už dlhšiu dobu mi blbne komp tak či náhodou...tým blbnutím mam namysli že je pomaly, hlavne internetove prehliadače nenormalne sekajú...tak budem vďačný ak pomôžete
tak tue log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:44:00, on 6. 2. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\ICQ6Toolbar\ICQ Service.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Winamp\winampa.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
D:\Program Files\CCleaner\CCleaner.exe
D:\WINDOWS\system32\dwwin.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2077543
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... &gc=1&q=%s
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - D:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - D:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - D:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - D:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [C-Media Mixer] D:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Search - D:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ASKUpgrade - Unknown owner - D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - D:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8061 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
kontrola logu...vopred dakujem
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
meteorolog
- Vzorný návštěvník
- Příspěvky: 308
- Registrován: 07 led 2007 15:20
- Bydliště: Pardubice
Re: kontrola logu...vopred dakujem
Dobrý den 
vložte sem log z RSIT
vložte sem log z RSIT
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
Re: kontrola logu...vopred dakujem
tak tu je:
Logfile of random's system information tool 1.06 (written by random/random)
Run by flash at 2010-02-07 12:19:35
Systém Microsoft Windows XP Professional Service Pack 2
System drive D: has 1 GB (11%) free of 10 GB
Total RAM: 1023 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:46, on 7. 2. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\ICQ6Toolbar\ICQ Service.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Winamp\winampa.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\DAEMON Tools Lite\DTLite.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
D:\Documents and Settings\flash\Desktop\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\flash.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2077543
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... &gc=1&q=%s
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - D:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - D:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - D:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - D:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [C-Media Mixer] D:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Search - D:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ASKUpgrade - Unknown owner - D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - D:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8158 bytes
======Scheduled tasks folder======
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1177238915-839522115-1006Core.job
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1177238915-839522115-1006UA.job
D:\WINDOWS\tasks\WGASetup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - D:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - D:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - D:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-08-07 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - D:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-04 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-08-07 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-08-07 259696]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - D:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"=D:\Program Files\PCI Audio Applications\Bin\AudioRack.exe [2001-05-09 225280]
"StartCCC"=D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-06-25 98304]
"nod32kui"=D:\Program Files\Eset\nod32kui.exe [2009-08-07 949376]
"WinampAgent"=D:\Program Files\Winamp\winampa.exe [2007-10-10 36352]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-08-07 39408]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-08-11 1124352]
"ICQ"=D:\Program Files\ICQ7.0\ICQ.exe [2010-01-12 133368]
"DAEMON Tools Lite"=D:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"Skype"=D:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Winamp Remote\bin\Orb.exe"="D:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"D:\Program Files\Winamp Remote\bin\OrbTray.exe"="D:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"D:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="D:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\ICQ7.0\ICQ.exe"="D:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"D:\Program Files\ICQ7.0\aolload.exe"="D:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"D:\Program Files\Skype\Plugin Manager\skypePM.exe"="D:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\ICQ7.0\ICQ.exe"="D:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"D:\Program Files\ICQ7.0\aolload.exe"="D:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af6e385e-8710-11de-a167-000d87349caa}]
shell\AutoRun\command - G:\autorun.exe
shell\setup\command - G:\autorun.exe
======File associations======
.reg - open - "regedit.exe" "%1"
======List of files/folders created in the last 1 months======
2010-02-07 12:19:34 ----D---- D:\rsit
2010-02-07 12:16:10 ----D---- D:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2010-02-07 12:16:10 ----D---- D:\Documents and Settings\All Users\Application Data\ATI
2010-02-06 22:43:45 ----D---- D:\Program Files\Trend Micro
2010-02-05 20:05:10 ----D---- D:\Documents and Settings\flash\Application Data\skypePM
2010-02-05 20:02:42 ----D---- D:\Documents and Settings\flash\Application Data\Skype
2010-02-05 19:59:51 ----D---- D:\Program Files\Common Files\Skype
2010-02-05 19:59:41 ----RD---- D:\Program Files\Skype
2010-02-05 19:59:33 ----D---- D:\Documents and Settings\All Users\Application Data\Skype
2010-02-02 19:51:03 ----D---- D:\Documents and Settings\flash\Application Data\Nero
2010-02-02 17:08:48 ----D---- D:\Program Files\ICQ7.0
2010-02-01 17:57:00 ----D---- D:\Documents and Settings\flash\Application Data\BSplayer PRO
2010-02-01 14:16:46 ----D---- D:\Documents and Settings\flash\Application Data\DAEMON Tools Lite
2010-02-01 14:11:53 ----D---- D:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-02-01 13:58:29 ----D---- D:\Documents and Settings\flash\Application Data\Adobe
2010-02-01 13:57:12 ----D---- D:\Documents and Settings\flash\Application Data\ATI
2010-02-01 13:56:53 ----D---- D:\Documents and Settings\All Users\Application Data\PC Suite
2010-02-01 13:56:30 ----D---- D:\Documents and Settings\All Users\Application Data\Microsoft
2010-01-25 21:26:45 ----D---- D:\Program Files\RSL
2010-01-23 19:23:15 ----D---- D:\Program Files\Native Instruments
2010-01-23 16:10:20 ----D---- D:\Program Files\MIKSOFT
2010-01-20 19:12:52 ----D---- D:\Program Files\FDRLab
2010-01-08 20:03:58 ----D---- D:\Program Files\Adobe
======List of files/folders modified in the last 1 months======
2010-02-07 12:19:41 ----D---- D:\WINDOWS\Prefetch
2010-02-07 12:17:41 ----D---- D:\Program Files\Mozilla Firefox
2010-02-07 12:16:54 ----D---- D:\WINDOWS
2010-02-07 12:16:51 ----D---- D:\WINDOWS\Temp
2010-02-07 00:58:03 ----A---- D:\WINDOWS\SchedLgU.Txt
2010-02-06 23:03:12 ----SHD---- D:\WINDOWS\Installer
2010-02-06 22:43:45 ----D---- D:\Program Files
2010-02-06 10:29:05 ----D---- D:\WINDOWS\system32\CatRoot2
2010-02-05 21:17:25 ----D---- D:\WINDOWS\system32
2010-02-05 21:16:54 ----D---- D:\Documents and Settings\flash\Application Data\PC Suite
2010-02-05 19:59:51 ----D---- D:\Program Files\Common Files
2010-02-03 18:58:21 ----AC---- D:\WINDOWS\wincmd.ini
2010-02-02 17:12:58 ----D---- D:\Documents and Settings\flash\Application Data\ICQ
2010-02-02 17:10:47 ----HD---- D:\Program Files\InstallShield Installation Information
2010-02-02 17:10:33 ----D---- D:\Program Files\ICQ6Toolbar
2010-02-01 14:59:45 ----HD---- D:\WINDOWS\inf
2010-02-01 14:59:45 ----DC---- D:\WINDOWS\system32\DRVSTORE
2010-02-01 13:56:29 ----D---- D:\Documents and Settings
2010-01-31 22:02:33 ----SHD---- D:\RECYCLER
2010-01-30 09:50:05 ----D---- D:\WINDOWS\system32\config
2010-01-19 22:55:52 ----RSHDC---- D:\WINDOWS\system32\dllcache
2010-01-19 22:51:58 ----D---- D:\Program Files\DirectVobSub
2010-01-19 22:43:48 ----D---- D:\Program Files\Image-Line
2010-01-19 20:58:23 ----D---- D:\Program Files\Virtual Piano
2010-01-19 12:46:46 ----SD---- D:\WINDOWS\Downloaded Program Files
2010-01-08 20:04:31 ----D---- D:\Program Files\Common Files\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 nod32drv;nod32drv; D:\WINDOWS\system32\drivers\nod32drv.sys [2009-08-07 15424]
