Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosim o pomoc: win32/kryptik.daq

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
darylko
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 25 čer 2008 09:25

Prosim o pomoc: win32/kryptik.daq

#1 Příspěvek od darylko »

Prosim o pomoc. Muj antivirovy program detekoval virus win32/kryptik.daq.

Prosim Vas o pomoc, o zbaveni se tyhle havedi.

Prikladam log z RSIT
Dekuji moooc.

Logfile of random's system information tool 1.06 (written by random/random)
Run by 00066876 at 2010-03-16 10:10:58
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (23%) free of 57 GB
Total RAM: 2039 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:10, on 16.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zentiva VPN\VPNClient\cvpnd.exe
C:\WINDOWS\system32\dklog.exe
C:\WINDOWS\system32\dkvcm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\etlisrv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\dkcktkn.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Download\RSIT.exe
C:\Program Files\trend micro\00066876.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DKAXIEAddin Utility - {173FE404-6C61-489e-BCFF-E07C04D1C278} - C:\WINDOWS\system32\DKAXIEAddin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [DkStartup] C:\Program Files\SafeNet\BSecClient\dkstartup.exe
O4 - HKLM\..\Run: [AxMonitor] C:\Program Files\SafeNet\BSecClient\axmonitor.exe
O4 - HKLM\..\Run: [DKAXSvr.exe] C:\WINDOWS\system32\DKAXSvr.exe
O4 - HKLM\..\Run: [DkAutoReg] C:\Program Files\SafeNet\BSecClient\DkAutoReg.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: start.bat.lnk = C:\BATCH\start.bat
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Entrust.lnk = C:\WINDOWS\system32\etlitr50.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Zentiva Zentiva VPN přístup.lnk = C:\Program Files\Zentiva VPN\VPNClient\vpngui.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://www.adobe.com
O15 - ESC Trusted Zone: http://o.aolcdn.com
O15 - ESC Trusted Zone: http://cdn.atwola.com
O15 - ESC Trusted Zone: http://download.icq.com
O15 - ESC Trusted Zone: http://www.icq.com
O15 - ESC Trusted Zone: http://www.adobe.com (HKLM)
O15 - ESC Trusted Zone: http://o.aolcdn.com (HKLM)
O15 - ESC Trusted Zone: http://cdn.atwola.com (HKLM)
O15 - ESC Trusted Zone: http://download.icq.com (HKLM)
O15 - ESC Trusted Zone: http://www.icq.com (HKLM)
O16 - DPF: iLO 2 Remote Console Applet - https://pr1778i/dvc.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 1948029531
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1947809406
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C7648BB8-7FF5-4192-886A-6C542051A522} (HideCursorCtl Class) - https://fsnt1i/HideCursor.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nt1.zentiva.corp
O17 - HKLM\Software\..\Telephony: DomainName = nt1.zentiva.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nt1.zentiva.corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = nt1.zentiva.corp
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DkWLNP - C:\WINDOWS\SYSTEM32\DkWLNP.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Zentiva VPN\VPNClient\cvpnd.exe
O23 - Service: SafeNet Log Service (DkLogger) - SafeNet, Inc. - C:\WINDOWS\system32\dklog.exe
O23 - Service: SafeNet Token Service (DkTknSrv) - SafeNet, Inc. - C:\WINDOWS\system32\dkcktkn.exe
O23 - Service: SafeNet Virtual Channel Monitor (DkVcm) - SafeNet, Inc. - C:\WINDOWS\system32\dkvcm.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Entrust Login Interface (ELIService) - Entrust(R) - C:\WINDOWS\etlisrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate1c9e5aa4e4f7e0) (gupdate1c9e5aa4e4f7e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 14271 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{56E3CED2-D8DB-42C1-9D41-8FD43D50C50A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{173FE404-6C61-489e-BCFF-E07C04D1C278}]
DKAXIEAddinObj Class - C:\WINDOWS\system32\DKAXIEAddin.dll [2005-12-02 99880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"IntelZeroConfig"=C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [2009-02-27 1368064]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2009-02-27 1202448]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-14 815104]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-10-19 177456]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-11-16 88209]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-12-13 507904]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-07-08 576320]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2006-07-08 600896]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"ZSSnp211"=C:\WINDOWS\ZSSnp211.exe [2006-07-14 49152]
"Domino"=C:\WINDOWS\Domino.exe [2006-07-04 49152]
"DkStartup"=C:\Program Files\SafeNet\BSecClient\dkstartup.exe [2005-12-02 217088]
"AxMonitor"=C:\Program Files\SafeNet\BSecClient\axmonitor.exe [2005-12-02 454656]
"DKAXSvr.exe"=C:\WINDOWS\system32\DKAXSvr.exe [2005-12-02 577594]
"DkAutoReg"=C:\Program Files\SafeNet\BSecClient\DkAutoReg.exe [2005-12-02 249856]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2010-01-07 158448]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe [2009-10-26 753664]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entrust.lnk - C:\WINDOWS\system32\etlitr50.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
Zentiva Zentiva VPN přístup.lnk - C:\Program Files\Zentiva VPN\VPNClient\vpngui.exe

