Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Rootkit , Zvukové zařízení neexistuje .
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Rootkit , Zvukové zařízení neexistuje .
E1:Jestliže budu muset po startu PC chvíly počkat , aby to šlapalo , tak to není taková tragédie , jako to , že mi nejde ten zvuk .. 
E2: V těch ovladačích je takové množstvý těch .exe souborů , že je možně že jsem naistaloval nějaký jiný .. Jinak si to nedokážu vysvětlit.
ComboFix 10-03-12.04 - uživatel 13.03.2010 17:00:27.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1570 [GMT 1:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 100313-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Dvbpws.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-13 do 2010-03-13 )))))))))))))))))))))))))))))))
.
2010-03-13 14:24 . 2010-03-13 14:55 -------- d-----w- c:\program files\DNA
2010-03-12 20:08 . 2010-03-12 20:11 -------- d-----w- c:\windows\system32\NtmsData
2010-03-12 18:33 . 2008-04-13 23:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-12 18:33 . 2008-04-13 23:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-12 18:32 . 2008-04-13 23:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-12 18:32 . 2008-04-13 23:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-12 18:32 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-12 18:32 . 2008-04-13 23:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-03-11 08:00 . 2010-03-11 08:00 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-02-18 17:47 . 2010-02-18 17:47 -------- d-----w- c:\program files\Ashampoo
2010-02-15 22:03 . 2010-02-24 10:11 -------- d-----w- c:\windows\ie8updates
2010-02-15 17:30 . 2009-12-21 19:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-15 17:30 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-15 10:27 . 2010-02-15 10:27 -------- dc-h--w- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-13 14:58 . 2001-10-25 14:00 63148 ----a-w- c:\windows\system32\perfc005.dat
2010-03-13 14:58 . 2001-10-25 14:00 382548 ----a-w- c:\windows\system32\perfh005.dat
2010-03-13 12:06 . 2009-08-05 15:44 -------- d-----w- c:\program files\trend micro
2010-02-18 17:29 . 2008-07-23 19:46 -------- d-----w- c:\program files\Nero
2010-02-18 17:29 . 2008-07-23 19:46 -------- d-----w- c:\program files\Common Files\Nero
2010-01-30 14:38 . 2009-07-12 17:41 -------- d-----w- c:\program files\ICQ6.5
2009-12-31 16:50 . 2004-08-03 21:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-07-06 15:19 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\uživatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-12-09 135664]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-03-13 323392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="NvMCTray.dll" [2008-05-16 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-10-09 90112]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-10-01 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-09 149280]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\u§ivatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
winesm32.exe [2008-4-14 29184]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BDRegion"=c:\program files\Cyberlink\Shared Files\brs.exe
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" -lang 1033
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe"
"JMB36X Configure"=c:\windows\system32\JMRaidTool.exe boot
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\wow 3.1.3\\Launcher.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\wow 3.1.3\\WoW-3.1.2.9901-to-3.1.3.9947-enGB-downloader.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\wow 3.1.3\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [13.7.2008 14:43 137216]
R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [13.7.2008 14:43 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13.7.2008 14:35 114768]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [20.12.2008 23:11 9856]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [27.6.2008 15:50 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.7.2008 14:35 20560]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [20.12.2008 23:11 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [20.12.2008 23:11 167040]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [20.12.2008 23:11 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [20.12.2008 23:11 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [20.12.2008 23:11 10496]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [20.12.2008 23:02 9446]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-03-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 07:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
IE: Download with &Shareaza - c:\program files\BearShare MP3\RazaWebHook.dll/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: {8CBBAF76-15A1-4DA4-AF64-382476C01308} = 172.16.0.254,72.48.116.2
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\2mkowgti.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-CTFMON - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-13 17:05
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\documents and settings\uživatel\Nabídka Start\Programy\Po spuštění\winesm32.exe 29184 bytes executable
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A278C48]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba91cf28
\Driver\ACPI -> ACPI.sys @ 0xba75dcb8
\Driver\atapi -> atapi.sys @ 0xba6ef852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller #2 -> SendCompleteHandler -> NDIS.sys @ 0xba5cabb0
PacketIndicateHandler -> NDIS.sys @ 0xba5d7a21
SendHandler -> NDIS.sys @ 0xba5b587b
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(1060)
c:\windows\system32\nvappfilter.dll
- - - - - - - > 'explorer.exe'(204)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\RunDLL32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2010-03-13 17:09:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-13 16:09
Před spuštěním: Volných bajtů: 14 640 877 568
Po spuštění: Volných bajtů: 14 697 836 544
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - DDD850FC8BBF596CA7239A65551E73A4
E2: V těch ovladačích je takové množstvý těch .exe souborů , že je možně že jsem naistaloval nějaký jiný .. Jinak si to nedokážu vysvětlit.
