the last 1 months======

2010-02-04 00:14:26 ----SHD---- C:\WINDOWS\Installer
2010-02-04 00:14:15 ----D---- C:\Program Files\Nokia
2010-02-04 00:13:44 ----D---- C:\Program Files\Common Files\Nokia
2010-02-04 00:11:08 ----D---- C:\WINDOWS\Temp
2010-02-04 00:07:05 ----D---- C:\WINDOWS\Prefetch
2010-02-04 00:01:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-04 00:00:58 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-03 23:57:54 ----RD---- C:\Program Files
2010-02-03 23:38:26 ----SHD---- C:\RECYCLER
2010-02-03 23:32:24 ----D---- C:\Program Files\Common Files
2010-02-03 23:32:18 ----D---- C:\Program Files\Trillian
2010-02-03 23:15:04 ----D---- C:\Program Files\World of Warcraft
2010-02-03 22:49:12 ----D---- C:\Documents and Settings\Owner\Data aplikací\Skype
2010-02-03 19:40:16 ----D---- C:\Documents and Settings\Owner\Data aplikací\skypePM
2010-02-03 18:40:11 ----D---- C:\WINDOWS\system32\drivers
2010-02-03 15:42:59 ----HD---- C:\WINDOWS\inf
2010-02-03 13:59:03 ----D---- C:\WINDOWS
2010-02-02 16:24:35 ----D---- C:\Program Files\Ableton
2010-02-02 16:24:19 ----D---- C:\WINDOWS\system32
2010-02-01 23:15:28 ----SD---- C:\WINDOWS\Tasks
2010-02-01 18:08:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-01 17:16:11 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-01 17:04:18 ----D---- C:\Program Files\Google
2010-02-01 16:57:20 ----D---- C:\WINDOWS\Minidump
2010-02-01 16:17:17 ----RSD---- C:\WINDOWS\assembly
2010-02-01 16:15:16 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-01 16:11:33 ----D---- C:\Program Files\Network LookOut Administrator Pro
2010-02-01 14:05:30 ----A---- C:\WINDOWS\win.ini
2010-02-01 14:05:10 ----D---- C:\Program Files\iZotope
2010-01-30 00:59:15 ----D---- C:\Program Files\Microsoft ActiveSync
2010-01-30 00:19:10 ----D---- C:\Program Files\PokerStars
2010-01-29 20:05:12 ----D---- C:\WINDOWS\Registration
2010-01-29 15:04:53 ----D---- C:\Program Files\Obálky 4.01
2010-01-29 12:48:15 ----D---- C:\WINDOWS\Microsoft.NET
2010-01-29 12:00:43 ----D---- C:\Program Files\Microsoft.NET
2010-01-29 12:00:43 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-28 21:58:35 ----D---- C:\WINDOWS\Downloaded Installations
2010-01-28 00:48:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-01-23 02:23:25 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-22 15:50:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-22 15:50:44 ----D---- C:\Program Files\Internet Explorer
2010-01-22 15:50:14 ----D---- C:\WINDOWS\ie8updates
2010-01-22 15:49:37 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-16 11:08:30 ----D---- C:\Documents and Settings\Owner\Data aplikací\Adobe
2010-01-14 21:29:29 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2010-01-14 21:04:15 ----D---- C:\WINDOWS\Debug
2010-01-13 20:27:21 ----D---- C:\WINDOWS\AppPatch
2010-01-12 22:21:23 ----D---- C:\WINDOWS\WinSxS
2010-01-10 23:13:24 ----D---- C:\Documents and Settings\Owner\Data aplikací\Secure Data Organizer
2010-01-10 22:41:26 ----D---- C:\WINDOWS\system32\Restore
2010-01-09 23:50:34 ----D---- C:\Documents and Settings\Owner\Data aplikací\IceChat
2010-01-05 12:13:57 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100128.002\IDSxpx86.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS [2009-08-22 308272]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS [2009-08-22 43696]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS [2009-08-22 217136]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2007-11-06 131672]
R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2007-11-06 32080]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\drivers\hcmon.sys []
R2 vmci;VMware vmci; \??\C:\WINDOWS\system32\Drivers\vmci.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2009-10-22 32688]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys []
R2 windrvNT;windrvNT; \??\C:\WINDOWS\system32\windrvNT.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2009-12-31 18816]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM); C:\WINDOWS\system32\DRIVERS\mausb.sys [2008-03-11 143624]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100203.004\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100203.004\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-02-18 6308224]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-10-02 10368]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS [2009-08-22 89904]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS [2009-08-22 33072]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-22 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS [2009-08-22 36400]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2009-10-22 16560]
S3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys [2006-12-08 139776]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
S3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
S3 amqjkw9m;amqjkw9m; C:\WINDOWS\system32\drivers\amqjkw9m.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 176128]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-22 36400]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 V0080Dev;Creative Camera VF0080 Driver; C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2005-05-06 255230]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2006-08-11 200704]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\OrgScheduler1p1Server\SERVER\bin\fbguard.exe [2008-06-13 81920]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-03 20543]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 MSSQLSERVER;SQL Server (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-06-29 131131]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-06-29 65599]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-02-18 163908]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-01-18 67056]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2009-10-22 113200]
R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2009-10-22 334384]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2009-10-22 395824]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2008-10-15 439632]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\OrgScheduler1p1Server\SERVER\bin\fbserver.exe [2008-06-13 2723840]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2009-10-12 191024]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **stell** » 04 úno 2010 11:46

