Dobrý den,
i já mám problém s hláškou " NMIndexStoreSvr.exe došlo k problému,je třeba ji uzavřít "po startu či restartu PC.Zkoušel jsem obnovení,ale bez výsledku.Můžete mi prosím pomoct?
děkuji předem
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:08, on 23.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Bleskově - {04BAC0CD-8E15-4782-804D-2AB9861A2D8F} - http://www.bleskove.cz (file missing) (HKCU)
O9 - Extra button: Fotoalba - {084D27E4-E14F-4F0A-8AB6-E8EFDE2CF23F} - http://www.fotoalba.cz (file missing) (HKCU)
O9 - Extra button: Supermapy - {1083D008-CC3F-4F72-9065-5ED83E627335} - http://www.supermapy.cz (file missing) (HKCU)
O9 - Extra button: Centrum.cz - {17C626A6-5F7D-445F-946E-41366A93995A} - http://www.centrum.cz (file missing) (HKCU)
O9 - Extra button: Žena.cz - {1F464C9D-514F-4F29-81D2-6C4C6396949A} - http://www.zena.cz (file missing) (HKCU)
O9 - Extra button: Xchat.cz - {61374D3A-0992-4825-AC2A-4C8C5467F72F} - http://www.xchat.cz (file missing) (HKCU)
O9 - Extra button: Sportplus - {AAFF3BAB-3A9B-4B75-BFDB-D846970A1CF3} - http://sportplus.centrum.cz (file missing) (HKCU)
O9 - Extra button: Počasí - {DA4DD7E0-369A-4B34-BAEB-E4EB69BEF642} - http://pocasi.centrum.cz (file missing) (HKCU)
O9 - Extra button: Aktuálně - {E91AACF8-D00C-4982-8603-FB2B3C48A3C5} - http://aktualne.centrum.cz (file missing) (HKCU)
O9 - Extra button: Slovníky - {E9CCD142-736A-4B4D-AB46-5A5CE7F0E212} - http://slovniky.centrum.cz (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate1ca178c6370f38c) (gupdate1ca178c6370f38c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 11955 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
NMIndexStoreSvr.exe
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
NMIndexStoreSvr.exe
Naposledy upravil(a) jiruna dne 23 úno 2010 22:34, celkem upraveno 1 x.
-
Rudy
- Site Admin
- Příspěvky: 119409
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: NMIndexStoreSvr.exe
Dejte log z ComboFix. Kromě problému, který uvádíte, máte v PC i AdWare.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: NMIndexStoreSvr.exe
tak tady je log z kombofixu.Děkuji moc předem
ComboFix 10-02-23.02 - tatka 23.02.2010 22:41:07.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2943 [GMT 1:00]
Spuštěný z: c:\documents and settings\tatka\Plocha\brekeke.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Data
c:\windows\system32\SIntf16.dll
c:\windows\system32\vidx16.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-23 do 2010-02-23 )))))))))))))))))))))))))))))))
.
2010-02-23 21:35 . 2010-02-23 21:36 -------- d-----w- C:\brekeke
2010-02-23 21:35 . 2010-02-23 21:35 390144 ----a-w- c:\windows\system32\CF8142.exe
2010-02-23 21:24 . 2010-02-23 21:24 -------- d-----w- c:\program files\Trend Micro
2010-02-23 20:08 . 2010-02-23 20:08 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-07 13:28 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2010-02-07 13:28 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2010-02-07 13:28 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2010-02-07 13:28 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2010-02-07 13:28 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2010-02-07 13:28 . 2010-02-07 13:28 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-02-07 13:28 . 2010-02-07 13:28 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-02-07 13:28 . 2000-06-22 13:09 56320 ----a-r- c:\windows\system32\Iyvu9_32.dll
2010-02-07 13:28 . 2010-02-07 17:05 -------- d-----w- c:\program files\Centauri
2010-02-06 16:33 . 2010-02-06 16:34 -------- d-----w- c:\program files\The KMPlayer
2010-02-03 14:44 . 2010-02-03 14:44 -------- d-----w- c:\program files\oZone3D
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-23 20:06 . 2010-02-23 20:06 -------- d-----w- c:\program files\Abdio
2010-02-23 20:06 . 2010-02-23 20:06 -------- d-----w- c:\program files\Lavalys
2010-02-23 20:06 . 2010-02-23 20:06 -------- d-----w- c:\program files\Ask.com
2010-02-23 20:06 . 2008-12-21 12:43 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-02-23 20:06 . 2010-02-23 20:06 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-23 20:06 . 2010-02-13 11:13 -------- d-----w- c:\program files\Microprose
2010-02-23 17:15 . 2008-09-05 11:22 -------- d-----w- c:\program files\Call of Duty
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1FE.tmp