ComboFix 10-03-12.04 - uživatel 13.03.2010 17:00:27.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1570 [GMT 1:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 100313-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Dvbpws.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-13 do 2010-03-13 )))))))))))))))))))))))))))))))
.
2010-03-13 14:24 . 2010-03-13 14:55 -------- d-----w- c:\program files\DNA
2010-03-12 20:08 . 2010-03-12 20:11 -------- d-----w- c:\windows\system32\NtmsData
2010-03-12 18:33 . 2008-04-13 23:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-12 18:33 . 2008-04-13 23:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-12 18:32 . 2008-04-13 23:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-12 18:32 . 2008-04-13 23:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-12 18:32 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-12 18:32 . 2008-04-13 23:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-03-11 08:00 . 2010-03-11 08:00 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-02-18 17:47 . 2010-02-18 17:47 -------- d-----w- c:\program files\Ashampoo
2010-02-15 22:03 . 2010-02-24 10:11 -------- d-----w- c:\windows\ie8updates
2010-02-15 17:30 . 2009-12-21 19:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-15 17:30 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-15 10:27 . 2010-02-15 10:27 -------- dc-h--w- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-13 14:58 . 2001-10-25 14:00 63148 ----a-w- c:\windows\system32\perfc005.dat
2010-03-13 14:58 . 2001-10-25 14:00 382548 ----a-w- c:\windows\system32\perfh005.dat
2010-03-13 12:06 . 2009-08-05 15:44 -------- d-----w- c:\program files\trend micro
2010-02-18 17:29 . 2008-07-23 19:46 -------- d-----w- c:\program files\Nero
2010-02-18 17:29 . 2008-07-23 19:46 -------- d-----w- c:\program files\Common Files\Nero
2010-01-30 14:38 . 2009-07-12 17:41 -------- d-----w- c:\program files\ICQ6.5
2009-12-31 16:50 . 2004-08-03 21:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-07-06 15:19 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\uživatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-12-09 135664]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-03-13 323392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="NvMCTray.dll" [2008-05-16 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-10-09 90112]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-10-01 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-09 149280]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\u§ivatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
winesm32.exe [2008-4-14 29184]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BDRegion"=c:\program files\Cyberlink\Shared Files\brs.exe
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" -lang 1033
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe"
"JMB36X Configure"=c:\windows\system32\JMRaidTool.exe boot
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\wow 3.1.3\\Launcher.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\wow 3.1.3\\WoW-3.1.2.9901-to-3.1.3.9947-enGB-downloader.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\wow 3.1.3\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [13.7.2008 14:43 137216]
R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [13.7.2008 14:43 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13.7.2008 14:35 114768]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [20.12.2008 23:11 9856]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [27.6.2008 15:50 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.7.2008 14:35 20560]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [20.12.2008 23:11 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [20.12.2008 23:11 167040]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [20.12.2008 23:11 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [20.12.2008 23:11 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [20.12.2008 23:11 10496]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [20.12.2008 23:02 9446]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-03-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 07:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
IE: Download with &Shareaza - c:\program files\BearShare MP3\RazaWebHook.dll/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: {8CBBAF76-15A1-4DA4-AF64-382476C01308} = 172.16.0.254,72.48.116.2
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\2mkowgti.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-CTFMON - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-13 17:05
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\documents and settings\uživatel\Nabídka Start\Programy\Po spuštění\winesm32.exe 29184 bytes executable
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A278C48]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba91cf28
\Driver\ACPI -> ACPI.sys @ 0xba75dcb8
\Driver\atapi -> atapi.sys @ 0xba6ef852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller #2 -> SendCompleteHandler -> NDIS.sys @ 0xba5cabb0
PacketIndicateHandler -> NDIS.sys @ 0xba5d7a21
SendHandler -> NDIS.sys @ 0xba5b587b
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(1060)
c:\windows\system32\nvappfilter.dll
- - - - - - - > 'explorer.exe'(204)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\RunDLL32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2010-03-13 17:09:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-13 16:09
Před spuštěním: Volných bajtů: 14 640 877 568
Po spuštění: Volných bajtů: 14 697 836 544
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - DDD850FC8BBF596CA7239A65551E73A4
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Rootkit , Zvukové zařízení neexistuje .