Zdravim

Pripoj Flashky_-Stiahni na plochu UsbFix
-spust>>zvol Jazyk E-[enter]
-stlac -[2][enter]>po skane log vloz sem

dj_blade · #3 Příspěvek od **dj_blade** » 04 úno 2010 12:17

Zdravim....zde je log..po restartu PC se instalator spustil znova nechal jsme ho bezet behem cisteni USBFixem

############################## | UsbFix V6.087 |

User : Owner (Administrators) # DJ-E0981F6CAA1C
Update on 04/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 12:03:57 | 4.2.2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Norton 360 3.0.0.134 [ Enabled | Updated ]
FW : ActiveArmor Firewall[ (!) Disabled ]1.0
FW : Norton 360[ Enabled ]3.0.0.134

A:\ -> Disketová jednotka 3 1/2"
C:\ -> Místní pevný disk # 146,48 Go (73,75 Go free) # NTFS
D:\ -> Disk CD-ROM
E:\ -> Místní pevný disk # 86,39 Go (6,42 Go free) # NTFS
F:\ -> Disk CD-ROM
G:\ -> Vyměnitelný disk # 979,04 Mo (975,4 Mo free) # FAT32

############################## | Active processes |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\Owner\LOCALS~1\Temp\setup.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\OrgScheduler1p1Server\SERVER\bin\fbguard.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\is-MI7K8.tmp\setup.tmp
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\OrgScheduler1p1Server\SERVER\bin\fbserver.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

################## | Files # Infected Folders |

Deleted ! C:\DOCUME~1\Owner\LOCALS~1\Temp\Setup.exe
Deleted ! C:\Recycler\S-1-5-21-6743416189-3684931681-742445948-1371\twain_x86.exe
Deleted ! C:\Recycler\S-1-5-21-6743416189-3684931681-742445948-1371\Desktop.ini
Deleted ! C:\Recycler\S-1-5-21-6743416189-3684931681-742445948-1371
Deleted ! C:\Recycler\S-1-5-21-0458870969-5426345752-181640839-7305
Deleted ! C:\Recycler\S-1-5-21-0953911965-6241347606-419021753-2312
Deleted ! C:\Recycler\S-1-5-21-1183508786-9790140050-547266988-6624
Deleted ! C:\Recycler\S-1-5-21-839522115-179605362-725345543-1003
Deleted ! C:\Recycler\S-1-5-21-9073060975-1678183101-397952747-9581
Deleted ! E:\Recycler\S-1-5-21-839522115-179605362-725345543-1003
G:\autorun.inf -> Called file : "G:\falschyng///ketonneker.exe" ( Found ! )
Not deleted ! G:\falschyng///ketonneker.exe
G:\autorun.inf -> Called file : "G:\.\falschyng/ketonneker.exe" ( Found ! )
Not deleted ! G:\.\falschyng/ketonneker.exe
Deleted ! G:\autorun.inf

################## | Registry |

################## | Mountpoints2 |

Deleted ! HKCU\...\Explorer\MountPoints2\{0136c9d6-60f7-11de-8767-0018f3d54846}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{57797006-5acf-11de-8760-0018f3d54846}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{59fab0c7-7f7b-11de-876f-0018f3d54846}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{aaf1f5f2-5f18-11de-8763-0018f3d54846}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{ba082a0a-2207-11de-8744-0018f3d54846}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{dda50dab-1a43-11de-b005-806d6172696f}\Shell\AutoRun\Command

################## | Listing of the present files |

[26.03.2009 21:40|--ah-----|0] C:\AUTOEXEC.BAT
[26.03.2009 21:31|---hs----|211] C:\boot.ini
[02.03.2006 13:00|-rahs----|4952] C:\Bootfont.bin
[26.03.2009 21:40|--ah-----|0] C:\CONFIG.SYS
[21.06.2009 21:07|--a------|152] C:\hook.log
[26.03.2009 21:40|-rahs----|0] C:\IO.SYS
[17.04.2009 16:18|--a------|66] C:\ioY.ini
[26.03.2009 21:40|-rahs----|0] C:\MSDOS.SYS
[02.03.2006 13:00|-rahs----|47564] C:\NTDETECT.COM
[27.03.2009 15:06|-rahs----|250576] C:\ntldr
[?|?|?] C:\pagefile.sys
[04.02.2010 12:15|--a------|5293] C:\UsbFix.txt
[18.05.2009 11:08|--a------|1033216] E:\backup kontakty.pst
[17.08.2009 19:07|--a------|218] E:\index.htm
[04.02.2010 01:16|---h-----|148400] E:\treeinfo.wc

################## | Vaccination |

# C:\autorun.inf -> Folder created by UsbFix.
# E:\autorun.inf -> Folder created by UsbFix.
# G:\autorun.inf -> Folder created by UsbFix.

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_DJ-E0981F6CAA1C.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .

################## | ! End of report # UsbFix V6.087 ! |

#4 Příspěvek od **stell** » 04 úno 2010 12:26

system volume information/restore (Obnova systému):
1. Je potřeba vypnout nástroj obnova systému - Ovládací panely>systém>obnovení systému>vypnout nástroj obnovení systému>OK nebo použít a nyní jen restartovat PC
2. Po restartu je tento adresář kompletně smazán, obnovu opět zapnout.