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1FD.tmp
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1FC.tmp
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1FB.tmp
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1FA.tmp
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1F9.tmp
2010-02-13 11:14 . 2008-09-02 17:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-08 08:02 . 2009-02-20 17:39 -------- d-----w- c:\program files\Disney Interactive
2010-02-07 18:53 . 2008-09-05 12:34 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-07 18:52 . 2008-09-05 12:34 202448 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-07 17:49 . 2008-10-15 13:35 -------- d-----w- c:\program files\Google
2010-02-06 16:30 . 2008-09-09 18:36 -------- d-----w- c:\program files\Webteh
2009-12-23 20:45 . 2001-10-25 14:00 533086 ----a-w- c:\windows\system32\perfh005.dat
2009-12-23 20:45 . 2001-10-25 14:00 110046 ----a-w- c:\windows\system32\perfc005.dat
2009-12-21 19:08 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2004-05-06 10:11 . 2008-09-19 01:56 777 ----a-w- c:\program files\trial_setup.ini
2004-05-06 10:11 . 2008-09-19 01:56 4289024 ----a-w- c:\program files\trial_setup.msi
2004-05-06 10:11 . 2008-09-19 01:56 40448 ----a-w- c:\program files\trial_setup.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 16:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-07 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"P17Helper"="P17.dll" [2005-05-03 64512]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\tatka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-9-20 1200128]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-19 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\eDonkey2000 Lite\\eDonkey2000.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Aspyr\\MTX\\Game\\MTX.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [24.1.2009 19:05 5248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 7:21 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 7:21 468224]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [24.1.2009 19:05 160640]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.8.2008 15:22 721904]
S2 gupdate1ca178c6370f38c;Služba Google Update (gupdate1ca178c6370f38c);c:\program files\Google\Update\GoogleUpdate.exe [7.8.2009 19:25 133104]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [25.10.2001 15:00 3584]
.
Obsah adresáře 'Naplánované úlohy'
2010-02-23 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8220206307.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
2009-02-17 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8226774210.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
2010-02-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-07 18:24]
2010-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 18:25]
2010-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 18:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\tatka\Data aplikací\Mozilla\Firefox\Profiles\06u9eah2.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage|http://www.seznam.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-HijackThis - c:\documents and settings\tatka\Local Settings\Temporary Internet Files\Content.IE5\BK0KQJDV\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-23 22:49
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-73586283-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*: Ú*u*]
@Class="Shell"
[HKEY_USERS\S-1-5-21-73586283-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*: Ú*u*\OpenWithList]
@Class="Shell"
"a"="Restoration.exe"
"MRUList"="a"
.
Celkový čas: 2010-02-23 22:52:19
ComboFix-quarantined-files.txt 2010-02-23 21:52
ComboFix2.txt 2010-02-23 13:05
ComboFix3.txt 2009-07-08 04:46
ComboFix4.txt 2009-07-08 04:08
ComboFix5.txt 2010-02-23 21:39
Před spuštěním: Volných bajtů: 17 429 364 736
Po spuštění: Volných bajtů: 17 427 107 840
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 8755ECEE3492279BA2315CFD0128DA76
ComboFix 10-02-23.02 - tatka 23.02.2010 22:41:07.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2943 [GMT 1:00]
Spuštěný z: c:\documents and settings\tatka\Plocha\brekeke.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Data
c:\windows\system32\SIntf16.dll
c:\windows\system32\vidx16.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-23 do 2010-02-23 )))))))))))))))))))))))))))))))
.