R1 VIAPFD;VIAPFD; D:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-12-18 3279]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AMON;AMON; D:\WINDOWS\system32\drivers\amon.sys [2009-08-07 512096]
R3 ati2mtag;ati2mtag; D:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-01 3452928]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; D:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; D:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); D:\WINDOWS\system32\drivers\viaudio.sys [2002-09-15 64128]
S2 PfModNT;PfModNT; \??\D:\WINDOWS\system32\PfModNT.sys []
S3 a7owz5mb;a7owz5mb; D:\WINDOWS\system32\drivers\a7owz5mb.sys []
S3 AMDPCI;AMDPCI; \??\D:\DOCUME~1\flash\LOCALS~1\Temp\AMDPCI.sys []
S3 ggflt;SEMC USB Flash Driver Filter; D:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-09-25 13352]
S3 ggsemc;SEMC USB Flash Driver; D:\WINDOWS\system32\DRIVERS\ggsemc.sys [2007-09-25 20520]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; D:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; D:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; D:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 k750bus;Sony Ericsson 750 driver (WDM); D:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; D:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; D:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; D:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; D:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 nmwcd;Nokia USB Phone Parent; D:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; D:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 pccsmcfd;PCCS Mode Change Filter Driver; D:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); D:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; D:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; D:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); D:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); D:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; D:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); D:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); D:\WINDOWS\system32\DRIVERS\s0017bus.sys [2008-05-27 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; D:\WINDOWS\system32\DRIVERS\s0017mdfl.sys [2008-05-27 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; D:\WINDOWS\system32\DRIVERS\s0017mdm.sys [2008-05-27 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); D:\WINDOWS\system32\DRIVERS\s0017mgmt.sys [2008-05-27 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); D:\WINDOWS\system32\DRIVERS\s0017nd5.sys [2008-05-27 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; D:\WINDOWS\system32\DRIVERS\s0017obex.sys [2008-05-27 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); D:\WINDOWS\system32\DRIVERS\s0017unic.sys [2008-05-27 117672]
S3 upperdev;upperdev; D:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbbus;LGE Mobile Composite USB Device; D:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 UsbDiag;LGE Mobile USB Serial Port; D:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; D:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 usbprint;Microsoft USB PRINTER Class; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; D:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; D:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; D:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; D:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; D:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 ICQ Service;ICQ Service; D:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 Net Driver HPZ12;Net Driver HPZ12; D:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 NOD32krn;NOD32 Kernel Service; D:\Program Files\Eset\nod32krn.exe [2009-08-07 552064]
R2 Pml Driver HPZ12;Pml Driver HPZ12; D:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 hpqcxs08;hpqcxs08; D:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 ServiceLayer;ServiceLayer; D:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S2 ASKUpgrade;ASKUpgrade; D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S2 ATI Smart;ATI Smart; D:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-07 182768]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by flash at 2010-02-07 12:19:35
Systém Microsoft Windows XP Professional Service Pack 2
System drive D: has 1 GB (11%) free of 10 GB
Total RAM: 1023 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:46, on 7. 2. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\ICQ6Toolbar\ICQ Service.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Winamp\winampa.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\DAEMON Tools Lite\DTLite.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
D:\Documents and Settings\flash\Desktop\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\flash.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2077543
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... &gc=1&q=%s
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - D:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - D:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - D:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - D:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [C-Media Mixer] D:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Search - D:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ASKUpgrade - Unknown owner - D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - D:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8158 bytes
======Scheduled tasks folder======
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1177238915-839522115-1006Core.job
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1177238915-839522115-1006UA.job
D:\WINDOWS\tasks\WGASetup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - D:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - D:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - D:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-08-07 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - D:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-04 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-08-07 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-08-07 259696]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - D:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"=D:\Program Files\PCI Audio Applications\Bin\AudioRack.exe [2001-05-09 225280]
"StartCCC"=D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-06-25 98304]
"nod32kui"=D:\Program Files\Eset\nod32kui.exe [2009-08-07 949376]
"WinampAgent"=D:\Program Files\Winamp\winampa.exe [2007-10-10 36352]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-08-07 39408]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-08-11 1124352]
"ICQ"=D:\Program Files\ICQ7.0\ICQ.exe [2010-01-12 133368]
"DAEMON Tools Lite"=D:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"Skype"=D:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Winamp Remote\bin\Orb.exe"="D:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"D:\Program Files\Winamp Remote\bin\OrbTray.exe"="D:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"D:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="D:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\ICQ7.0\ICQ.exe"="D:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"D:\Program Files\ICQ7.0\aolload.exe"="D:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"D:\Program Files\Skype\Plugin Manager\skypePM.exe"="D:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\ICQ7.0\ICQ.exe"="D:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"D:\Program Files\ICQ7.0\aolload.exe"="D:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af6e385e-8710-11de-a167-000d87349caa}]
shell\AutoRun\command - G:\autorun.exe
shell\setup\command - G:\autorun.exe
======File associations======
.reg - open - "regedit.exe" "%1"
======List of files/folders created in the last 1 months======
2010-02-07 12:19:34 ----D---- D:\rsit
2010-02-07 12:16:10 ----D---- D:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2010-02-07 12:16:10 ----D---- D:\Documents and Settings\All Users\Application Data\ATI
2010-02-06 22:43:45 ----D---- D:\Program Files\Trend Micro
2010-02-05 20:05:10 ----D---- D:\Documents and Settings\flash\Application Data\skypePM
2010-02-05 20:02:42 ----D---- D:\Documents and Settings\flash\Application Data\Skype
2010-02-05 19:59:51 ----D---- D:\Program Files\Common Files\Skype
2010-02-05 19:59:41 ----RD---- D:\Program Files\Skype
2010-02-05 19:59:33 ----D---- D:\Documents and Settings\All Users\Application Data\Skype
2010-02-02 19:51:03 ----D---- D:\Documents and Settings\flash\Application Data\Nero
2010-02-02 17:08:48 ----D---- D:\Program Files\ICQ7.0
2010-02-01 17:57:00 ----D---- D:\Documents and Settings\flash\Application Data\BSplayer PRO
2010-02-01 14:16:46 ----D---- D:\Documents and Settings\flash\Application Data\DAEMON Tools Lite