3:

Stáhni, nainstaluj program CCleaner - http://www.ccleaner.com/download/downloadpage.aspx?f=2
- PravyKlik na kos-spustit ccleaner ->>>Cakas>>na cistenie,,
PravyKlik na kos-otvorit ccleaner-záložka Windows a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na záložku Aplikace a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na Registry, stiskni Hledej problémy, po dokončení skenování klikni na Opravit vybrané problémy,
-zvol Ano pro vytvoření zálohy, ulož nabídnutý soubor a klikni na Opravit všechny problémy,

4:

Stiahnes na plochu TFC
zatvor vsetko co mas otvorene a spust-po skane restart

5:Znova spustis USBFIX
6:

http://download.bleepingcomputer.com/ma ... -setup.exe
Stiahnes>>Malwarebytes' Anti-Malware
sprav komplet skan,,log vloz sem,

dj_blade · #5 Příspěvek od **dj_blade** » 04 úno 2010 18:40

Zde log z USBfixu a Malwarebytes' Anti-Malware

USBfix

############################## | UsbFix V6.087 |

User : Owner (Administrators) # DJ-E0981F6CAA1C
Update on 04/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 13:11:04 | 4.2.2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Norton 360 3.0.0.134 [ Enabled | Updated ]
FW : ActiveArmor Firewall[ (!) Disabled ]1.0
FW : Norton 360[ Enabled ]3.0.0.134

A:\ -> Disketová jednotka 3 1/2"
C:\ -> Místní pevný disk # 146,48 Go (79,34 Go free) # NTFS
D:\ -> Disk CD-ROM
E:\ -> Místní pevný disk # 86,39 Go (10,89 Go free) # NTFS
F:\ -> Disk CD-ROM
G:\ -> Vyměnitelný disk # 979,04 Mo (975,4 Mo free) # FAT32

############################## | Active processes |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\OrgScheduler1p1Server\SERVER\bin\fbguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\OrgScheduler1p1Server\SERVER\bin\fbserver.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Files # Infected Folders |

Deleted ! C:\Recycler\S-1-5-21-839522115-179605362-725345543-1003
Deleted ! E:\Recycler\S-1-5-21-839522115-179605362-725345543-1003

################## | Registry |

################## | Mountpoints2 |

################## | Listing of the present files |

[26.03.2009 21:40|--ah-----|0] C:\AUTOEXEC.BAT
[26.03.2009 21:31|---hs----|211] C:\boot.ini
[02.03.2006 13:00|-rahs----|4952] C:\Bootfont.bin
[26.03.2009 21:40|--ah-----|0] C:\CONFIG.SYS
[21.06.2009 21:07|--a------|152] C:\hook.log
[26.03.2009 21:40|-rahs----|0] C:\IO.SYS
[17.04.2009 16:18|--a------|66] C:\ioY.ini
[26.03.2009 21:40|-rahs----|0] C:\MSDOS.SYS
[02.03.2006 13:00|-rahs----|47564] C:\NTDETECT.COM
[27.03.2009 15:06|-rahs----|250576] C:\ntldr
[?|?|?] C:\pagefile.sys
[04.02.2010 13:20|--a------|3725] C:\UsbFix.txt
[04.02.2010 12:15|--a------|7303573] C:\UsbFix_Upload_Me_DJ-E0981F6CAA1C.zip
[18.05.2009 11:08|--a------|1033216] E:\backup kontakty.pst
[17.08.2009 19:07|--a------|218] E:\index.htm
[04.02.2010 01:16|---h-----|148400] E:\treeinfo.wc

################## | Vaccination |

# C:\autorun.inf -> Folder created by UsbFix.
# E:\autorun.inf -> Folder created by UsbFix.
# G:\autorun.inf -> Folder created by UsbFix.

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_DJ-E0981F6CAA1C.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .

################## | ! End of report # UsbFix V6.087 ! |

Malwarebytes' Anti-Malware - Odstranil jsem co nasel

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3687
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4.2.2010 18:39:05
mbam-log-2010-02-04 (18-39-05).txt

Typ kontroly: Kompletní kontrola (C:\|E:\|)
Zkontrolované objekty: 247257
Uplynulý čas: 1 hour(s), 45 minute(s), 30 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-6743416189-3684931681-742445948-1371\twain_x86.exe.UsbFix (Worm.Autorun.B) -> Quarantined and deleted successfully.
E:\Install\Omnia\Hry\H\Hry\Resco.Brain.Games.v2.02.XScale.WM2003.WM5.WM6.Incl.Keygen\Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

#6 Příspěvek od **stell** » 04 úno 2010 19:08

PROSIM CITAJTE POZORNE NAVODY!!!,

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte>>
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Suhlasit instalacio Konzoly pre zotavenie (Recovery console)

- ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;

A este raz >ANO<

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna

- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.

dj_blade · #7 Příspěvek od **dj_blade** » 04 úno 2010 20:17

LOG Z COMBOFixu

ComboFix 10-02-03.08 - Owner 04.02.2010 20:06:20.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3070.2545 [GMT 1:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FlashGet Network
c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\windows\EventSystem.log
c:\windows\system32\win32.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-04 do 2010-02-04 )))))))))))))))))))))))))))))))
.