2010-02-23 21:35 . 2010-02-23 21:36 -------- d-----w- C:\brekeke
2010-02-23 21:35 . 2010-02-23 21:35 390144 ----a-w- c:\windows\system32\CF8142.exe
2010-02-23 21:24 . 2010-02-23 21:24 -------- d-----w- c:\program files\Trend Micro
2010-02-23 20:08 . 2010-02-23 20:08 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-07 13:28 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2010-02-07 13:28 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2010-02-07 13:28 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2010-02-07 13:28 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2010-02-07 13:28 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2010-02-07 13:28 . 2010-02-07 13:28 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-02-07 13:28 . 2010-02-07 13:28 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-02-07 13:28 . 2000-06-22 13:09 56320 ----a-r- c:\windows\system32\Iyvu9_32.dll
2010-02-07 13:28 . 2010-02-07 17:05 -------- d-----w- c:\program files\Centauri
2010-02-06 16:33 . 2010-02-06 16:34 -------- d-----w- c:\program files\The KMPlayer
2010-02-03 14:44 . 2010-02-03 14:44 -------- d-----w- c:\program files\oZone3D
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-23 20:06 . 2010-02-23 20:06 -------- d-----w- c:\program files\Abdio
2010-02-23 20:06 . 2010-02-23 20:06 -------- d-----w- c:\program files\Lavalys
2010-02-23 20:06 . 2010-02-23 20:06 -------- d-----w- c:\program files\Ask.com
2010-02-23 20:06 . 2008-12-21 12:43 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-02-23 20:06 . 2010-02-23 20:06 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-23 20:06 . 2010-02-13 11:13 -------- d-----w- c:\program files\Microprose
2010-02-23 17:15 . 2008-09-05 11:22 -------- d-----w- c:\program files\Call of Duty
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1FE.tmp
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1FD.tmp
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1FC.tmp
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1FB.tmp
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1FA.tmp
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1F9.tmp
2010-02-13 11:14 . 2008-09-02 17:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-08 08:02 . 2009-02-20 17:39 -------- d-----w- c:\program files\Disney Interactive
2010-02-07 18:53 . 2008-09-05 12:34 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-07 18:52 . 2008-09-05 12:34 202448 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-07 17:49 . 2008-10-15 13:35 -------- d-----w- c:\program files\Google
2010-02-06 16:30 . 2008-09-09 18:36 -------- d-----w- c:\program files\Webteh
2009-12-23 20:45 . 2001-10-25 14:00 533086 ----a-w- c:\windows\system32\perfh005.dat
2009-12-23 20:45 . 2001-10-25 14:00 110046 ----a-w- c:\windows\system32\perfc005.dat
2009-12-21 19:08 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2004-05-06 10:11 . 2008-09-19 01:56 777 ----a-w- c:\program files\trial_setup.ini
2004-05-06 10:11 . 2008-09-19 01:56 4289024 ----a-w- c:\program files\trial_setup.msi
2004-05-06 10:11 . 2008-09-19 01:56 40448 ----a-w- c:\program files\trial_setup.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 16:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-07 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"P17Helper"="P17.dll" [2005-05-03 64512]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\tatka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-9-20 1200128]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-19 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\eDonkey2000 Lite\\eDonkey2000.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Aspyr\\MTX\\Game\\MTX.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [24.1.2009 19:05 5248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 7:21 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 7:21 468224]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [24.1.2009 19:05 160640]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.8.2008 15:22 721904]
S2 gupdate1ca178c6370f38c;Služba Google Update (gupdate1ca178c6370f38c);c:\program files\Google\Update\GoogleUpdate.exe [7.8.2009 19:25 133104]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [25.10.2001 15:00 3584]
.
Obsah adresáře 'Naplánované úlohy'
2010-02-23 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8220206307.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
2009-02-17 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8226774210.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
2010-02-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-07 18:24]
2010-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 18:25]
2010-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 18:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\tatka\Data aplikací\Mozilla\Firefox\Profiles\06u9eah2.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage|http://www.seznam.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-HijackThis - c:\documents and settings\tatka\Local Settings\Temporary Internet Files\Content.IE5\BK0KQJDV\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-23 22:49
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-73586283-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*: Ú*u*]
@Class="Shell"
[HKEY_USERS\S-1-5-21-73586283-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*: Ú*u*\OpenWithList]
@Class="Shell"
"a"="Restoration.exe"
"MRUList"="a"
.