Bohužel , nemám .. 
E:Ted jsem našel hromadu CD ... Ted jen , který je ono ?
E2: Nejaký Cd Driver : Multimedia a Internet .. To asi není ono co ? Nic jiného z tohole mě tu nenapadá ..
E:Ted jsem našel hromadu CD ... Ted jen , který je ono ?
E2: Nejaký Cd Driver : Multimedia a Internet .. To asi není ono co ? Nic jiného z tohole mě tu nenapadá ..
Naposledy upravil(a) krvik dne 13 bře 2010 17:49, celkem upraveno 1 x.
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Rootkit , Zvukové zařízení neexistuje .
Mělo by to být od ASUSu a mělo by tam být napsáno drivers.
inactive
Re: Rootkit , Zvukové zařízení neexistuje .
Od Asusu tu mám tohle : nForce 570 Series , VGA Driver
E: Jeste : media Launcher Surfing with ASUS motherboard
E2: CD sem nasel , ale je tu jeste vic slozek nez v tom souboru , co jste mi poslal .... Zase nevím , který .exe spustit ...
E: Jeste : media Launcher Surfing with ASUS motherboard
E2: CD sem nasel , ale je tu jeste vic slozek nez v tom souboru , co jste mi poslal .... Zase nevím , který .exe spustit ...
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Rootkit , Zvukové zařízení neexistuje .
CD by se nemělo otevřít, ale spustit. V tom by mělo být nějaké menu...
inactive
-
nejde_mi_zvuk
- Návštěvník
- Příspěvky: 1
- Registrován: 16 úno 2011 11:00
Re: Rootkit , Zvukové zařízení neexistuje .
ComboFix 11-02-15.04 - x 16.02.2011 10:31:58.1.2 - x86
Running from: c:\documents and settings\x\Plocha\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\HBLiteSA
c:\documents and settings\All Users\Data aplikací\HBLiteSA\HBLiteSA.dat
c:\documents and settings\All Users\Data aplikací\HBLiteSA\HBLiteSA_kyf.dat
c:\documents and settings\All Users\Data aplikací\HBLiteSA\HBLiteSAAbout.mht
c:\documents and settings\All Users\Data aplikací\HBLiteSA\HBLiteSAau.dat
c:\documents and settings\All Users\Data aplikací\HBLiteSA\HBLiteSAEULA.mht
c:\documents and settings\All Users\Nabídka Start\Programy\Hotbar
c:\documents and settings\All Users\Nabídka Start\Programy\Hotbar\About Hotbar.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\Hotbar\Hotbar Customer Support Center.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\Hotbar\Hotbar Uninstall Instructions.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\ShopperReports
c:\documents and settings\All Users\Nabídka Start\Programy\ShopperReports\About Us.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\ShopperReports\Customer Support.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\ShopperReports\ShopperReports Uninstall Instructions.lnk
c:\program files\HBLite
c:\program files\HBLite\bin\11.0.349.0\firefox\extensions\install.rdf
c:\program files\HBLite\bin\11.0.349.0\firefox\extensions\plugins\npclntax_HBLiteSA.dll
c:\program files\HBLite\bin\11.0.349.0\HBLiteSA.exe
c:\program files\HBLite\bin\11.0.349.0\HBLiteSAAX.dll
c:\program files\HBLite\bin\11.0.349.0\HBLiteSAHook.dll
c:\program files\HBLite\bin\11.0.349.0\HBLiteUninstaller.exe
c:\program files\HyperCam Toolbar\tbHElper.dll
c:\program files\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll
c:\program files\ShopperReports3
c:\program files\ShopperReports3\bin\3.1.22.0\BRNstIE.dll
c:\program files\ShopperReports3\bin\3.1.22.0\CmndFF.dll
c:\program files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll
c:\program files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt
c:\program files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.dll
c:\program files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.xpt
c:\program files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome.manifest
c:\program files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content\infopane.js
c:\program files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content\InfoPane.xul
c:\program files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\install.rdf
c:\program files\ShopperReports3\bin\3.1.22.0\link.ico
c:\program files\ShopperReports3\bin\3.1.22.0\moZIllaps.dll
c:\program files\ShopperReports3\bin\3.1.22.0\Pltfrm.dll
c:\program files\ShopperReports3\bin\3.1.22.0\ShopperReports.dll
c:\program files\ShopperReports3\bin\3.1.22.0\ShopperReportsUninstaller.exe
c:\windows\system\BisonC27.dll
c:\windows\system32\Desktop_.ini
c:\windows\regedit.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2011-01-16 to 2011-02-16 )))))))))))))))))))))))))))))))
.