2010-02-04 12:06 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-04 12:06 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-04 12:06 . 2010-02-04 12:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-04 11:15 . 2010-02-04 12:20 7303162 ----a-w- C:\UsbFix_Upload_Me_DJ-E0981F6CAA1C.zip
2010-02-04 10:59 . 2010-02-04 12:20 -------- d-----w- C:\UsbFix
2010-02-03 22:57 . 2010-02-03 23:26 -------- d-----w- c:\program files\trend micro
2010-02-03 22:57 . 2010-02-03 22:58 -------- d-----w- C:\rsit
2010-02-03 18:17 . 2010-02-03 18:18 -------- d-----w- c:\program files\FlashBoot
2010-02-03 17:39 . 2010-02-04 11:02 -------- d-----w- c:\program files\Compaq
2010-02-02 19:48 . 2010-02-02 19:48 -------- d-----w- c:\program files\7-Zip
2010-02-02 15:15 . 2010-02-02 15:15 -------- d-----w- c:\program files\Lavalys
2010-02-01 22:15 . 2010-02-01 22:15 -------- d-----w- c:\program files\Ask.com
2010-02-01 21:06 . 2010-02-03 22:39 -------- d-----w- c:\program files\MagicISO
2010-02-01 17:10 . 2009-10-21 23:13 59952 ----a-r- c:\windows\system32\vnetinst.dll
2010-02-01 17:10 . 2009-10-21 23:13 16560 ----a-r- c:\windows\system32\drivers\vmnetadapter.sys
2010-02-01 17:10 . 2009-10-22 03:59 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-02-01 17:10 . 2009-10-22 04:00 395824 ----a-w- c:\windows\system32\vmnat.exe
2010-02-01 17:10 . 2009-10-22 04:00 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-02-01 17:10 . 2009-10-21 23:13 18736 ----a-r- c:\windows\system32\drivers\vmnet.sys
2010-02-01 17:10 . 2009-10-22 04:00 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-02-01 17:09 . 2009-10-22 04:00 23216 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-02-01 17:06 . 2010-02-01 17:06 -------- d-----w- c:\program files\Common Files\VMware
2010-02-01 17:00 . 2010-02-01 17:00 -------- d-----w- c:\program files\VMware
2010-01-29 17:32 . 2010-01-29 17:53 -------- d-----w- c:\program files\OrgScheduler1p1Server
2010-01-29 11:15 . 2010-01-29 11:15 -------- d-----w- c:\program files\CRMfree
2010-01-29 10:55 . 2010-01-29 10:55 -------- d-----w- c:\program files\MSXML 6.0
2010-01-26 19:16 . 2010-02-01 17:44 -------- d-----w- C:\INSTALL
2010-01-17 22:22 . 2010-01-17 22:28 -------- d-----w- c:\program files\Yahoo!
2010-01-17 15:45 . 2010-01-17 15:45 0 ----a-w- c:\windows\nsreg.dat
2010-01-13 10:23 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-13 00:24 . 2010-01-13 00:45 -------- d-----w- C:\TRANSLAT
2010-01-12 21:20 . 2010-01-12 21:20 -------- d-----w- c:\program files\Business Objects
2010-01-12 17:03 . 2010-01-12 17:03 -------- d-----w- c:\windows\SQLTools9_KB970892_ENU
2010-01-12 16:57 . 2010-01-12 16:58 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2010-01-10 22:57 . 2010-01-29 11:33 -------- d-----w- c:\program files\Microsoft SQL Server
2010-01-10 22:55 . 2010-01-30 19:03 -------- d-----w- c:\program files\MSSQL2005
2010-01-10 22:35 . 2010-01-29 17:52 -------- d-----w- c:\program files\OrgScheduler1p1User
2010-01-10 22:05 . 2010-02-01 16:16 -------- d-----w- c:\program files\Kroll Ontrack
2010-01-10 21:04 . 2010-01-14 20:23 -------- d-----w- c:\program files\PhotoLabCalendarServer
2010-01-10 14:20 . 2010-01-10 14:20 -------- d-----w- c:\program files\Firebird
2010-01-07 23:07 . 2010-01-07 23:07 -------- d-----r- c:\program files\Norton Support
2010-01-07 17:51 . 2010-01-10 21:37 -------- d-----w- c:\program files\Kalkulace nové komíny