Celkový čas: 2010-02-23 22:52:19
ComboFix-quarantined-files.txt 2010-02-23 21:52
ComboFix2.txt 2010-02-23 13:05
ComboFix3.txt 2009-07-08 04:46
ComboFix4.txt 2009-07-08 04:08
ComboFix5.txt 2010-02-23 21:39
Před spuštěním: Volných bajtů: 17 429 364 736
Po spuštění: Volných bajtů: 17 427 107 840
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 8755ECEE3492279BA2315CFD0128DA76
Re: NMIndexStoreSvr.exe
nevím,jestli se moje prosba "neztratila v překladu".
prosím proto ještě jednou,zda by jste mi mohli poradit.Předem moc díky za odpověď
prosím proto ještě jednou,zda by jste mi mohli poradit.Předem moc díky za odpověď
-
Rudy
- Site Admin
- Příspěvky: 119409
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: NMIndexStoreSvr.exe
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Folder::
c:\program files\Ask.com
File::
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: NMIndexStoreSvr.exe
Moc děkuji a ještě pro kontrolu zde log.
Ještě jednou moc díky
ComboFix 10-02-24.01 - tatka 24.02.2010 20:44:44.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2830 [GMT 1:00]
Spuštěný z: c:\documents and settings\tatka\Plocha\brekeke.exe
Použité ovládací přepínače :: c:\documents and settings\tatka\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FILE ::
"c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-24 do 2010-02-24 )))))))))))))))))))))))))))))))
.
2010-02-24 19:35 . 2010-02-24 19:40 -------- d-----w- C:\brekeke10862b
2010-02-24 14:46 . 2010-02-24 14:46 5810 ----a-w- c:\windows\system32\drivers\ASACPI.sys
2010-02-24 14:46 . 2010-02-24 14:46 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-02-23 21:35 . 2010-02-23 21:36 -------- d-----w- C:\brekeke
2010-02-23 21:35 . 2010-02-23 21:35 390144 ----a-w- c:\windows\system32\CF8142.exe
2010-02-23 21:24 . 2010-02-23 21:24 -------- d-----w- c:\program files\Trend Micro
2010-02-23 20:08 . 2010-02-23 20:08 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-23 20:06 . 2010-02-23 20:06 -------- d-----w- c:\windows\system32\madll
2010-02-23 20:06 . 2010-02-23 20:06 -------- d-----w- c:\program files\Abdio
2010-02-23 20:06 . 2010-02-23 20:06 -------- d-----w- c:\program files\Lavalys
2010-02-23 20:06 . 2010-02-23 20:06 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-23 19:59 . 2010-02-23 20:05 -------- d-----w- C:\RECYCLER(3)
2010-02-13 11:13 . 2010-02-23 20:06 -------- d-----w- c:\program files\Microprose
2010-02-07 13:28 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2010-02-07 13:28 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2010-02-07 13:28 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2010-02-07 13:28 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2010-02-07 13:28 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2010-02-07 13:28 . 2010-02-07 13:28 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-02-07 13:28 . 2010-02-07 13:28 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-02-07 13:28 . 2000-06-22 13:09 56320 ----a-r- c:\windows\system32\Iyvu9_32.dll
2010-02-07 13:28 . 2010-02-07 17:05 -------- d-----w- c:\program files\Centauri
2010-02-06 16:33 . 2010-02-06 16:34 -------- d-----w- c:\program files\The KMPlayer
2010-02-03 14:44 . 2010-02-03 14:44 -------- d-----w- c:\program files\oZone3D
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-24 17:28 . 2008-09-05 11:22 -------- d-----w- c:\program files\Call of Duty
2010-02-24 16:32 . 2008-09-05 12:34 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-24 16:32 . 2008-09-05 12:34 202448 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-23 20:06 . 2008-12-21 12:43 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1FE.tmp
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1FD.tmp
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1FC.tmp
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1FB.tmp
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1FA.tmp
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1F9.tmp
2010-02-13 11:14 . 2008-09-02 17:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-08 08:02 . 2009-02-20 17:39 -------- d-----w- c:\program files\Disney Interactive
2010-02-07 17:49 . 2008-10-15 13:35 -------- d-----w- c:\program files\Google
2010-02-06 16:30 . 2008-09-09 18:36 -------- d-----w- c:\program files\Webteh
2009-12-31 16:50 . 2004-08-03 21:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-23 20:45 . 2001-10-25 14:00 533086 ----a-w- c:\windows\system32\perfh005.dat
2009-12-23 20:45 . 2001-10-25 14:00 110046 ----a-w- c:\windows\system32\perfc005.dat
2009-12-21 19:08 . 2004-08-17 13:49 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2007-04-24 18:57 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 2004-08-03 21:15 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-17 13:49 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2001-10-25 14:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2004-08-17 13:49 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 13:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2004-05-06 10:11 . 2008-09-19 01:56 777 ----a-w- c:\program files\trial_setup.ini