2011-02-16 09:18 . 2011-02-16 09:18 -------- d-----w- C:\rsit
2011-02-16 09:18 . 2011-02-16 09:18 -------- d-----w- c:\program files\trend micro
2011-02-15 17:30 . 2011-02-15 17:30 -------- d-----w- c:\documents and settings\x\Data aplikací\GetRightToGo
2011-02-15 17:07 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2011-02-15 17:07 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2011-02-15 17:07 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2011-02-15 17:07 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2011-02-15 17:07 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-02-15 17:07 . 2011-02-15 17:07 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2011-02-15 17:07 . 2011-02-15 17:07 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2011-02-14 11:12 . 2011-02-14 11:35 -------- d-----w- c:\program files\Cheat Engine
2011-02-13 14:40 . 2011-02-13 14:40 158 ----a-w- c:\windows\x.reg
2011-02-12 09:14 . 2011-02-12 09:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DivX
2011-02-12 06:56 . 2011-02-12 06:56 -------- d-----w- c:\program files\Common Files\Skype
2011-02-05 14:47 . 2011-02-05 14:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2011-02-05 14:47 . 2011-02-05 14:47 -------- d-----w- c:\documents and settings\x\Data aplikací\HBLite
2011-02-05 14:46 . 2011-02-15 18:48 -------- d-----w- c:\documents and settings\x\Data aplikací\ShopperReports3
2011-01-29 17:24 . 2011-01-29 17:24 -------- d-----w- c:\program files\Zrychleni Pocitace
2011-01-29 17:24 . 2007-12-26 16:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2011-01-29 17:24 . 2009-11-03 13:07 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2011-01-29 17:23 . 2011-01-29 17:24 -------- d-----w- c:\documents and settings\x\Local Settings\Data aplikací\OpenCandy
2011-01-29 17:23 . 2011-01-29 17:23 -------- d-----w- c:\documents and settings\x\Data aplikací\OpenCandy
2011-01-29 17:19 . 2011-01-29 17:19 -------- d-----w- c:\documents and settings\x\Local Settings\Data aplikací\Opera
2011-01-29 17:19 . 2011-01-29 17:19 -------- d-----w- c:\program files\Opera
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
------- Sigcheck -------
[-] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\explorer.exe
[-] 2004-08-17 . 4D32D7FFC2F583FE21EF0A4F99EABB12 . 974848 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-17 . 4D32D7FFC2F583FE21EF0A4F99EABB12 . 974848 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2002-09-20 . 11D80755545CFB5EB9659EE88440EAE2 . 1004544 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2008-04-14 . 414AFE6E8CCDE984E16D5ED08624CEC6 . 93184 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\iexplore.exe
[-] 2004-08-17 . 92BCE607A8AEA8E7AEE2C15BC157D109 . 832512 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2002-09-20 . 64648D2C0606543B795103FFF6BF30A7 . 91136 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2010-10-18 3908192]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD0.dll" [2010-10-18 3908192]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\DVDVideoSoftTB\tbDVD0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\free-downloads.net\tbfre0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\BS_Player\tbBS_0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2010-10-18 3908192]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD0.dll" [2010-10-18 3908192]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2010-10-18 3908192]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD0.dll" [2010-10-18 3908192]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="d:\alcohol 120%\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"Google Update"="c:\documents and settings\x\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-10-23 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-06-02 102400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-02 858632]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- d:\kikove dokumenti\ICQ 7\ICQ7.2\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 16:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-10-24 13:07 327472 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"d:\\Games\\Bulanci.exe"=