2010-02-01 14:11:53 ----D---- D:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-02-01 13:58:29 ----D---- D:\Documents and Settings\flash\Application Data\Adobe
2010-02-01 13:57:12 ----D---- D:\Documents and Settings\flash\Application Data\ATI
2010-02-01 13:56:53 ----D---- D:\Documents and Settings\All Users\Application Data\PC Suite
2010-02-01 13:56:30 ----D---- D:\Documents and Settings\All Users\Application Data\Microsoft
2010-01-25 21:26:45 ----D---- D:\Program Files\RSL
2010-01-23 19:23:15 ----D---- D:\Program Files\Native Instruments
2010-01-23 16:10:20 ----D---- D:\Program Files\MIKSOFT
2010-01-20 19:12:52 ----D---- D:\Program Files\FDRLab
2010-01-08 20:03:58 ----D---- D:\Program Files\Adobe
======List of files/folders modified in the last 1 months======
2010-02-07 12:19:41 ----D---- D:\WINDOWS\Prefetch
2010-02-07 12:17:41 ----D---- D:\Program Files\Mozilla Firefox
2010-02-07 12:16:54 ----D---- D:\WINDOWS
2010-02-07 12:16:51 ----D---- D:\WINDOWS\Temp
2010-02-07 00:58:03 ----A---- D:\WINDOWS\SchedLgU.Txt
2010-02-06 23:03:12 ----SHD---- D:\WINDOWS\Installer
2010-02-06 22:43:45 ----D---- D:\Program Files
2010-02-06 10:29:05 ----D---- D:\WINDOWS\system32\CatRoot2
2010-02-05 21:17:25 ----D---- D:\WINDOWS\system32
2010-02-05 21:16:54 ----D---- D:\Documents and Settings\flash\Application Data\PC Suite
2010-02-05 19:59:51 ----D---- D:\Program Files\Common Files
2010-02-03 18:58:21 ----AC---- D:\WINDOWS\wincmd.ini
2010-02-02 17:12:58 ----D---- D:\Documents and Settings\flash\Application Data\ICQ
2010-02-02 17:10:47 ----HD---- D:\Program Files\InstallShield Installation Information
2010-02-02 17:10:33 ----D---- D:\Program Files\ICQ6Toolbar
2010-02-01 14:59:45 ----HD---- D:\WINDOWS\inf
2010-02-01 14:59:45 ----DC---- D:\WINDOWS\system32\DRVSTORE
2010-02-01 13:56:29 ----D---- D:\Documents and Settings
2010-01-31 22:02:33 ----SHD---- D:\RECYCLER
2010-01-30 09:50:05 ----D---- D:\WINDOWS\system32\config
2010-01-19 22:55:52 ----RSHDC---- D:\WINDOWS\system32\dllcache
2010-01-19 22:51:58 ----D---- D:\Program Files\DirectVobSub
2010-01-19 22:43:48 ----D---- D:\Program Files\Image-Line
2010-01-19 20:58:23 ----D---- D:\Program Files\Virtual Piano
2010-01-19 12:46:46 ----SD---- D:\WINDOWS\Downloaded Program Files
2010-01-08 20:04:31 ----D---- D:\Program Files\Common Files\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 nod32drv;nod32drv; D:\WINDOWS\system32\drivers\nod32drv.sys [2009-08-07 15424]
R1 VIAPFD;VIAPFD; D:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-12-18 3279]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AMON;AMON; D:\WINDOWS\system32\drivers\amon.sys [2009-08-07 512096]
R3 ati2mtag;ati2mtag; D:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-01 3452928]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; D:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; D:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); D:\WINDOWS\system32\drivers\viaudio.sys [2002-09-15 64128]
S2 PfModNT;PfModNT; \??\D:\WINDOWS\system32\PfModNT.sys []
S3 a7owz5mb;a7owz5mb; D:\WINDOWS\system32\drivers\a7owz5mb.sys []
S3 AMDPCI;AMDPCI; \??\D:\DOCUME~1\flash\LOCALS~1\Temp\AMDPCI.sys []
S3 ggflt;SEMC USB Flash Driver Filter; D:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-09-25 13352]
S3 ggsemc;SEMC USB Flash Driver; D:\WINDOWS\system32\DRIVERS\ggsemc.sys [2007-09-25 20520]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; D:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; D:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; D:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 k750bus;Sony Ericsson 750 driver (WDM); D:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; D:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; D:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; D:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; D:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 nmwcd;Nokia USB Phone Parent; D:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; D:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 pccsmcfd;PCCS Mode Change Filter Driver; D:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); D:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; D:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; D:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); D:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); D:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; D:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); D:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); D:\WINDOWS\system32\DRIVERS\s0017bus.sys [2008-05-27 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; D:\WINDOWS\system32\DRIVERS\s0017mdfl.sys [2008-05-27 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; D:\WINDOWS\system32\DRIVERS\s0017mdm.sys [2008-05-27 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); D:\WINDOWS\system32\DRIVERS\s0017mgmt.sys [2008-05-27 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); D:\WINDOWS\system32\DRIVERS\s0017nd5.sys [2008-05-27 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; D:\WINDOWS\system32\DRIVERS\s0017obex.sys [2008-05-27 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); D:\WINDOWS\system32\DRIVERS\s0017unic.sys [2008-05-27 117672]
S3 upperdev;upperdev; D:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbbus;LGE Mobile Composite USB Device; D:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 UsbDiag;LGE Mobile USB Serial Port; D:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; D:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 usbprint;Microsoft USB PRINTER Class; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; D:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; D:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; D:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; D:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; D:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 ICQ Service;ICQ Service; D:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 Net Driver HPZ12;Net Driver HPZ12; D:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 NOD32krn;NOD32 Kernel Service; D:\Program Files\Eset\nod32krn.exe [2009-08-07 552064]
R2 Pml Driver HPZ12;Pml Driver HPZ12; D:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 hpqcxs08;hpqcxs08; D:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 ServiceLayer;ServiceLayer; D:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S2 ASKUpgrade;ASKUpgrade; D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S2 ATI Smart;ATI Smart; D:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-07 182768]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
-
meteorolog
- Vzorný návštěvník
- Příspěvky: 308
- Registrován: 07 led 2007 15:20
- Bydliště: Pardubice
Re: kontrola logu...vopred dakujem
odinstalujte Ask Toolbar, DAEMON Tools Toolbar a ICQToolBar a pošlete ještě log z Combofix:
Stáhneme na plochu, ukončíme všechna aktivní okna a spustíme ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Po spuštění potvrdíme podmínky užití
- Dále postupujeme dle pokynů, během aplikování ComboFixu neklikejte do zobrazujících se oken
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt
- ComboFix je třeba spustit pod účtem s právy administrátora
Stáhneme na plochu, ukončíme všechna aktivní okna a spustíme ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Po spuštění potvrdíme podmínky užití
- Dále postupujeme dle pokynů, během aplikování ComboFixu neklikejte do zobrazujících se oken
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt
- ComboFix je třeba spustit pod účtem s právy administrátora
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
Re: kontrola logu...vopred dakujem
no tak tue ten další log:
ComboFix 10-02-06.03 - flash . 02. 2010 14:00:48.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.718 [GMT 1:00]
Running from: d:\documents and settings\flash\Desktop\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\program files\AskSearch\bin\DefaultSearch.dll
d:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((( Files Created from 2010-01-07 to 2010-02-07 )))))))))))))))))))))))))))))))
.
2010-02-07 11:19 . 2010-02-07 11:20 -------- d-----w- D:\rsit
2010-02-07 11:16 . 2010-02-07 11:16 -------- d-----w- d:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-02-07 11:16 . 2010-02-07 11:16 -------- d-----w- d:\documents and settings\All Users\Application Data\ATI
2010-02-06 21:43 . 2010-02-06 21:43 -------- d-----w- d:\program files\Trend Micro
2010-02-05 20:17 . 2010-02-05 20:17 -------- d-sh--w- d:\documents and settings\All Users\DRM
2010-02-05 19:05 . 2010-02-05 19:05 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2010-02-05 19:05 . 2010-02-07 11:17 -------- d-----w- d:\documents and settings\flash\Application Data\skypePM
2010-02-05 19:02 . 2010-02-07 11:56 -------- d-----w- d:\documents and settings\flash\Application Data\Skype
2010-02-05 18:59 . 2010-02-05 18:59 -------- d-----w- d:\program files\Common Files\Skype