2004-05-06 10:11 . 2008-09-19 01:56 4289024 ----a-w- c:\program files\trial_setup.msi
2004-05-06 10:11 . 2008-09-19 01:56 40448 ----a-w- c:\program files\trial_setup.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-02-23_21.49.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-24 19:21 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
- 2007-04-24 19:21 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2004-08-17 15:49 . 2009-11-27 17:14 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2001-10-25 14:00 . 2009-11-27 16:09 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2004-08-17 15:49 . 2009-11-27 16:09 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-12-14 07:10 . 2009-12-14 07:10 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-06-10 14:15 . 2009-11-27 16:09 84992 c:\windows\system32\dllcache\avifil32.dll
- 2009-06-10 14:15 . 2009-06-10 14:15 84992 c:\windows\system32\dllcache\avifil32.dll
- 2007-04-24 21:15 . 2010-01-13 21:27 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-04-24 21:15 . 2010-02-24 19:19 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-04-24 21:15 . 2010-01-13 21:27 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-04-24 21:15 . 2010-02-24 19:19 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-04-24 21:15 . 2010-02-24 19:19 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-04-24 21:15 . 2010-01-13 21:27 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-11-27 17:14 . 2009-11-27 17:14 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2001-10-24 12:25 . 2009-11-27 16:09 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2004-08-17 13:49 . 2009-12-08 09:25 474112 c:\windows\system32\shlwapi.dll
- 2004-08-17 13:49 . 2008-04-14 06:51 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-17 13:49 . 2009-12-09 05:55 726528 c:\windows\system32\jscript.dll
- 2004-08-17 13:49 . 2009-06-22 06:48 726528 c:\windows\system32\jscript.dll
+ 2008-10-15 13:17 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
+ 2006-09-23 11:12 . 2009-12-08 09:25 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2006-09-23 11:12 . 2006-09-23 11:12 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-12-17 07:42 . 2009-12-17 07:42 343552 c:\windows\system32\dllcache\mspaint.exe
+ 2008-11-12 20:52 . 2009-12-04 18:22 455424 c:\windows\system32\dllcache\mrxsmb.sys
- 2006-10-17 11:00 . 2009-06-22 06:48 726528 c:\windows\system32\dllcache\jscript.dll
+ 2006-10-17 11:00 . 2009-12-09 05:55 726528 c:\windows\system32\dllcache\jscript.dll
+ 2007-04-24 21:15 . 2010-02-24 19:19 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-04-24 21:15 . 2010-01-13 21:27 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-04-24 21:15 . 2010-02-24 19:19 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2007-04-24 21:15 . 2010-01-13 21:27 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2007-04-24 21:15 . 2010-01-13 21:27 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-04-24 21:15 . 2010-02-24 19:19 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-04-24 21:15 . 2010-02-24 19:19 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2007-04-24 21:15 . 2010-01-13 21:27 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2007-04-24 21:15 . 2010-01-13 21:27 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2007-04-24 21:15 . 2010-02-24 19:19 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2007-04-24 21:15 . 2010-01-13 21:27 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-04-24 21:15 . 2010-02-24 19:19 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-04-24 21:15 . 2010-02-24 19:19 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2007-04-24 21:15 . 2010-01-13 21:27 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-02-24 19:22 . 2008-07-08 12:59 391032 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-02-24 19:22 . 2008-07-08 12:59 233848 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-02-24 19:22 . 2009-06-22 06:48 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2008-11-12 20:52 . 2009-12-04 18:22 455424 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-05-07 05:12 . 2009-11-27 17:14 1294336 c:\windows\system32\dllcache\quartz.dll
+ 2010-01-14 20:26 . 2010-01-14 20:26 5027840 c:\windows\Installer\47ffe.msp
- 2007-04-24 21:15 . 2010-01-13 21:27 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-04-24 21:15 . 2010-02-24 19:19 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-04-24 21:15 . 2010-01-13 21:27 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-04-24 21:15 . 2010-02-24 19:19 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-08-28 05:28 . 2010-02-01 19:26 30364104 c:\windows\system32\MRT.exe