"d:\\Games\\Unreal Tournament\\System\\UnrealTournament.exe"=
"d:\\Games\\TrackMania Nations ESWC Special Edition\\TmNationsESWC.exe"=
"d:\\Games\\F1 DELUX 2009\\F1 Delux 2009.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Counter-Strike 1.6 Patch Version 26\\hltv.exe"=
"d:\\KIKOVE DOKUMENTI\\ICQ 7\\ICQ7.2\\ICQ.exe"=
"d:\\KIKOVE DOKUMENTI\\ICQ 7\\ICQ7.2\\aolload.exe"=
"d:\\KIKOVE DOKUMENTI\\metin 2\\Metin2\\metin2client.bin"=
"d:\\Games\\Mass Effect\\Binaries\\MassEffect.exe"=
"d:\\Games\\Mass Effect\\MassEffectLauncher.exe"=
"d:\\KIKOVE DOKUMENTI\\counter strike 1.6 + patch\\hl.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\KIKOVE DOKUMENTI\\counter strike 1.6 + patch\\hlds.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\KIKOVE DOKUMENTI\\asi hari poter 7 prva cast\\Easy downloads\\EasyDownloads.exe"=
"d:\\KIKOVE DOKUMENTI\\asi hari poter 7 prva cast\\Easy downloads\\downloader.exe"=
"c:\\Documents and Settings\\x\\Dokumenty\\Downloads\\Metin2client.bin"=
"c:\\Documents and Settings\\x\\Plocha\\mertin united\\Metin2client.bin"=
R0 pe3aszab;Stronghold Crusader Extreme Environment Driver (pe3aszab);c:\windows\system32\drivers\pe3aszab.sys [8.9.2008 8:13 69272]
R0 pf2aszab;Stronghold Crusader Extreme File System Driver (pf2aszab);c:\windows\system32\drivers\pf2aszab.sys [8.9.2008 8:13 83608]
R0 ps7aszab;Stronghold Crusader Extreme Synchronization Driver (ps7aszab);c:\windows\system32\drivers\ps7aszab.sys [8.9.2008 8:12 68256]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.9.2010 14:20 697328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.1.2011 14:02 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.1.2011 14:02 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [5.1.2009 19:39 246520]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [1.7.2010 14:21 34896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 pr2aszab;Stronghold Crusader Extreme Drivers Auto Removal (pr2aszab);c:\windows\system32\pr2aszab.exe svc --> c:\windows\system32\pr2aszab.exe svc [?]
S3 cglptnt;cglptnt;c:\totalcmd\CGLPTNT.SYS [14.10.2008 10:37 7888]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [25.12.2009 21:11 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [25.12.2009 21:11 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [25.12.2009 21:11 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [25.12.2009 21:12 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [25.12.2009 21:11 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [25.12.2009 21:11 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [25.12.2009 21:12 109864]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Contents of the 'Scheduled Tasks' folder
2011-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.bigseekpro.com/hypercam/{A8509D9D-3 ... 50D4CF0AE2}
IE: &Download All using 4shared Desktop - d:\kikove dokumenti\4shared Desktop\down_all.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\x\Data aplikací\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\x\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\x\Data aplikací\Mozilla\Firefox\Profiles\s3w4dxem.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - %profile%\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
FF - Ext: HyperCamToolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - %profile%\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-HBLiteSA - c:\program files\HBLite\bin\11.0.349.0\HBLiteSA.exe
AddRemove-HBLiteSA - c:\program files\HBLite\bin\11.0.349.0\HBLiteUninstaller.exe
AddRemove-Valve_0 - d:\kikove dokumenti\ocuntry strike patch 44\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-16 10:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
"ImagePath"="net user %username% 1231234 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-436374069-630328440-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-436374069-630328440-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:4f,0f,38,b1,b7,99,c9,4d,eb,fb,8e,14,da,f2,87,2b,cc,08,65,43,2f,