2010-02-05 18:59 . 2010-02-05 19:00 -------- d-----r- d:\program files\Skype
2010-02-05 18:59 . 2010-02-05 18:59 -------- d-----w- d:\documents and settings\All Users\Application Data\Skype
2010-02-02 18:51 . 2010-02-02 18:51 -------- d-----w- d:\documents and settings\flash\Application Data\Nero
2010-02-02 16:09 . 2010-02-02 16:09 -------- d-----w- d:\documents and settings\flash\Local Settings\Application Data\AOL
2010-02-01 16:57 . 2010-02-01 18:51 -------- d-----w- d:\documents and settings\flash\Application Data\BSplayer PRO
2010-02-01 13:16 . 2010-02-01 13:16 -------- d-----w- d:\documents and settings\flash\Application Data\DAEMON Tools Lite
2010-02-01 13:11 . 2010-02-01 13:14 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-01 12:57 . 2010-02-01 12:57 -------- d-----w- d:\documents and settings\flash\Application Data\ATI
2010-02-01 12:56 . 2010-02-05 20:16 -------- d-----w- d:\documents and settings\All Users\Application Data\PC Suite
2010-02-01 12:56 . 2010-02-01 12:56 -------- d-----r- d:\documents and settings\All Users\Documents
2010-02-01 12:56 . 2010-02-05 20:17 -------- d-----w- d:\documents and settings\All Users
2010-01-31 21:04 . 2010-01-31 21:04 -------- d-----w- d:\documents and settings\rado\Local Settings\Application Data\Mozilla
2010-01-31 21:04 . 2010-02-05 21:30 -------- d-----w- d:\documents and settings\rado\Local Settings\Application Data\Mozilla Firefox
2010-01-31 21:00 . 2010-01-31 21:00 -------- d-----w- d:\documents and settings\rado
2010-01-25 20:26 . 2010-01-25 21:12 -------- d-----w- d:\program files\RSL
2010-01-23 18:23 . 2010-01-23 18:23 -------- d-----w- d:\program files\Native Instruments
2010-01-23 15:10 . 2010-01-23 15:10 -------- d-----w- d:\program files\MIKSOFT
2010-01-20 18:12 . 2010-01-20 18:12 -------- d-----w- d:\program files\FDRLab
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-07 12:34 . 2005-02-24 16:13 -------- d-----w- d:\program files\DAEMON Tools Toolbar
2010-02-05 20:16 . 2009-12-22 17:55 -------- d-----w- d:\documents and settings\flash\Application Data\PC Suite
2010-02-02 16:12 . 2009-08-10 19:03 -------- d-----w- d:\documents and settings\flash\Application Data\ICQ
2010-02-02 16:10 . 2009-08-07 09:43 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-02-02 16:10 . 2009-08-10 19:07 -------- d-----w- d:\program files\ICQ6Toolbar
2010-01-31 21:01 . 2010-01-31 21:01 44912 ----a-w- d:\documents and settings\rado\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-31 21:01 . 2010-01-31 21:01 -------- d-----w- d:\documents and settings\rado\Application Data\ATI
2010-01-31 21:00 . 2010-01-31 21:00 -------- d-----w- d:\documents and settings\rado\Application Data\PC Suite
2010-01-19 21:51 . 2009-08-11 17:19 -------- d-----w- d:\program files\DirectVobSub
2010-01-19 21:43 . 2009-12-08 14:43 -------- d-----w- d:\program files\Image-Line
2010-01-19 19:58 . 2009-12-11 13:46 -------- d-----w- d:\program files\Virtual Piano
2010-01-08 19:04 . 2009-08-24 14:07 -------- d-----w- d:\program files\Common Files\Adobe
2010-01-07 18:08 . 2010-01-07 18:08 -------- d-----w- d:\program files\Common Files\CyberLink
2010-01-07 16:15 . 2010-01-07 15:59 29480 ----a-w- d:\windows\system32\msxml3a.dll
2010-01-05 20:56 . 2009-08-28 08:39 -------- d-----w- d:\program files\HP
2010-01-05 20:42 . 2009-08-07 10:46 44912 ----a-w- d:\documents and settings\flash\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-30 17:00 . 2009-08-19 13:09 411368 -c--a-w- d:\windows\system32\deploytk.dll
2009-12-27 17:40 . 2009-12-22 17:55 -------- d-----w- d:\documents and settings\flash\Application Data\Nokia
2009-12-24 18:13 . 2009-10-20 18:39 -------- d-----w- d:\documents and settings\flash\Application Data\Sony
2009-12-24 10:45 . 2009-08-28 08:21 142924 -c--a-w- d:\windows\hpoins14.dat
2009-12-24 09:33 . 2009-12-24 09:33 -------- d-----w- d:\program files\SignSIS-GUI
2009-12-22 17:48 . 2009-12-22 17:48 -------- d-----w- d:\program files\Common Files\PCSuite
2009-12-22 17:48 . 2009-12-22 17:48 -------- d-----w- d:\program files\Common Files\Nokia
2009-12-22 17:46 . 2009-12-22 17:46 -------- d-----w- d:\program files\DIFX
2009-12-22 17:44 . 2009-12-22 17:44 -------- d-----w- d:\program files\PC Connectivity Solution
2009-12-22 10:53 . 2009-12-22 10:53 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-12-19 11:55 . 2009-12-19 11:55 -------- d-----w- d:\program files\Microsoft.NET
2009-12-17 19:37 . 2009-12-17 19:37 -------- d-----w- d:\documents and settings\flash\Application Data\Kingsoft
2009-12-08 15:50 . 2009-12-08 15:49 16883056 ----a-w- d:\documents and settings\flash\Application Data\OpenCandy\IE8-WindowsXP-x86-ENU.exe
2009-12-08 15:49 . 2009-12-08 15:49 265768 ----a-w- d:\documents and settings\flash\Application Data\OpenCandy\IE8Wrapper.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-07 39408]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Skype"="d:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="d:\program files\PCI Audio Applications\Bin\AudioRack.exe" [2001-05-09 225280]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2009-08-07 949376]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2007-10-10 36352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 nod32drv;nod32drv;d:\windows\system32\drivers\nod32drv.sys [7. 8. 2009 12:15 15424]
S0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [7. 8. 2009 12:21 691696]
S3 ggflt;SEMC USB Flash Driver Filter;d:\windows\system32\drivers\ggflt.sys [3. 12. 2009 22:37 13352]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);d:\windows\system32\drivers\s0016bus.sys [20. 10. 2009 19:25 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;d:\windows\system32\drivers\s0016mdfl.sys [20. 10. 2009 19:25 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;d:\windows\system32\drivers\s0016mdm.sys [20. 10. 2009 19:25 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);d:\windows\system32\drivers\s0016mgmt.sys [20. 10. 2009 19:25 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);d:\windows\system32\drivers\s0016nd5.sys [20. 10. 2009 19:25 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;d:\windows\system32\drivers\s0016obex.sys [20. 10. 2009 19:25 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);d:\windows\system32\drivers\s0016unic.sys [20. 10. 2009 19:25 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);d:\windows\system32\drivers\s0017bus.sys [20. 10. 2009 19:25 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;d:\windows\system32\drivers\s0017mdfl.sys [20. 10. 2009 19:25 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;d:\windows\system32\drivers\s0017mdm.sys [20. 10. 2009 19:25 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);d:\windows\system32\drivers\s0017mgmt.sys [20. 10. 2009 19:25 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);d:\windows\system32\drivers\s0017nd5.sys [20. 10. 2009 19:25 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;d:\windows\system32\drivers\s0017obex.sys [20. 10. 2009 19:25 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);d:\windows\system32\drivers\s0017unic.sys [20. 10. 2009 19:25 117672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-02-07 d:\windows\Tasks\WGASetup.job
- d:\windows\system32\KB905474\wgasetup.exe [2009-10-07 20:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2077543
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
IE: &Winamp Search - d:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovať do programu Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: d:\windows\system32\imon.dll
FF - ProfilePath - d:\documents and settings\flash\Application Data\Mozilla\Firefox\Profiles\zb7ezrzh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=
FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
URLSearchHooks-{C94E154B-1459-4A47-966B-4B843BEFC7DB} - d:\program files\AskSearch\bin\DefaultSearch.dll
AddRemove-Nokia PC Suite - d:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Nokia_PC_Suite_rel_7_0_8_2_slk_web.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-07 14:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(692)
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(748)
d:\windows\system32\imon.dll
d:\program files\Eset\pr_imon.dll
.
Completion time: 2010-02-07 14:08:57
ComboFix-quarantined-files.txt 2010-02-07 13:08
Pre-Run: 949 735 424 bytes free
Post-Run: 2 942 791 680 voľných bajtov
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 5387B8136262373313E2071DF6498674
ComboFix 10-02-06.03 - flash . 02. 2010 14:00:48.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.718 [GMT 1:00]
Running from: d:\documents and settings\flash\Desktop\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\program files\AskSearch\bin\DefaultSearch.dll
d:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((( Files Created from 2010-01-07 to 2010-02-07 )))))))))))))))))))))))))))))))
.