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 19:10 . 2009-03-29 12:16 -------- d-----w- c:\program files\pdfforge Toolbar
2010-02-03 23:14 . 2009-09-11 14:12 -------- d-----w- c:\program files\Nokia
2010-02-03 23:13 . 2009-09-11 14:28 -------- d-----w- c:\program files\Common Files\Nokia
2010-02-03 22:32 . 2009-04-21 20:33 -------- d-----w- c:\program files\Trillian
2010-02-03 22:15 . 2009-03-27 15:23 -------- d-----w- c:\program files\World of Warcraft
2010-02-02 15:24 . 2009-04-09 10:52 -------- d-----w- c:\program files\Ableton
2010-02-01 17:08 . 2006-03-02 12:00 97472 ----a-w- c:\windows\system32\perfc005.dat
2010-02-01 17:08 . 2006-03-02 12:00 481390 ----a-w- c:\windows\system32\perfh005.dat
2010-02-01 16:16 . 2009-03-26 23:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-01 16:04 . 2009-08-31 11:13 -------- d-----w- c:\program files\Google
2010-02-01 15:15 . 2009-03-30 20:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-01 15:11 . 2009-06-08 14:24 -------- d-----w- c:\program files\Network LookOut Administrator Pro
2010-02-01 13:05 . 2009-12-08 10:35 -------- d-----w- c:\program files\iZotope
2010-01-29 23:59 . 2009-04-01 16:59 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-29 23:19 . 2009-06-11 21:01 -------- d-----w- c:\program files\PokerStars
2010-01-29 14:04 . 2009-08-26 11:48 -------- d-----w- c:\program files\Obálky 4.01
2010-01-29 11:00 . 2009-03-30 18:06 -------- d-----w- c:\program files\Microsoft.NET
2010-01-23 01:23 . 2009-10-05 08:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-04 22:37 . 2009-12-06 13:34 -------- d-----w- c:\program files\IceChat7
2010-01-04 15:55 . 2010-01-04 15:55 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-04 15:47 . 2009-03-30 17:40 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-02 14:33 . 2010-01-02 14:33 -------- d-----w- c:\program files\Jeyo
2010-01-02 14:25 . 2010-01-02 12:52 -------- d-----w- c:\program files\MOBILedit!
2010-01-01 18:53 . 2010-01-01 18:53 -------- d-----w- c:\program files\RealVNC
2009-12-31 21:18 . 2009-12-31 21:18 -------- d-----w- c:\program files\DVD Shrink
2009-12-31 21:18 . 2009-12-31 21:18 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2009-12-31 21:18 . 2009-12-31 21:18 -------- d-----w- c:\program files\dvd43
2009-12-21 19:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 18:05 . 2009-12-18 18:05 -------- d-----w- c:\program files\CCleaner
2009-12-14 16:48 . 2009-12-14 16:48 -------- d-----w- c:\program files\Edisk
2009-12-12 19:39 . 2009-12-12 19:38 -------- d-----w- c:\program files\Ahead
2009-12-12 19:38 . 2009-12-12 19:38 -------- d-----w- c:\program files\Common Files\Ahead
2009-12-10 14:07 . 2009-12-10 14:07 -------- d-----w- c:\program files\Common Files\PCSuite
2009-12-10 14:00 . 2009-12-10 14:00 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-08 15:54 . 2009-12-08 15:54 -------- d-----w- c:\program files\Spectrasonic
2009-12-08 12:46 . 2009-12-08 12:18 -------- d-----w- c:\program files\Spectrasonics
2009-12-08 10:35 . 2009-12-08 10:35 -------- d-----w- c:\program files\Steinberg
2009-12-08 10:35 . 2009-12-08 10:35 -------- d-----w- c:\program files\Common Files\Digidesign
2009-12-08 09:38 . 2009-10-19 12:42 -------- d-----w- c:\program files\REAPER
2009-11-24 11:52 . 2009-11-24 11:52 8 ----a-w- c:\windows\system32\nvModes.dat
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-01-30 13:12 650752 ----a-w- c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 16:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-01-30 650752]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2010-01-13 26624]
"c:\documents and settings\Owner\Data aplikací\Sprinx Systems\SprinxCRM 6.1.3.2\install.exe"="c:\documents and settings\Owner\Data aplikací\Sprinx Systems\SprinxCRM 6.1.3.2\install.exe" [2009-12-10 304040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"nwiz"="nwiz.exe" [2009-02-18 1657376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-01-30 992256]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2008-05-15 356864]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2009-10-22 129584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Owner\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secure Data Organizer.lnk - c:\documents and settings\Owner\Data aplikacˇ\Microsoft\Installer\{7A5AAE9B-8633-4446-8118-49218CB7D62F}\_68985996F6EA3E4BBEFEFE.exe [2009-3-27 411494]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-29 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [22.6.2009 13:25 39472]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2.2.2010 8:50 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2.2.2010 8:50 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2.2.2010 8:50 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSXpx86.sys [30.1.2010 1:46 329592]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2.2.2010 8:50 117640]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [22.10.2009 5:00 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [22.10.2009 3:47 563760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4.9.2009 21:40 102448]
R3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);c:\windows\system32\drivers\mausb.sys [9.4.2009 9:53 143624]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.3.2009 18:40 717296]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\OrgScheduler1p1Server\SERVER\bin\fbguard.exe [29.1.2010 18:33 81920]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\OrgScheduler1p1Server\SERVER\bin\fbserver.exe [29.1.2010 18:33 2723840]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [27.3.2009 13:36 176128]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 16:29]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ctivex.cab
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\3bg9lkg6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\pdfforge Toolbar\SearchSettings.dll
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\pdfforge Toolbar\SearchSettings.dll
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Owner\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 20:11
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

C:\sccfg.sys 350 bytes

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-839522115-179605362-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91EF5BE2-9C6F-C30C-F28F-35C526960B4D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaihllkpnghaailaji"=hex:6a,61,6a,6b,68,6d,63,61,63,6b,6f,67,66,62,6b,67,64,6b,
64,6b,00,01
"haohofflbkmhbnhb"=hex:6a,61,6a,6b,68,6d,63,61,63,6b,6f,67,66,62,6b,67,64,6b,
64,6b,00,ef
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1464)
c:\windows\system32\nvappfilter.dll
.
Celkový čas: 2010-02-04 20:14:35
ComboFix-quarantined-files.txt 2010-02-04 19:14