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-07 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"P17Helper"="P17.dll" [2005-05-03 64512]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\tatka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-9-20 1200128]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-19 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\eDonkey2000 Lite\\eDonkey2000.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Aspyr\\MTX\\Game\\MTX.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [24.1.2009 19:05 5248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 7:21 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 7:21 468224]
S2 gupdate1ca178c6370f38c;Služba Google Update (gupdate1ca178c6370f38c);c:\program files\Google\Update\GoogleUpdate.exe [7.8.2009 19:25 133104]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [25.10.2001 15:00 3584]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [24.2.2010 15:46 23456]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [18.8.2005 7168]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [24.1.2009 19:05 160640]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.8.2008 15:22 721904]
.
Obsah adresáře 'Naplánované úlohy'
2010-02-23 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8220206307.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
2009-02-17 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8226774210.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
2010-02-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-07 18:24]
2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 18:25]
2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 18:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\tatka\Data aplikací\Mozilla\Firefox\Profiles\06u9eah2.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage|http://www.seznam.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-24 20:51
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-73586283-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*: Ú*u*]
@Class="Shell"
[HKEY_USERS\S-1-5-21-73586283-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*: Ú*u*\OpenWithList]
@Class="Shell"
"a"="Restoration.exe"
"MRUList"="a"
.
Celkový čas: 2010-02-24 20:53:26
ComboFix-quarantined-files.txt 2010-02-24 19:53
ComboFix2.txt 2010-02-23 21:52
ComboFix3.txt 2010-02-23 13:05
ComboFix4.txt 2009-07-08 04:46
ComboFix5.txt 2010-02-24 19:40
Před spuštěním: Volných bajtů: 17 191 116 800
Po spuštění: Volných bajtů: 17 180 897 280
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - C7E9782B3E12957497F8BEC0B72ED19F
Ještě jednou moc díky
ComboFix 10-02-24.01 - tatka 24.02.2010 20:44:44.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2830 [GMT 1:00]
Spuštěný z: c:\documents and settings\tatka\Plocha\brekeke.exe
Použité ovládací přepínače :: c:\documents and settings\tatka\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FILE ::
"c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-24 do 2010-02-24 )))))))))))))))))))))))))))))))
.
2010-02-24 19:35 . 2010-02-24 19:40 -------- d-----w- C:\brekeke10862b
2010-02-24 14:46 . 2010-02-24 14:46 5810 ----a-w- c:\windows\system32\drivers\ASACPI.sys
2010-02-24 14:46 . 2010-02-24 14:46 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-02-23 21:35 . 2010-02-23 21:36 -------- d-----w- C:\brekeke
2010-02-23 21:35 . 2010-02-23 21:35 390144 ----a-w- c:\windows\system32\CF8142.exe
2010-02-23 21:24 . 2010-02-23 21:24 -------- d-----w- c:\program files\Trend Micro
2010-02-23 20:08 . 2010-02-23 20:08 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-23 20:06 . 2010-02-23 20:06 -------- d-----w- c:\windows\system32\madll
2010-02-23 20:06 . 2010-02-23 20:06 -------- d-----w- c:\program files\Abdio
2010-02-23 20:06 . 2010-02-23 20:06 -------- d-----w- c:\program files\Lavalys
2010-02-23 20:06 . 2010-02-23 20:06 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-23 19:59 . 2010-02-23 20:05 -------- d-----w- C:\RECYCLER(3)
2010-02-13 11:13 . 2010-02-23 20:06 -------- d-----w- c:\program files\Microprose
2010-02-07 13:28 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2010-02-07 13:28 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2010-02-07 13:28 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2010-02-07 13:28 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2010-02-07 13:28 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2010-02-07 13:28 . 2010-02-07 13:28 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-02-07 13:28 . 2010-02-07 13:28 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-02-07 13:28 . 2000-06-22 13:09 56320 ----a-r- c:\windows\system32\Iyvu9_32.dll
2010-02-07 13:28 . 2010-02-07 17:05 -------- d-----w- c:\program files\Centauri