2010-02-07 11:19 . 2010-02-07 11:20 -------- d-----w- D:\rsit
2010-02-07 11:16 . 2010-02-07 11:16 -------- d-----w- d:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-02-07 11:16 . 2010-02-07 11:16 -------- d-----w- d:\documents and settings\All Users\Application Data\ATI
2010-02-06 21:43 . 2010-02-06 21:43 -------- d-----w- d:\program files\Trend Micro
2010-02-05 20:17 . 2010-02-05 20:17 -------- d-sh--w- d:\documents and settings\All Users\DRM
2010-02-05 19:05 . 2010-02-05 19:05 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2010-02-05 19:05 . 2010-02-07 11:17 -------- d-----w- d:\documents and settings\flash\Application Data\skypePM
2010-02-05 19:02 . 2010-02-07 11:56 -------- d-----w- d:\documents and settings\flash\Application Data\Skype
2010-02-05 18:59 . 2010-02-05 18:59 -------- d-----w- d:\program files\Common Files\Skype
2010-02-05 18:59 . 2010-02-05 19:00 -------- d-----r- d:\program files\Skype
2010-02-05 18:59 . 2010-02-05 18:59 -------- d-----w- d:\documents and settings\All Users\Application Data\Skype
2010-02-02 18:51 . 2010-02-02 18:51 -------- d-----w- d:\documents and settings\flash\Application Data\Nero
2010-02-02 16:09 . 2010-02-02 16:09 -------- d-----w- d:\documents and settings\flash\Local Settings\Application Data\AOL
2010-02-01 16:57 . 2010-02-01 18:51 -------- d-----w- d:\documents and settings\flash\Application Data\BSplayer PRO
2010-02-01 13:16 . 2010-02-01 13:16 -------- d-----w- d:\documents and settings\flash\Application Data\DAEMON Tools Lite
2010-02-01 13:11 . 2010-02-01 13:14 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-01 12:57 . 2010-02-01 12:57 -------- d-----w- d:\documents and settings\flash\Application Data\ATI
2010-02-01 12:56 . 2010-02-05 20:16 -------- d-----w- d:\documents and settings\All Users\Application Data\PC Suite
2010-02-01 12:56 . 2010-02-01 12:56 -------- d-----r- d:\documents and settings\All Users\Documents
2010-02-01 12:56 . 2010-02-05 20:17 -------- d-----w- d:\documents and settings\All Users
2010-01-31 21:04 . 2010-01-31 21:04 -------- d-----w- d:\documents and settings\rado\Local Settings\Application Data\Mozilla
2010-01-31 21:04 . 2010-02-05 21:30 -------- d-----w- d:\documents and settings\rado\Local Settings\Application Data\Mozilla Firefox
2010-01-31 21:00 . 2010-01-31 21:00 -------- d-----w- d:\documents and settings\rado
2010-01-25 20:26 . 2010-01-25 21:12 -------- d-----w- d:\program files\RSL
2010-01-23 18:23 . 2010-01-23 18:23 -------- d-----w- d:\program files\Native Instruments
2010-01-23 15:10 . 2010-01-23 15:10 -------- d-----w- d:\program files\MIKSOFT
2010-01-20 18:12 . 2010-01-20 18:12 -------- d-----w- d:\program files\FDRLab
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-07 12:34 . 2005-02-24 16:13 -------- d-----w- d:\program files\DAEMON Tools Toolbar
2010-02-05 20:16 . 2009-12-22 17:55 -------- d-----w- d:\documents and settings\flash\Application Data\PC Suite
2010-02-02 16:12 . 2009-08-10 19:03 -------- d-----w- d:\documents and settings\flash\Application Data\ICQ
2010-02-02 16:10 . 2009-08-07 09:43 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-02-02 16:10 . 2009-08-10 19:07 -------- d-----w- d:\program files\ICQ6Toolbar
2010-01-31 21:01 . 2010-01-31 21:01 44912 ----a-w- d:\documents and settings\rado\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-31 21:01 . 2010-01-31 21:01 -------- d-----w- d:\documents and settings\rado\Application Data\ATI
2010-01-31 21:00 . 2010-01-31 21:00 -------- d-----w- d:\documents and settings\rado\Application Data\PC Suite
2010-01-19 21:51 . 2009-08-11 17:19 -------- d-----w- d:\program files\DirectVobSub
2010-01-19 21:43 . 2009-12-08 14:43 -------- d-----w- d:\program files\Image-Line
2010-01-19 19:58 . 2009-12-11 13:46 -------- d-----w- d:\program files\Virtual Piano
2010-01-08 19:04 . 2009-08-24 14:07 -------- d-----w- d:\program files\Common Files\Adobe
2010-01-07 18:08 . 2010-01-07 18:08 -------- d-----w- d:\program files\Common Files\CyberLink
2010-01-07 16:15 . 2010-01-07 15:59 29480 ----a-w- d:\windows\system32\msxml3a.dll
2010-01-05 20:56 . 2009-08-28 08:39 -------- d-----w- d:\program files\HP
2010-01-05 20:42 . 2009-08-07 10:46 44912 ----a-w- d:\documents and settings\flash\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-30 17:00 . 2009-08-19 13:09 411368 -c--a-w- d:\windows\system32\deploytk.dll
2009-12-27 17:40 . 2009-12-22 17:55 -------- d-----w- d:\documents and settings\flash\Application Data\Nokia
2009-12-24 18:13 . 2009-10-20 18:39 -------- d-----w- d:\documents and settings\flash\Application Data\Sony
2009-12-24 10:45 . 2009-08-28 08:21 142924 -c--a-w- d:\windows\hpoins14.dat
2009-12-24 09:33 . 2009-12-24 09:33 -------- d-----w- d:\program files\SignSIS-GUI
2009-12-22 17:48 . 2009-12-22 17:48 -------- d-----w- d:\program files\Common Files\PCSuite
2009-12-22 17:48 . 2009-12-22 17:48 -------- d-----w- d:\program files\Common Files\Nokia
2009-12-22 17:46 . 2009-12-22 17:46 -------- d-----w- d:\program files\DIFX
2009-12-22 17:44 . 2009-12-22 17:44 -------- d-----w- d:\program files\PC Connectivity Solution
2009-12-22 10:53 . 2009-12-22 10:53 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-12-19 11:55 . 2009-12-19 11:55 -------- d-----w- d:\program files\Microsoft.NET
2009-12-17 19:37 . 2009-12-17 19:37 -------- d-----w- d:\documents and settings\flash\Application Data\Kingsoft
2009-12-08 15:50 . 2009-12-08 15:49 16883056 ----a-w- d:\documents and settings\flash\Application Data\OpenCandy\IE8-WindowsXP-x86-ENU.exe
2009-12-08 15:49 . 2009-12-08 15:49 265768 ----a-w- d:\documents and settings\flash\Application Data\OpenCandy\IE8Wrapper.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-07 39408]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Skype"="d:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="d:\program files\PCI Audio Applications\Bin\AudioRack.exe" [2001-05-09 225280]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2009-08-07 949376]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2007-10-10 36352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 nod32drv;nod32drv;d:\windows\system32\drivers\nod32drv.sys [7. 8. 2009 12:15 15424]
S0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [7. 8. 2009 12:21 691696]
S3 ggflt;SEMC USB Flash Driver Filter;d:\windows\system32\drivers\ggflt.sys [3. 12. 2009 22:37 13352]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);d:\windows\system32\drivers\s0016bus.sys [20. 10. 2009 19:25 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;d:\windows\system32\drivers\s0016mdfl.sys [20. 10. 2009 19:25 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;d:\windows\system32\drivers\s0016mdm.sys [20. 10. 2009 19:25 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);d:\windows\system32\drivers\s0016mgmt.sys [20. 10. 2009 19:25 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);d:\windows\system32\drivers\s0016nd5.sys [20. 10. 2009 19:25 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;d:\windows\system32\drivers\s0016obex.sys [20. 10. 2009 19:25 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);d:\windows\system32\drivers\s0016unic.sys [20. 10. 2009 19:25 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);d:\windows\system32\drivers\s0017bus.sys [20. 10. 2009 19:25 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;d:\windows\system32\drivers\s0017mdfl.sys [20. 10. 2009 19:25 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;d:\windows\system32\drivers\s0017mdm.sys [20. 10. 2009 19:25 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);d:\windows\system32\drivers\s0017mgmt.sys [20. 10. 2009 19:25 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);d:\windows\system32\drivers\s0017nd5.sys [20. 10. 2009 19:25 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;d:\windows\system32\drivers\s0017obex.sys [20. 10. 2009 19:25 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);d:\windows\system32\drivers\s0017unic.sys [20. 10. 2009 19:25 117672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-02-07 d:\windows\Tasks\WGASetup.job
- d:\windows\system32\KB905474\wgasetup.exe [2009-10-07 20:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2077543
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
IE: &Winamp Search - d:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovať do programu Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: d:\windows\system32\imon.dll
FF - ProfilePath - d:\documents and settings\flash\Application Data\Mozilla\Firefox\Profiles\zb7ezrzh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=
FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
URLSearchHooks-{C94E154B-1459-4A47-966B-4B843BEFC7DB} - d:\program files\AskSearch\bin\DefaultSearch.dll
AddRemove-Nokia PC Suite - d:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Nokia_PC_Suite_rel_7_0_8_2_slk_web.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-07 14:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(692)
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(748)
d:\windows\system32\imon.dll
d:\program files\Eset\pr_imon.dll
.