84,ad,27,20,88,58,b7,62,ec,d0,15,15,4f,dc,c0,0f,a9,1f,5a,b7,35,ad,17,7f,13,\
"rkeysecu"=hex:73,5c,20,47,af,54,7a,b6,2a,c4,c0,62,ed,6a,4a,93
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2884)
c:\windows\system32\btmmhook.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\corel\Graphics8\programs\CMFFld80.dll
c:\windows\System32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\alcohol 120%\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\igfxext.exe
c:\documents and settings\x\Local Settings\Data aplikací\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\docume~1\x\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Completion time: 2011-02-16 10:51:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-16 09:50
Pre-Run: Volných bajtů: 36 973 809 664
Post-Run: Volných bajtů: 37 852 352 512
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - BFB5ECF1861980F8ADAE1B5080795007
Running from: c:\documents and settings\x\Plocha\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\HBLiteSA
c:\documents and settings\All Users\Data aplikací\HBLiteSA\HBLiteSA.dat
c:\documents and settings\All Users\Data aplikací\HBLiteSA\HBLiteSA_kyf.dat
c:\documents and settings\All Users\Data aplikací\HBLiteSA\HBLiteSAAbout.mht
c:\documents and settings\All Users\Data aplikací\HBLiteSA\HBLiteSAau.dat
c:\documents and settings\All Users\Data aplikací\HBLiteSA\HBLiteSAEULA.mht
c:\documents and settings\All Users\Nabídka Start\Programy\Hotbar
c:\documents and settings\All Users\Nabídka Start\Programy\Hotbar\About Hotbar.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\Hotbar\Hotbar Customer Support Center.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\Hotbar\Hotbar Uninstall Instructions.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\ShopperReports
c:\documents and settings\All Users\Nabídka Start\Programy\ShopperReports\About Us.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\ShopperReports\Customer Support.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\ShopperReports\ShopperReports Uninstall Instructions.lnk
c:\program files\HBLite
c:\program files\HBLite\bin\11.0.349.0\firefox\extensions\install.rdf
c:\program files\HBLite\bin\11.0.349.0\firefox\extensions\plugins\npclntax_HBLiteSA.dll
c:\program files\HBLite\bin\11.0.349.0\HBLiteSA.exe
c:\program files\HBLite\bin\11.0.349.0\HBLiteSAAX.dll
c:\program files\HBLite\bin\11.0.349.0\HBLiteSAHook.dll
c:\program files\HBLite\bin\11.0.349.0\HBLiteUninstaller.exe
c:\program files\HyperCam Toolbar\tbHElper.dll
c:\program files\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll
c:\program files\ShopperReports3
c:\program files\ShopperReports3\bin\3.1.22.0\BRNstIE.dll
c:\program files\ShopperReports3\bin\3.1.22.0\CmndFF.dll
c:\program files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll
c:\program files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt
c:\program files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.dll
c:\program files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.xpt
c:\program files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome.manifest
c:\program files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content\infopane.js
c:\program files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content\InfoPane.xul
c:\program files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\install.rdf
c:\program files\ShopperReports3\bin\3.1.22.0\link.ico
c:\program files\ShopperReports3\bin\3.1.22.0\moZIllaps.dll
c:\program files\ShopperReports3\bin\3.1.22.0\Pltfrm.dll
c:\program files\ShopperReports3\bin\3.1.22.0\ShopperReports.dll
c:\program files\ShopperReports3\bin\3.1.22.0\ShopperReportsUninstaller.exe
c:\windows\system\BisonC27.dll
c:\windows\system32\Desktop_.ini
c:\windows\regedit.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2011-01-16 to 2011-02-16 )))))))))))))))))))))))))))))))
.