2010-02-06 16:33 . 2010-02-06 16:34 -------- d-----w- c:\program files\The KMPlayer
2010-02-03 14:44 . 2010-02-03 14:44 -------- d-----w- c:\program files\oZone3D
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-24 17:28 . 2008-09-05 11:22 -------- d-----w- c:\program files\Call of Duty
2010-02-24 16:32 . 2008-09-05 12:34 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-24 16:32 . 2008-09-05 12:34 202448 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-23 20:06 . 2008-12-21 12:43 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1FE.tmp
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1FD.tmp
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1FC.tmp
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1FB.tmp
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1FA.tmp
2010-02-13 11:18 . 2010-02-13 11:18 0 ----a-w- c:\windows\DXT1F9.tmp
2010-02-13 11:14 . 2008-09-02 17:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-08 08:02 . 2009-02-20 17:39 -------- d-----w- c:\program files\Disney Interactive
2010-02-07 17:49 . 2008-10-15 13:35 -------- d-----w- c:\program files\Google
2010-02-06 16:30 . 2008-09-09 18:36 -------- d-----w- c:\program files\Webteh
2009-12-31 16:50 . 2004-08-03 21:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-23 20:45 . 2001-10-25 14:00 533086 ----a-w- c:\windows\system32\perfh005.dat
2009-12-23 20:45 . 2001-10-25 14:00 110046 ----a-w- c:\windows\system32\perfc005.dat
2009-12-21 19:08 . 2004-08-17 13:49 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2007-04-24 18:57 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 2004-08-03 21:15 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-17 13:49 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2001-10-25 14:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2004-08-17 13:49 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 13:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2004-05-06 10:11 . 2008-09-19 01:56 777 ----a-w- c:\program files\trial_setup.ini
2004-05-06 10:11 . 2008-09-19 01:56 4289024 ----a-w- c:\program files\trial_setup.msi
2004-05-06 10:11 . 2008-09-19 01:56 40448 ----a-w- c:\program files\trial_setup.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-02-23_21.49.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-24 19:21 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
- 2007-04-24 19:21 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2004-08-17 15:49 . 2009-11-27 17:14 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2001-10-25 14:00 . 2009-11-27 16:09 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2004-08-17 15:49 . 2009-11-27 16:09 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-12-14 07:10 . 2009-12-14 07:10 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-06-10 14:15 . 2009-11-27 16:09 84992 c:\windows\system32\dllcache\avifil32.dll
- 2009-06-10 14:15 . 2009-06-10 14:15 84992 c:\windows\system32\dllcache\avifil32.dll
- 2007-04-24 21:15 . 2010-01-13 21:27 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-04-24 21:15 . 2010-02-24 19:19 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-04-24 21:15 . 2010-01-13 21:27 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-04-24 21:15 . 2010-02-24 19:19 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-04-24 21:15 . 2010-02-24 19:19 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-04-24 21:15 . 2010-01-13 21:27 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-11-27 17:14 . 2009-11-27 17:14 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2001-10-24 12:25 . 2009-11-27 16:09 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2004-08-17 13:49 . 2009-12-08 09:25 474112 c:\windows\system32\shlwapi.dll
- 2004-08-17 13:49 . 2008-04-14 06:51 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-17 13:49 . 2009-12-09 05:55 726528 c:\windows\system32\jscript.dll
- 2004-08-17 13:49 . 2009-06-22 06:48 726528 c:\windows\system32\jscript.dll
+ 2008-10-15 13:17 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
+ 2006-09-23 11:12 . 2009-12-08 09:25 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2006-09-23 11:12 . 2006-09-23 11:12 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-12-17 07:42 . 2009-12-17 07:42 343552 c:\windows\system32\dllcache\mspaint.exe
+ 2008-11-12 20:52 . 2009-12-04 18:22 455424 c:\windows\system32\dllcache\mrxsmb.sys
- 2006-10-17 11:00 . 2009-06-22 06:48 726528 c:\windows\system32\dllcache\jscript.dll
+ 2006-10-17 11:00 . 2009-12-09 05:55 726528 c:\windows\system32\dllcache\jscript.dll