Completion time: 2010-02-07 14:08:57
ComboFix-quarantined-files.txt 2010-02-07 13:08
Pre-Run: 949 735 424 bytes free
Post-Run: 2 942 791 680 voľných bajtov
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 5387B8136262373313E2071DF6498674
-
meteorolog
- Vzorný návštěvník
- Příspěvky: 308
- Registrován: 07 led 2007 15:20
- Bydliště: Pardubice
Re: kontrola logu...vopred dakujem
zapojte do PC všechny přenosné usb disky (klíčenky)
otevřte poznámkový blok (Notepad) a zkopírujte do něj následující text:
spustí se ComboFix a vykoná příkaz ze skriptu - potom pošlete nový log
otevřte poznámkový blok (Notepad) a zkopírujte do něj následující text:
Soubor uložte na plochu jako CFScript.txt a podle obrázku přetáhněte nad ComboFixKillAll::
Folder::
d:\program files\DAEMON Tools Toolbar
d:\program files\ICQ6Toolbar
DDS::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2077543
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: &Winamp Search - d:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
Extra::
Firefox::
FF - ProfilePath - d:\documents and settings\flash\Application Data\Mozilla\Firefox\Profiles\zb7ezrzh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.0.0&q=
spustí se ComboFix a vykoná příkaz ze skriptu - potom pošlete nový log
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
Re: kontrola logu...vopred dakujem
ComboFix 10-02-06.03 - flash . 02. 2010 15:00:37.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.626 [GMT 1:00]
Running from: d:\documents and settings\flash\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\flash\Desktop\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\program files\DAEMON Tools Toolbar
d:\program files\DAEMON Tools Toolbar\_DTLite.xml
d:\program files\ICQ6Toolbar
d:\program files\ICQ6Toolbar\config.xml
d:\program files\ICQ6Toolbar\Icons.bmp
d:\program files\ICQ6Toolbar\ICQ Service.exe
d:\program files\ICQ6Toolbar\icq6Toolbar.ico
d:\program files\ICQ6Toolbar\ICQToolBar.dll
d:\program files\ICQ6Toolbar\ICQUnToolbar.exe
d:\program files\ICQ6Toolbar\logo_small.gif
d:\program files\ICQ6Toolbar\ServiceStarter.exe
d:\program files\ICQ6Toolbar\short.wav
d:\program files\ICQ6Toolbar\Version.txt
.
((((((((((((((((((((((((( Files Created from 2010-01-07 to 2010-02-07 )))))))))))))))))))))))))))))))
.
2010-02-07 11:19 . 2010-02-07 11:20 -------- d-----w- D:\rsit
2010-02-07 11:16 . 2010-02-07 11:16 -------- d-----w- d:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-02-07 11:16 . 2010-02-07 11:16 -------- d-----w- d:\documents and settings\All Users\Application Data\ATI
2010-02-06 21:43 . 2010-02-06 21:43 -------- d-----w- d:\program files\Trend Micro
2010-02-05 20:17 . 2010-02-05 20:17 -------- d-sh--w- d:\documents and settings\All Users\DRM
2010-02-05 19:05 . 2010-02-05 19:05 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2010-02-05 19:05 . 2010-02-07 11:17 -------- d-----w- d:\documents and settings\flash\Application Data\skypePM
2010-02-05 19:02 . 2010-02-07 14:09 -------- d-----w- d:\documents and settings\flash\Application Data\Skype
2010-02-05 18:59 . 2010-02-05 18:59 -------- d-----w- d:\program files\Common Files\Skype
2010-02-05 18:59 . 2010-02-05 19:00 -------- d-----r- d:\program files\Skype
2010-02-05 18:59 . 2010-02-05 18:59 -------- d-----w- d:\documents and settings\All Users\Application Data\Skype
2010-02-02 18:51 . 2010-02-02 18:51 -------- d-----w- d:\documents and settings\flash\Application Data\Nero
2010-02-02 16:09 . 2010-02-02 16:09 -------- d-----w- d:\documents and settings\flash\Local Settings\Application Data\AOL
2010-02-01 16:57 . 2010-02-01 18:51 -------- d-----w- d:\documents and settings\flash\Application Data\BSplayer PRO
2010-02-01 13:16 . 2010-02-01 13:16 -------- d-----w- d:\documents and settings\flash\Application Data\DAEMON Tools Lite
2010-02-01 13:11 . 2010-02-01 13:14 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-01 12:57 . 2010-02-01 12:57 -------- d-----w- d:\documents and settings\flash\Application Data\ATI
2010-02-01 12:56 . 2010-02-05 20:16 -------- d-----w- d:\documents and settings\All Users\Application Data\PC Suite
2010-02-01 12:56 . 2010-02-01 12:56 -------- d-----r- d:\documents and settings\All Users\Documents
2010-02-01 12:56 . 2010-02-05 20:17 -------- d-----w- d:\documents and settings\All Users
2010-01-31 21:04 . 2010-01-31 21:04 -------- d-----w- d:\documents and settings\rado\Local Settings\Application Data\Mozilla
2010-01-31 21:04 . 2010-02-05 21:30 -------- d-----w- d:\documents and settings\rado\Local Settings\Application Data\Mozilla Firefox
2010-01-31 21:00 . 2010-01-31 21:00 -------- d-----w- d:\documents and settings\rado
2010-01-25 20:26 . 2010-01-25 21:12 -------- d-----w- d:\program files\RSL
2010-01-23 18:23 . 2010-01-23 18:23 -------- d-----w- d:\program files\Native Instruments
2010-01-23 15:10 . 2010-01-23 15:10 -------- d-----w- d:\program files\MIKSOFT
2010-01-20 18:12 . 2010-01-20 18:12 -------- d-----w- d:\program files\FDRLab
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 20:16 . 2009-12-22 17:55 -------- d-----w- d:\documents and settings\flash\Application Data\PC Suite
2010-02-02 16:12 . 2009-08-10 19:03 -------- d-----w- d:\documents and settings\flash\Application Data\ICQ
2010-02-02 16:10 . 2009-08-07 09:43 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-01-31 21:01 . 2010-01-31 21:01 44912 ----a-w- d:\documents and settings\rado\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-31 21:01 . 2010-01-31 21:01 -------- d-----w- d:\documents and settings\rado\Application Data\ATI
2010-01-31 21:00 . 2010-01-31 21:00 -------- d-----w- d:\documents and settings\rado\Application Data\PC Suite
2010-01-19 21:51 . 2009-08-11 17:19 -------- d-----w- d:\program files\DirectVobSub
2010-01-19 21:43 . 2009-12-08 14:43 -------- d-----w- d:\program files\Image-Line
2010-01-19 19:58 . 2009-12-11 13:46 -------- d-----w- d:\program files\Virtual Piano
2010-01-08 19:04 . 2009-08-24 14:07 -------- d-----w- d:\program files\Common Files\Adobe
2010-01-07 18:08 . 2010-01-07 18:08 -------- d-----w- d:\program files\Common Files\CyberLink
2010-01-07 16:15 . 2010-01-07 15:59 29480 ----a-w- d:\windows\system32\msxml3a.dll
2010-01-05 20:56 . 2009-08-28 08:39 -------- d-----w- d:\program files\HP
2010-01-05 20:42 . 2009-08-07 10:46 44912 ----a-w- d:\documents and settings\flash\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-30 17:00 . 2009-08-19 13:09 411368 -c--a-w- d:\windows\system32\deploytk.dll
2009-12-27 17:40 . 2009-12-22 17:55 -------- d-----w- d:\documents and settings\flash\Application Data\Nokia
2009-12-24 18:13 . 2009-10-20 18:39 -------- d-----w- d:\documents and settings\flash\Application Data\Sony
2009-12-24 10:45 . 2009-08-28 08:21 142924 -c--a-w- d:\windows\hpoins14.dat
2009-12-24 09:33 . 2009-12-24 09:33 -------- d-----w- d:\program files\SignSIS-GUI
2009-12-22 17:48 . 2009-12-22 17:48 -------- d-----w- d:\program files\Common Files\PCSuite
2009-12-22 17:48 . 2009-12-22 17:48 -------- d-----w- d:\program files\Common Files\Nokia
2009-12-22 17:46 . 2009-12-22 17:46 -------- d-----w- d:\program files\DIFX
2009-12-22 17:44 . 2009-12-22 17:44 -------- d-----w- d:\program files\PC Connectivity Solution
2009-12-22 10:53 . 2009-12-22 10:53 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-12-19 11:55 . 2009-12-19 11:55 -------- d-----w- d:\program files\Microsoft.NET
2009-12-17 19:37 . 2009-12-17 19:37 -------- d-----w- d:\documents and settings\flash\Application Data\Kingsoft
2009-12-08 15:50 . 2009-12-08 15:49 16883056 ----a-w- d:\documents and settings\flash\Application Data\OpenCandy\IE8-WindowsXP-x86-ENU.exe