2011-02-16 09:18 . 2011-02-16 09:18 -------- d-----w- C:\rsit
2011-02-16 09:18 . 2011-02-16 09:18 -------- d-----w- c:\program files\trend micro
2011-02-15 17:30 . 2011-02-15 17:30 -------- d-----w- c:\documents and settings\x\Data aplikací\GetRightToGo
2011-02-15 17:07 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2011-02-15 17:07 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2011-02-15 17:07 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2011-02-15 17:07 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2011-02-15 17:07 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-02-15 17:07 . 2011-02-15 17:07 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2011-02-15 17:07 . 2011-02-15 17:07 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2011-02-14 11:12 . 2011-02-14 11:35 -------- d-----w- c:\program files\Cheat Engine
2011-02-13 14:40 . 2011-02-13 14:40 158 ----a-w- c:\windows\x.reg
2011-02-12 09:14 . 2011-02-12 09:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DivX
2011-02-12 06:56 . 2011-02-12 06:56 -------- d-----w- c:\program files\Common Files\Skype
2011-02-05 14:47 . 2011-02-05 14:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2011-02-05 14:47 . 2011-02-05 14:47 -------- d-----w- c:\documents and settings\x\Data aplikací\HBLite
2011-02-05 14:46 . 2011-02-15 18:48 -------- d-----w- c:\documents and settings\x\Data aplikací\ShopperReports3
2011-01-29 17:24 . 2011-01-29 17:24 -------- d-----w- c:\program files\Zrychleni Pocitace
2011-01-29 17:24 . 2007-12-26 16:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2011-01-29 17:24 . 2009-11-03 13:07 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2011-01-29 17:23 . 2011-01-29 17:24 -------- d-----w- c:\documents and settings\x\Local Settings\Data aplikací\OpenCandy
2011-01-29 17:23 . 2011-01-29 17:23 -------- d-----w- c:\documents and settings\x\Data aplikací\OpenCandy
2011-01-29 17:19 . 2011-01-29 17:19 -------- d-----w- c:\documents and settings\x\Local Settings\Data aplikací\Opera
2011-01-29 17:19 . 2011-01-29 17:19 -------- d-----w- c:\program files\Opera
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
------- Sigcheck -------
[-] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\explorer.exe
[-] 2004-08-17 . 4D32D7FFC2F583FE21EF0A4F99EABB12 . 974848 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-17 . 4D32D7FFC2F583FE21EF0A4F99EABB12 . 974848 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2002-09-20 . 11D80755545CFB5EB9659EE88440EAE2 . 1004544 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2008-04-14 . 414AFE6E8CCDE984E16D5ED08624CEC6 . 93184 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\iexplore.exe
[-] 2004-08-17 . 92BCE607A8AEA8E7AEE2C15BC157D109 . 832512 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2002-09-20 . 64648D2C0606543B795103FFF6BF30A7 . 91136 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2010-10-18 3908192]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD0.dll" [2010-10-18 3908192]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\DVDVideoSoftTB\tbDVD0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\free-downloads.net\tbfre0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\BS_Player\tbBS_0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2010-10-18 3908192]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD0.dll" [2010-10-18 3908192]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2010-10-18 3908192]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD0.dll" [2010-10-18 3908192]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="d:\alcohol 120%\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"Google Update"="c:\documents and settings\x\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-10-23 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-06-02 102400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-02 858632]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- d:\kikove dokumenti\ICQ 7\ICQ7.2\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 16:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-10-24 13:07 327472 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"d:\\Games\\Bulanci.exe"=
"d:\\Games\\Unreal Tournament\\System\\UnrealTournament.exe"=
"d:\\Games\\TrackMania Nations ESWC Special Edition\\TmNationsESWC.exe"=
"d:\\Games\\F1 DELUX 2009\\F1 Delux 2009.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Counter-Strike 1.6 Patch Version 26\\hltv.exe"=
"d:\\KIKOVE DOKUMENTI\\ICQ 7\\ICQ7.2\\ICQ.exe"=
"d:\\KIKOVE DOKUMENTI\\ICQ 7\\ICQ7.2\\aolload.exe"=
"d:\\KIKOVE DOKUMENTI\\metin 2\\Metin2\\metin2client.bin"=
"d:\\Games\\Mass Effect\\Binaries\\MassEffect.exe"=
"d:\\Games\\Mass Effect\\MassEffectLauncher.exe"=
"d:\\KIKOVE DOKUMENTI\\counter strike 1.6 + patch\\hl.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\KIKOVE DOKUMENTI\\counter strike 1.6 + patch\\hlds.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\KIKOVE DOKUMENTI\\asi hari poter 7 prva cast\\Easy downloads\\EasyDownloads.exe"=
"d:\\KIKOVE DOKUMENTI\\asi hari poter 7 prva cast\\Easy downloads\\downloader.exe"=
"c:\\Documents and Settings\\x\\Dokumenty\\Downloads\\Metin2client.bin"=
"c:\\Documents and Settings\\x\\Plocha\\mertin united\\Metin2client.bin"=
R0 pe3aszab;Stronghold Crusader Extreme Environment Driver (pe3aszab);c:\windows\system32\drivers\pe3aszab.sys [8.9.2008 8:13 69272]
R0 pf2aszab;Stronghold Crusader Extreme File System Driver (pf2aszab);c:\windows\system32\drivers\pf2aszab.sys [8.9.2008 8:13 83608]
R0 ps7aszab;Stronghold Crusader Extreme Synchronization Driver (ps7aszab);c:\windows\system32\drivers\ps7aszab.sys [8.9.2008 8:12 68256]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.9.2010 14:20 697328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.1.2011 14:02 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.1.2011 14:02 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [5.1.2009 19:39 246520]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [1.7.2010 14:21 34896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 pr2aszab;Stronghold Crusader Extreme Drivers Auto Removal (pr2aszab);c:\windows\system32\pr2aszab.exe svc --> c:\windows\system32\pr2aszab.exe svc [?]