+ 2007-04-24 21:15 . 2010-02-24 19:19 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-04-24 21:15 . 2010-01-13 21:27 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-04-24 21:15 . 2010-02-24 19:19 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2007-04-24 21:15 . 2010-01-13 21:27 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2007-04-24 21:15 . 2010-01-13 21:27 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-04-24 21:15 . 2010-02-24 19:19 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-04-24 21:15 . 2010-02-24 19:19 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2007-04-24 21:15 . 2010-01-13 21:27 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2007-04-24 21:15 . 2010-01-13 21:27 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2007-04-24 21:15 . 2010-02-24 19:19 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2007-04-24 21:15 . 2010-01-13 21:27 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-04-24 21:15 . 2010-02-24 19:19 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-04-24 21:15 . 2010-02-24 19:19 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2007-04-24 21:15 . 2010-01-13 21:27 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-02-24 19:22 . 2008-07-08 12:59 391032 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-02-24 19:22 . 2008-07-08 12:59 233848 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-02-24 19:22 . 2009-06-22 06:48 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2008-11-12 20:52 . 2009-12-04 18:22 455424 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-05-07 05:12 . 2009-11-27 17:14 1294336 c:\windows\system32\dllcache\quartz.dll
+ 2010-01-14 20:26 . 2010-01-14 20:26 5027840 c:\windows\Installer\47ffe.msp
- 2007-04-24 21:15 . 2010-01-13 21:27 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-04-24 21:15 . 2010-02-24 19:19 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-04-24 21:15 . 2010-01-13 21:27 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-04-24 21:15 . 2010-02-24 19:19 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-08-28 05:28 . 2010-02-01 19:26 30364104 c:\windows\system32\MRT.exe
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-07 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"P17Helper"="P17.dll" [2005-05-03 64512]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\tatka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-9-20 1200128]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-19 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\eDonkey2000 Lite\\eDonkey2000.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Aspyr\\MTX\\Game\\MTX.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [24.1.2009 19:05 5248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 7:21 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 7:21 468224]
S2 gupdate1ca178c6370f38c;Služba Google Update (gupdate1ca178c6370f38c);c:\program files\Google\Update\GoogleUpdate.exe [7.8.2009 19:25 133104]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [25.10.2001 15:00 3584]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [24.2.2010 15:46 23456]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [18.8.2005 7168]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [24.1.2009 19:05 160640]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.8.2008 15:22 721904]
.
Obsah adresáře 'Naplánované úlohy'
2010-02-23 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8220206307.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
2009-02-17 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8226774210.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
2010-02-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-07 18:24]
2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 18:25]
2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 18:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\tatka\Data aplikací\Mozilla\Firefox\Profiles\06u9eah2.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage|http://www.seznam.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-24 20:51
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-73586283-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*: Ú*u*]
@Class="Shell"
[HKEY_USERS\S-1-5-21-73586283-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*: Ú*u*\OpenWithList]
@Class="Shell"
"a"="Restoration.exe"
"MRUList"="a"
.
Celkový čas: 2010-02-24 20:53:26
ComboFix-quarantined-files.txt 2010-02-24 19:53
ComboFix2.txt 2010-02-23 21:52
ComboFix3.txt 2010-02-23 13:05
ComboFix4.txt 2009-07-08 04:46
ComboFix5.txt 2010-02-24 19:40
Před spuštěním: Volných bajtů: 17 191 116 800
Po spuštění: Volných bajtů: 17 180 897 280
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - C7E9782B3E12957497F8BEC0B72ED19F
-
Rudy
- Site Admin
- Příspěvky: 119409
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: NMIndexStoreSvr.exe
Log již vypadá čistý. Je vše v pořádku?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: NMIndexStoreSvr.exe
VŠE JE SUPER MOC A MOC DÍKY .
-
Rudy
- Site Admin
- Příspěvky: 119409
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: NMIndexStoreSvr.exe
Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?