2009-12-08 15:49 . 2009-12-08 15:49 265768 ----a-w- d:\documents and settings\flash\Application Data\OpenCandy\IE8Wrapper.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-07 39408]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Skype"="d:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="d:\program files\PCI Audio Applications\Bin\AudioRack.exe" [2001-05-09 225280]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2009-08-07 949376]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2007-10-10 36352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [7. 8. 2009 12:21 691696]
R1 nod32drv;nod32drv;d:\windows\system32\drivers\nod32drv.sys [7. 8. 2009 12:15 15424]
S3 ggflt;SEMC USB Flash Driver Filter;d:\windows\system32\drivers\ggflt.sys [3. 12. 2009 22:37 13352]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);d:\windows\system32\drivers\s0016bus.sys [20. 10. 2009 19:25 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;d:\windows\system32\drivers\s0016mdfl.sys [20. 10. 2009 19:25 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;d:\windows\system32\drivers\s0016mdm.sys [20. 10. 2009 19:25 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);d:\windows\system32\drivers\s0016mgmt.sys [20. 10. 2009 19:25 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);d:\windows\system32\drivers\s0016nd5.sys [20. 10. 2009 19:25 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;d:\windows\system32\drivers\s0016obex.sys [20. 10. 2009 19:25 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);d:\windows\system32\drivers\s0016unic.sys [20. 10. 2009 19:25 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);d:\windows\system32\drivers\s0017bus.sys [20. 10. 2009 19:25 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;d:\windows\system32\drivers\s0017mdfl.sys [20. 10. 2009 19:25 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;d:\windows\system32\drivers\s0017mdm.sys [20. 10. 2009 19:25 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);d:\windows\system32\drivers\s0017mgmt.sys [20. 10. 2009 19:25 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);d:\windows\system32\drivers\s0017nd5.sys [20. 10. 2009 19:25 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;d:\windows\system32\drivers\s0017obex.sys [20. 10. 2009 19:25 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);d:\windows\system32\drivers\s0017unic.sys [20. 10. 2009 19:25 117672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-02-07 d:\windows\Tasks\WGASetup.job
- d:\windows\system32\KB905474\wgasetup.exe [2009-10-07 20:18]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
IE: E&xportovať do programu Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: d:\windows\system32\imon.dll
FF - ProfilePath - d:\documents and settings\flash\Application Data\Mozilla\Firefox\Profiles\zb7ezrzh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-07 15:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x867DA1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7872fc3
\Driver\ACPI -> ACPI.sys @ 0xf76dacb8
\Driver\atapi -> 0x867da1f8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
NDIS: VIA PCI 10/100Mb Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7566ba0
PacketIndicateHandler -> NDIS.sys @ 0xf7573b21
SendHandler -> NDIS.sys @ 0xf755187b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(708)
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(764)
d:\windows\system32\imon.dll
d:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(3540)
d:\windows\system32\WININET.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\msi.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\Eset\nod32krn.exe
d:\program files\Skype\Phone\Skype.exe
d:\windows\system32\wscntfy.exe
d:\program files\PC Connectivity Solution\ServiceLayer.exe
d:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
d:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
d:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
d:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-02-07 15:13:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-07 14:13
ComboFix2.txt 2010-02-07 13:08
Pre-Run: 3 146 444 800 bytes free
Post-Run: 3 111 419 904 voľných bajtov
- - End Of File - - 141836A338DF077A805D2D1067DD6D91
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.626 [GMT 1:00]
Running from: d:\documents and settings\flash\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\flash\Desktop\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\program files\DAEMON Tools Toolbar
d:\program files\DAEMON Tools Toolbar\_DTLite.xml
d:\program files\ICQ6Toolbar
d:\program files\ICQ6Toolbar\config.xml
d:\program files\ICQ6Toolbar\Icons.bmp
d:\program files\ICQ6Toolbar\ICQ Service.exe
d:\program files\ICQ6Toolbar\icq6Toolbar.ico
d:\program files\ICQ6Toolbar\ICQToolBar.dll
d:\program files\ICQ6Toolbar\ICQUnToolbar.exe
d:\program files\ICQ6Toolbar\logo_small.gif
d:\program files\ICQ6Toolbar\ServiceStarter.exe
d:\program files\ICQ6Toolbar\short.wav
d:\program files\ICQ6Toolbar\Version.txt
.
((((((((((((((((((((((((( Files Created from 2010-01-07 to 2010-02-07 )))))))))))))))))))))))))))))))
.
2010-02-07 11:19 . 2010-02-07 11:20 -------- d-----w- D:\rsit
2010-02-07 11:16 . 2010-02-07 11:16 -------- d-----w- d:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-02-07 11:16 . 2010-02-07 11:16 -------- d-----w- d:\documents and settings\All Users\Application Data\ATI
2010-02-06 21:43 . 2010-02-06 21:43 -------- d-----w- d:\program files\Trend Micro
2010-02-05 20:17 . 2010-02-05 20:17 -------- d-sh--w- d:\documents and settings\All Users\DRM
2010-02-05 19:05 . 2010-02-05 19:05 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2010-02-05 19:05 . 2010-02-07 11:17 -------- d-----w- d:\documents and settings\flash\Application Data\skypePM
2010-02-05 19:02 . 2010-02-07 14:09 -------- d-----w- d:\documents and settings\flash\Application Data\Skype
2010-02-05 18:59 . 2010-02-05 18:59 -------- d-----w- d:\program files\Common Files\Skype
2010-02-05 18:59 . 2010-02-05 19:00 -------- d-----r- d:\program files\Skype
2010-02-05 18:59 . 2010-02-05 18:59 -------- d-----w- d:\documents and settings\All Users\Application Data\Skype
2010-02-02 18:51 . 2010-02-02 18:51 -------- d-----w- d:\documents and settings\flash\Application Data\Nero
2010-02-02 16:09 . 2010-02-02 16:09 -------- d-----w- d:\documents and settings\flash\Local Settings\Application Data\AOL
2010-02-01 16:57 . 2010-02-01 18:51 -------- d-----w- d:\documents and settings\flash\Application Data\BSplayer PRO
2010-02-01 13:16 . 2010-02-01 13:16 -------- d-----w- d:\documents and settings\flash\Application Data\DAEMON Tools Lite
2010-02-01 13:11 . 2010-02-01 13:14 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-01 12:57 . 2010-02-01 12:57 -------- d-----w- d:\documents and settings\flash\Application Data\ATI
2010-02-01 12:56 . 2010-02-05 20:16 -------- d-----w- d:\documents and settings\All Users\Application Data\PC Suite
2010-02-01 12:56 . 2010-02-01 12:56 -------- d-----r- d:\documents and settings\All Users\Documents
2010-02-01 12:56 . 2010-02-05 20:17 -------- d-----w- d:\documents and settings\All Users
2010-01-31 21:04 . 2010-01-31 21:04 -------- d-----w- d:\documents and settings\rado\Local Settings\Application Data\Mozilla
2010-01-31 21:04 . 2010-02-05 21:30 -------- d-----w- d:\documents and settings\rado\Local Settings\Application Data\Mozilla Firefox
2010-01-31 21:00 . 2010-01-31 21:00 -------- d-----w- d:\documents and settings\rado
2010-01-25 20:26 . 2010-01-25 21:12 -------- d-----w- d:\program files\RSL
2010-01-23 18:23 . 2010-01-23 18:23 -------- d-----w- d:\program files\Native Instruments
2010-01-23 15:10 . 2010-01-23 15:10 -------- d-----w- d:\program files\MIKSOFT
2010-01-20 18:12 . 2010-01-20 18:12 -------- d-----w- d:\program files\FDRLab
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 20:16 . 2009-12-22 17:55 -------- d-----w- d:\documents and settings\flash\Application Data\PC Suite
2010-02-02 16:12 . 2009-08-10 19:03 -------- d-----w- d:\documents and settings\flash\Application Data\ICQ