Před spuštěním: Volných bajtů: 85 016 662 016
Po spuštění: Volných bajtů: 84 974 292 992

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F697BF36E00846B6AB8D72F7CBF36C6E

#8 Příspěvek od **stell** » 04 úno 2010 20:35

tieto poznas??
ak nie otestovat na Virustotal
Sprinx Systems\SprinxCRM 6.1.3.2
M-AudioTaskBarIcon.exe

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
SecCenter::
{EDC10449-64D1-46c7-A59A-EC20D662F26D}
Folder::
c:\program files\pdfforge Toolbar
c:\program files\Ask.com
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"=- 
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=- 
[-HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[--HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"SearchSettings"=-
"QuickTime Task"=-
File::
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
RegNull::
[HKEY_USERS\S-1-5-21-839522115-179605362-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91EF5BE2-9C6F-C30C-F28F-35C526960B4D}*]

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

dj_blade · #9 Příspěvek od **dj_blade** » 04 úno 2010 21:16

M-AUDIO je moje zvukova karta.....takze to je ok...a SPRINX je CRM system..ale je uz dvno odinstalovanej....ale vir to neni..Ted jdu na ten CF.

#10 Příspěvek od **stell** » 04 úno 2010 21:25

no dobre ale sprinx este stale bezi v startupe
"c:\documents and settings\Owner\Data aplikací\Sprinx Systems\SprinxCRM 6.1.3.2\install.exe"="c:\documents and settings\Owner\Data aplikací\Sprinx Systems\SprinxCRM 6.1.3.2\install.exe" [

dj_blade · #11 Příspěvek od **dj_blade** » 04 úno 2010 21:45

juknu na nej zda nepujde maznout rucne.... zde je log z CF

ComboFix 10-02-03.08 - Owner 04.02.2010 21:23:58.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3070.2640 [GMT 1:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Owner\Plocha\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\pdfforge Toolbar
c:\program files\pdfforge Toolbar\config.ini
c:\program files\pdfforge Toolbar\Res\icon_settings.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\Res\pdfc_icon.gif
c:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\Res\search-button-hover.gif
c:\program files\pdfforge Toolbar\Res\search-button.gif
c:\program files\pdfforge Toolbar\Res\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\Res\search-chevron.gif
c:\program files\pdfforge Toolbar\Res\search_amazon.gif
c:\program files\pdfforge Toolbar\Res\search_ebay.gif
c:\program files\pdfforge Toolbar\Res\search_yahoo.gif
c:\program files\pdfforge Toolbar\Res\separator.gif
c:\program files\pdfforge Toolbar\Res\widgets.xml
c:\program files\pdfforge Toolbar\SearchSettings.exe
c:\program files\pdfforge Toolbar\SearchSettingsRes409.dll
c:\program files\pdfforge Toolbar\sscfg.ini
c:\program files\pdfforge Toolbar\WidgiHelper.exe
c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-04 do 2010-02-04 )))))))))))))))))))))))))))))))
.

2010-02-04 12:06 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-04 12:06 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-04 12:06 . 2010-02-04 12:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-04 11:15 . 2010-02-04 12:20 7303162 ----a-w- C:\UsbFix_Upload_Me_DJ-E0981F6CAA1C.zip
2010-02-04 10:59 . 2010-02-04 12:20 -------- d-----w- C:\UsbFix
2010-02-03 22:57 . 2010-02-03 23:26 -------- d-----w- c:\program files\trend micro
2010-02-03 22:57 . 2010-02-03 22:58 -------- d-----w- C:\rsit
2010-02-03 18:17 . 2010-02-03 18:18 -------- d-----w- c:\program files\FlashBoot
2010-02-03 17:39 . 2010-02-04 11:02 -------- d-----w- c:\program files\Compaq
2010-02-02 19:48 . 2010-02-02 19:48 -------- d-----w- c:\program files\7-Zip
2010-02-02 15:15 . 2010-02-02 15:15 -------- d-----w- c:\program files\Lavalys
2010-02-01 21:06 . 2010-02-03 22:39 -------- d-----w- c:\program files\MagicISO
2010-02-01 17:10 . 2009-10-21 23:13 59952 ----a-r- c:\windows\system32\vnetinst.dll
2010-02-01 17:10 . 2009-10-21 23:13 16560 ----a-r- c:\windows\system32\drivers\vmnetadapter.sys
2010-02-01 17:10 . 2009-10-22 03:59 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-02-01 17:10 . 2009-10-22 04:00 395824 ----a-w- c:\windows\system32\vmnat.exe
2010-02-01 17:10 . 2009-10-22 04:00 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-02-01 17:10 . 2009-10-21 23:13 18736 ----a-r- c:\windows\system32\drivers\vmnet.sys
2010-02-01 17:10 . 2009-10-22 04:00 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-02-01 17:09 . 2009-10-22 04:00 23216 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-02-01 17:06 . 2010-02-01 17:06 -------- d-----w- c:\program files\Common Files\VMware
2010-02-01 17:00 . 2010-02-01 17:00 -------- d-----w- c:\program files\VMware
2010-01-29 17:32 . 2010-01-29 17:53 -------- d-----w- c:\program files\OrgScheduler1p1Server
2010-01-29 11:15 . 2010-01-29 11:15 -------- d-----w- c:\program files\CRMfree
2010-01-29 10:55 . 2010-01-29 10:55 -------- d-----w- c:\program files\MSXML 6.0
2010-01-26 19:16 . 2010-02-01 17:44 -------- d-----w- C:\INSTALL
2010-01-17 22:22 . 2010-01-17 22:28 -------- d-----w- c:\program files\Yahoo!
2010-01-17 15:45 . 2010-01-17 15:45 0 ----a-w- c:\windows\nsreg.dat
2010-01-13 10:23 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-13 00:24 . 2010-01-13 00:45 -------- d-----w- C:\TRANSLAT
2010-01-12 21:20 . 2010-01-12 21:20 -------- d-----w- c:\program files\Business Objects
2010-01-12 17:03 . 2010-01-12 17:03 -------- d-----w- c:\windows\SQLTools9_KB970892_ENU
2010-01-12 16:57 . 2010-01-12 16:58 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2010-01-10 22:57 . 2010-01-29 11:33 -------- d-----w- c:\program files\Microsoft SQL Server
2010-01-10 22:55 . 2010-01-30 19:03 -------- d-----w- c:\program files\MSSQL2005
2010-01-10 22:35 . 2010-01-29 17:52 -------- d-----w- c:\program files\OrgScheduler1p1User
2010-01-10 22:05 . 2010-02-01 16:16 -------- d-----w- c:\program files\Kroll Ontrack
2010-01-10 21:04 . 2010-01-14 20:23 -------- d-----w- c:\program files\PhotoLabCalendarServer
2010-01-10 14:20 . 2010-01-10 14:20 -------- d-----w- c:\program files\Firebird
2010-01-07 23:07 . 2010-01-07 23:07 -------- d-----r- c:\program files\Norton Support
2010-01-07 17:51 . 2010-01-10 21:37 -------- d-----w- c:\program files\Kalkulace nové komíny