S3 cglptnt;cglptnt;c:\totalcmd\CGLPTNT.SYS [14.10.2008 10:37 7888]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [25.12.2009 21:11 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [25.12.2009 21:11 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [25.12.2009 21:11 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [25.12.2009 21:12 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [25.12.2009 21:11 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [25.12.2009 21:11 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [25.12.2009 21:12 109864]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Contents of the 'Scheduled Tasks' folder
2011-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.bigseekpro.com/hypercam/{A8509D9D-3 ... 50D4CF0AE2}
IE: &Download All using 4shared Desktop - d:\kikove dokumenti\4shared Desktop\down_all.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\x\Data aplikací\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\x\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\x\Data aplikací\Mozilla\Firefox\Profiles\s3w4dxem.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - %profile%\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
FF - Ext: HyperCamToolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - %profile%\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-HBLiteSA - c:\program files\HBLite\bin\11.0.349.0\HBLiteSA.exe
AddRemove-HBLiteSA - c:\program files\HBLite\bin\11.0.349.0\HBLiteUninstaller.exe
AddRemove-Valve_0 - d:\kikove dokumenti\ocuntry strike patch 44\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-16 10:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
"ImagePath"="net user %username% 1231234 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-436374069-630328440-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-436374069-630328440-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:4f,0f,38,b1,b7,99,c9,4d,eb,fb,8e,14,da,f2,87,2b,cc,08,65,43,2f,
84,ad,27,20,88,58,b7,62,ec,d0,15,15,4f,dc,c0,0f,a9,1f,5a,b7,35,ad,17,7f,13,\
"rkeysecu"=hex:73,5c,20,47,af,54,7a,b6,2a,c4,c0,62,ed,6a,4a,93
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2884)
c:\windows\system32\btmmhook.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\corel\Graphics8\programs\CMFFld80.dll
c:\windows\System32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\alcohol 120%\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\igfxext.exe
c:\documents and settings\x\Local Settings\Data aplikací\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\docume~1\x\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Completion time: 2011-02-16 10:51:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-16 09:50
Pre-Run: Volných bajtů: 36 973 809 664
Post-Run: Volných bajtů: 37 852 352 512
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - BFB5ECF1861980F8ADAE1B5080795007
Re: Rootkit , Zvukové zařízení neexistuje .
Zdravim, pekny den preji a vitam Vas u nas na foru 
Vazeny uzivateli nejde_mi_zvuk:
Zde
a omlouvam se kolegovi U_K za vstup 
Vazeny uzivateli nejde_mi_zvuk:
- Prectete si prosim pravidla fora
- Zalozte si sve nove tema v sekci reseni problemu - u nas plati ze kazdy uzivatel ma sve tema aby se to nepletlo - tam vlozte tento log z CombboFix a popiste svuj problem
- Nevypada to dobre, mate infikovane systemove soubory
Ale uvidime co se s tim bude dat delat - Ten Combofix nebyl zrovna nejlepsi napad, ale to Vam povim ve Vasem novem tematu
Zde
a omlouvam se kolegovi U_K za vstup "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?