2010-02-02 16:10 . 2009-08-07 09:43 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-01-31 21:01 . 2010-01-31 21:01 44912 ----a-w- d:\documents and settings\rado\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-31 21:01 . 2010-01-31 21:01 -------- d-----w- d:\documents and settings\rado\Application Data\ATI
2010-01-31 21:00 . 2010-01-31 21:00 -------- d-----w- d:\documents and settings\rado\Application Data\PC Suite
2010-01-19 21:51 . 2009-08-11 17:19 -------- d-----w- d:\program files\DirectVobSub
2010-01-19 21:43 . 2009-12-08 14:43 -------- d-----w- d:\program files\Image-Line
2010-01-19 19:58 . 2009-12-11 13:46 -------- d-----w- d:\program files\Virtual Piano
2010-01-08 19:04 . 2009-08-24 14:07 -------- d-----w- d:\program files\Common Files\Adobe
2010-01-07 18:08 . 2010-01-07 18:08 -------- d-----w- d:\program files\Common Files\CyberLink
2010-01-07 16:15 . 2010-01-07 15:59 29480 ----a-w- d:\windows\system32\msxml3a.dll
2010-01-05 20:56 . 2009-08-28 08:39 -------- d-----w- d:\program files\HP
2010-01-05 20:42 . 2009-08-07 10:46 44912 ----a-w- d:\documents and settings\flash\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-30 17:00 . 2009-08-19 13:09 411368 -c--a-w- d:\windows\system32\deploytk.dll
2009-12-27 17:40 . 2009-12-22 17:55 -------- d-----w- d:\documents and settings\flash\Application Data\Nokia
2009-12-24 18:13 . 2009-10-20 18:39 -------- d-----w- d:\documents and settings\flash\Application Data\Sony
2009-12-24 10:45 . 2009-08-28 08:21 142924 -c--a-w- d:\windows\hpoins14.dat
2009-12-24 09:33 . 2009-12-24 09:33 -------- d-----w- d:\program files\SignSIS-GUI
2009-12-22 17:48 . 2009-12-22 17:48 -------- d-----w- d:\program files\Common Files\PCSuite
2009-12-22 17:48 . 2009-12-22 17:48 -------- d-----w- d:\program files\Common Files\Nokia
2009-12-22 17:46 . 2009-12-22 17:46 -------- d-----w- d:\program files\DIFX
2009-12-22 17:44 . 2009-12-22 17:44 -------- d-----w- d:\program files\PC Connectivity Solution
2009-12-22 10:53 . 2009-12-22 10:53 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-12-19 11:55 . 2009-12-19 11:55 -------- d-----w- d:\program files\Microsoft.NET
2009-12-17 19:37 . 2009-12-17 19:37 -------- d-----w- d:\documents and settings\flash\Application Data\Kingsoft
2009-12-08 15:50 . 2009-12-08 15:49 16883056 ----a-w- d:\documents and settings\flash\Application Data\OpenCandy\IE8-WindowsXP-x86-ENU.exe
2009-12-08 15:49 . 2009-12-08 15:49 265768 ----a-w- d:\documents and settings\flash\Application Data\OpenCandy\IE8Wrapper.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-07 39408]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Skype"="d:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="d:\program files\PCI Audio Applications\Bin\AudioRack.exe" [2001-05-09 225280]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2009-08-07 949376]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2007-10-10 36352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [7. 8. 2009 12:21 691696]
R1 nod32drv;nod32drv;d:\windows\system32\drivers\nod32drv.sys [7. 8. 2009 12:15 15424]
S3 ggflt;SEMC USB Flash Driver Filter;d:\windows\system32\drivers\ggflt.sys [3. 12. 2009 22:37 13352]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);d:\windows\system32\drivers\s0016bus.sys [20. 10. 2009 19:25 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;d:\windows\system32\drivers\s0016mdfl.sys [20. 10. 2009 19:25 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;d:\windows\system32\drivers\s0016mdm.sys [20. 10. 2009 19:25 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);d:\windows\system32\drivers\s0016mgmt.sys [20. 10. 2009 19:25 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);d:\windows\system32\drivers\s0016nd5.sys [20. 10. 2009 19:25 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;d:\windows\system32\drivers\s0016obex.sys [20. 10. 2009 19:25 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);d:\windows\system32\drivers\s0016unic.sys [20. 10. 2009 19:25 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);d:\windows\system32\drivers\s0017bus.sys [20. 10. 2009 19:25 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;d:\windows\system32\drivers\s0017mdfl.sys [20. 10. 2009 19:25 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;d:\windows\system32\drivers\s0017mdm.sys [20. 10. 2009 19:25 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);d:\windows\system32\drivers\s0017mgmt.sys [20. 10. 2009 19:25 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);d:\windows\system32\drivers\s0017nd5.sys [20. 10. 2009 19:25 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;d:\windows\system32\drivers\s0017obex.sys [20. 10. 2009 19:25 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);d:\windows\system32\drivers\s0017unic.sys [20. 10. 2009 19:25 117672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-02-07 d:\windows\Tasks\WGASetup.job
- d:\windows\system32\KB905474\wgasetup.exe [2009-10-07 20:18]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
IE: E&xportovať do programu Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: d:\windows\system32\imon.dll
FF - ProfilePath - d:\documents and settings\flash\Application Data\Mozilla\Firefox\Profiles\zb7ezrzh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-07 15:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x867DA1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7872fc3
\Driver\ACPI -> ACPI.sys @ 0xf76dacb8
\Driver\atapi -> 0x867da1f8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
NDIS: VIA PCI 10/100Mb Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7566ba0
PacketIndicateHandler -> NDIS.sys @ 0xf7573b21
SendHandler -> NDIS.sys @ 0xf755187b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(708)
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(764)
d:\windows\system32\imon.dll
d:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(3540)
d:\windows\system32\WININET.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\msi.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\Eset\nod32krn.exe
d:\program files\Skype\Phone\Skype.exe
d:\windows\system32\wscntfy.exe
d:\program files\PC Connectivity Solution\ServiceLayer.exe
d:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
d:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
d:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
d:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-02-07 15:13:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-07 14:13
ComboFix2.txt 2010-02-07 13:08
Pre-Run: 3 146 444 800 bytes free
Post-Run: 3 111 419 904 voľných bajtov
- - End Of File - - 141836A338DF077A805D2D1067DD6D91
-
meteorolog
- Vzorný návštěvník
- Příspěvky: 308
- Registrován: 07 led 2007 15:20
- Bydliště: Pardubice
Re: kontrola logu...vopred dakujem
OK, použijte http://sweb.cz/Marinus/T-Cleaner.exe - pro potvrzení stiskněte vždy klávesu A nebo Enter (utilita může být označena antivirem jako vir - po použití ji smažte)
potom CCleaner - položky Čistič a Registry - čištění opakujte do odstranění všech problémů
a nakonec ATF Cleaner - http://www.atribune.org/ccount/click.php?id=1:
po spuštění staženého souboru se objeví okno:
zatrhněte Select All, klikněte na Empty Selected a Exit
stejným způsobem vymažte případně cache Firefoxu a Opery
restartujte PC
potom CCleaner - položky Čistič a Registry - čištění opakujte do odstranění všech problémů
a nakonec ATF Cleaner - http://www.atribune.org/ccount/click.php?id=1:
po spuštění staženého souboru se objeví okno:
zatrhněte Select All, klikněte na Empty Selected a Exit
stejným způsobem vymažte případně cache Firefoxu a Opery
restartujte PC
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
Re: kontrola logu...vopred dakujem
diky moc
-
meteorolog
- Vzorný návštěvník
- Příspěvky: 308
- Registrován: 07 led 2007 15:20
- Bydliště: Pardubice
Re: kontrola logu...vopred dakujem
nemáte zač
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
Přispějete na provoz fóra?