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 23:14 . 2009-09-11 14:12 -------- d-----w- c:\program files\Nokia
2010-02-03 23:13 . 2009-09-11 14:28 -------- d-----w- c:\program files\Common Files\Nokia
2010-02-03 22:32 . 2009-04-21 20:33 -------- d-----w- c:\program files\Trillian
2010-02-03 22:15 . 2009-03-27 15:23 -------- d-----w- c:\program files\World of Warcraft
2010-02-02 15:24 . 2009-04-09 10:52 -------- d-----w- c:\program files\Ableton
2010-02-01 17:08 . 2006-03-02 12:00 97472 ----a-w- c:\windows\system32\perfc005.dat
2010-02-01 17:08 . 2006-03-02 12:00 481390 ----a-w- c:\windows\system32\perfh005.dat
2010-02-01 16:16 . 2009-03-26 23:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-01 16:04 . 2009-08-31 11:13 -------- d-----w- c:\program files\Google
2010-02-01 15:15 . 2009-03-30 20:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-01 15:11 . 2009-06-08 14:24 -------- d-----w- c:\program files\Network LookOut Administrator Pro
2010-02-01 13:05 . 2009-12-08 10:35 -------- d-----w- c:\program files\iZotope
2010-01-29 23:59 . 2009-04-01 16:59 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-29 23:19 . 2009-06-11 21:01 -------- d-----w- c:\program files\PokerStars
2010-01-29 14:04 . 2009-08-26 11:48 -------- d-----w- c:\program files\Obálky 4.01
2010-01-29 11:00 . 2009-03-30 18:06 -------- d-----w- c:\program files\Microsoft.NET
2010-01-23 01:23 . 2009-10-05 08:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-04 22:37 . 2009-12-06 13:34 -------- d-----w- c:\program files\IceChat7
2010-01-04 15:55 . 2010-01-04 15:55 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-04 15:47 . 2009-03-30 17:40 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-02 14:33 . 2010-01-02 14:33 -------- d-----w- c:\program files\Jeyo
2010-01-02 14:25 . 2010-01-02 12:52 -------- d-----w- c:\program files\MOBILedit!
2010-01-01 18:53 . 2010-01-01 18:53 -------- d-----w- c:\program files\RealVNC
2009-12-31 21:18 . 2009-12-31 21:18 -------- d-----w- c:\program files\DVD Shrink
2009-12-31 21:18 . 2009-12-31 21:18 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2009-12-31 21:18 . 2009-12-31 21:18 -------- d-----w- c:\program files\dvd43
2009-12-21 19:08 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-18 18:05 . 2009-12-18 18:05 -------- d-----w- c:\program files\CCleaner
2009-12-14 16:48 . 2009-12-14 16:48 -------- d-----w- c:\program files\Edisk
2009-12-12 19:39 . 2009-12-12 19:38 -------- d-----w- c:\program files\Ahead
2009-12-12 19:38 . 2009-12-12 19:38 -------- d-----w- c:\program files\Common Files\Ahead
2009-12-10 14:07 . 2009-12-10 14:07 -------- d-----w- c:\program files\Common Files\PCSuite
2009-12-10 14:00 . 2009-12-10 14:00 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-08 15:54 . 2009-12-08 15:54 -------- d-----w- c:\program files\Spectrasonic
2009-12-08 12:46 . 2009-12-08 12:18 -------- d-----w- c:\program files\Spectrasonics
2009-12-08 10:35 . 2009-12-08 10:35 -------- d-----w- c:\program files\Steinberg
2009-12-08 10:35 . 2009-12-08 10:35 -------- d-----w- c:\program files\Common Files\Digidesign
2009-12-08 09:38 . 2009-10-19 12:42 -------- d-----w- c:\program files\REAPER
2009-11-24 11:52 . 2009-11-24 11:52 8 ----a-w- c:\windows\system32\nvModes.dat
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2010-01-13 26624]
"c:\documents and settings\Owner\Data aplikací\Sprinx Systems\SprinxCRM 6.1.3.2\install.exe"="c:\documents and settings\Owner\Data aplikací\Sprinx Systems\SprinxCRM 6.1.3.2\install.exe" [2009-12-10 304040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"nwiz"="nwiz.exe" [2009-02-18 1657376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2008-05-15 356864]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2009-10-22 129584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Owner\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secure Data Organizer.lnk - c:\documents and settings\Owner\Data aplikacˇ\Microsoft\Installer\{7A5AAE9B-8633-4446-8118-49218CB7D62F}\_68985996F6EA3E4BBEFEFE.exe [2009-3-27 411494]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-29 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [22.6.2009 13:25 39472]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.3.2009 18:40 717296]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2.2.2010 8:50 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2.2.2010 8:50 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2.2.2010 8:50 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSXpx86.sys [30.1.2010 1:46 329592]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\OrgScheduler1p1Server\SERVER\bin\fbguard.exe [29.1.2010 18:33 81920]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2.2.2010 8:50 117640]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [22.10.2009 5:00 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [22.10.2009 3:47 563760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4.9.2009 21:40 102448]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\OrgScheduler1p1Server\SERVER\bin\fbserver.exe [29.1.2010 18:33 2723840]
R3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);c:\windows\system32\drivers\mausb.sys [9.4.2009 9:53 143624]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [27.3.2009 13:36 176128]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ctivex.cab
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\3bg9lkg6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 21:35
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AC511F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e67cb8
\Driver\atapi -> atapi.sys @ 0xb9e22b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce 10/100/1000 Mbps Ethernet -> SendCompleteHandler -> NDIS.sys @ 0xb9c7abb0
PacketIndicateHandler -> NDIS.sys @ 0xb9c87a21
SendHandler -> NDIS.sys @ 0xb9c6587b
user & kernel MBR OK
copy of MBR has been found in sector 62 !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1484)
c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(3764)
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\vmnat.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Secure Data Organizer\SecureDataOrganizer.exe
.
**************************************************************************
.
Celkový čas: 2010-02-04 21:43:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-04 20:43
ComboFix2.txt 2010-02-04 19:14

Před spuštěním: Volných bajtů: 84 988 776 448
Po spuštění: Volných bajtů: 85 011 255 296

- - End Of File - - 3E84E01DA06823BD1BBCAB937B51D2AA

#12 Příspěvek od **stell** » 04 úno 2010 21:53

hm,mas nieco v sectore 62,
spust G-Mer

stiahnes specialnu verziu G-Mer
Special
uloz na plochu >>
Odpojiť sa od internetu a zatvor všetky otvorené programy,
Dočasne zakázať akékoľvek real-time aktívnej ochrany,
a spust>.prebehne kratky skan,,,
ak dostanes hlasku rootkit activity and asks if you want to run scan>>kliknes NO<<
a nastavis to takto

>> kliknes scan,<<
na konci skanu >>SAVE<< nazov das mojlog.txt>>uloz na plochu a log vloz sem,,

Ak nedostanes ziadnu hlasku,,,nechas vsetko zafajknute a kliknes SCAN->>>>po skane >>SAVE<<log vloz sem,

dj_blade · #13 Příspěvek od **dj_blade** » 04 úno 2010 23:45

Ty jo masakr....porad jeste jede ten Gmer........log bude asi az zitra rano.....

dj_blade · #14 Příspěvek od **dj_blade** » 05 úno 2010 14:19

Tak gmer mi někdy k ránu zkolaboval.....takže ted ho musim pustit znovu nepodarilo se mi zalozit log.....

#15 Příspěvek od **stell** » 05 úno 2010 16:05

hm,skus este raz ak nepojde vymyslime nieco ine,

VIRY.CZ

Prosim o kontrol logu...autorun.inf a ketonneker.exe

Prosim o kontrol logu...autorun.inf a ketonneker.exe

Re: Prosim o kontrol logu...autorun.inf a ketonneker.exe

Re: Prosim o kontrol logu...autorun.inf a ketonneker.exe

Re: Prosim o kontrol logu...autorun.inf a ketonneker.exe

Re: Prosim o kontrol logu...autorun.inf a ketonneker.exe

Re: Prosim o kontrol logu...autorun.inf a ketonneker.exe

Re: Prosim o kontrol logu...autorun.inf a ketonneker.exe

Re: Prosim o kontrol logu...autorun.inf a ketonneker.exe

Re: Prosim o kontrol logu...autorun.inf a ketonneker.exe

Re: Prosim o kontrol logu...autorun.inf a ketonneker.exe

Re: Prosim o kontrol logu...autorun.inf a ketonneker.exe

Re: Prosim o kontrol logu...autorun.inf a ketonneker.exe

Re: Prosim o kontrol logu...autorun.inf a ketonneker.exe

Re: Prosim o kontrol logu...autorun.inf a ketonneker.exe

Re: Prosim o kontrol logu...autorun.inf a ketonneker.exe