C:\Documents and Settings\00066876\Start Menu\Programs\Startup
start.bat.lnk - C:\BATCH\start.bat
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DkWLNP]
C:\WINDOWS\system32\DkWLNP.dll [2005-12-02 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLogonScripts"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\VMware\VMware Server\vmware-authd.exe"="C:\Program Files\VMware\VMware Server\vmware-authd.exe:*:Enabled:VMware Authd"
"C:\Program Files\VMware\VMware Server\vmware-hostd.exe"="C:\Program Files\VMware\VMware Server\vmware-hostd.exe:*:Enabled:VMware Hostd"

======List of files/folders created in the last 1 months======

2010-03-16 10:10:58 ----D---- C:\rsit
2010-03-16 10:10:58 ----D---- C:\Program Files\trend micro
2010-03-16 10:06:26 ----A---- C:\ComboFix.txt
2010-03-14 23:34:38 ----D---- C:\Config.Msi
2010-03-14 22:10:39 ----A---- C:\WINDOWS\MBR.exe
2010-03-14 21:45:25 ----A---- C:\WINDOWS\Brykoa.exe
2010-03-14 18:37:05 ----D---- C:\divx
2010-03-14 18:36:45 ----D---- C:\Documents and Settings\00066876\Application Data\DivX
2010-03-14 18:19:39 ----D---- C:\Program Files\Common Files\DivX Shared
2010-03-14 17:45:53 ----D---- C:\Program Files\WMV9_VCM
2010-03-14 17:45:37 ----D---- C:\Documents and Settings\All Users\Application Data\River Past G5
2010-03-14 17:45:37 ----D---- C:\Documents and Settings\00066876\Application Data\River Past G5
2010-03-10 11:16:47 ----D---- C:\Program Files\PC Connectivity Solution
2010-03-10 11:14:59 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2010-03-10 11:14:59 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2010-03-04 10:14:06 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-03-04 10:13:16 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-03-04 10:08:24 ----HDC---- C:\WINDOWS\$NtUninstallKB969084$
2010-03-04 10:05:51 ----D---- C:\WINDOWS\system32\winrm
2010-03-04 10:05:40 ----HDC---- C:\WINDOWS\$968930Uinstall_KB968930$
2010-03-04 10:05:34 ----D---- C:\WINDOWS\$NtUninstallKB968930$
2010-03-04 09:42:02 ----A---- C:\WINDOWS\system32\CcmFramework.ini
2010-03-04 09:39:39 ----D---- C:\WINDOWS\ms
2010-03-04 09:38:22 ----D---- C:\Program Files\Windows Imaging
2010-03-03 00:22:58 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$

======List of files/folders modified in the last 1 months======

2010-03-16 10:10:58 ----RD---- C:\Program Files
2010-03-16 10:10:32 ----A---- C:\WINDOWS\WINCMD.INI
2010-03-16 10:10:28 ----D---- C:\Download
2010-03-16 10:10:23 ----D---- C:\WINDOWS\Temp
2010-03-16 10:06:15 ----D---- C:\Qoobox
2010-03-16 10:01:45 ----AD---- C:\WINDOWS
2010-03-16 10:01:45 ----A---- C:\WINDOWS\system.ini
2010-03-16 09:59:23 ----D---- C:\WINDOWS\system32
2010-03-16 09:59:22 ----D---- C:\WINDOWS\system32\drivers
2010-03-16 09:59:22 ----D---- C:\WINDOWS\AppPatch
2010-03-16 09:59:18 ----D---- C:\Program Files\Common Files
2010-03-16 09:54:44 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-16 09:54:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-16 09:51:38 ----D---- C:\WINDOWS\security
2010-03-16 09:15:16 ----D---- C:\vypal
2010-03-16 09:06:12 ----D---- C:\Documents and Settings\00066876\Application Data\vlc
2010-03-15 17:43:52 ----A---- C:\WINDOWS\hpbafd.ini
2010-03-15 17:39:45 ----D---- C:\WINDOWS\Prefetch
2010-03-15 16:35:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-15 15:40:45 ----D---- C:\Documents and Settings\00066876\Application Data\VMware
2010-03-15 13:05:04 ----D---- C:\Temp
2010-03-15 00:03:13 ----A---- C:\WINDOWS\ModemLog_Axesstel USB Modem.txt
2010-03-15 00:02:47 ----D---- C:\Program Files\CCleaner
2010-03-14 23:54:45 ----SD---- C:\Documents and Settings\00066876\Application Data\Microsoft
2010-03-14 23:54:44 ----SHD---- C:\WINDOWS\Installer
2010-03-14 23:40:15 ----D---- C:\Program Files\VMware
2010-03-14 23:37:42 ----HD---- C:\WINDOWS\inf
2010-03-14 23:37:15 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2010-03-14 22:34:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-14 22:19:30 ----D---- C:\WINDOWS\system32\config
2010-03-14 22:19:09 ----D---- C:\WINDOWS\ERDNT
2010-03-14 22:18:34 ----SD---- C:\WINDOWS\Tasks
2010-03-14 18:20:31 ----D---- C:\Program Files\DivX
2010-03-13 12:08:34 ----A---- C:\WINDOWS\entrust.ini
2010-03-12 18:38:07 ----D---- C:\utils
2010-03-12 13:05:40 ----D---- C:\Documents and Settings\00066876\Application Data\dvdcss
2010-03-10 11:16:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-10 11:14:45 ----D---- C:\Program Files\Nokia
2010-03-10 11:08:41 ----D---- C:\Program Files\Common Files\Nokia
2010-03-10 11:07:22 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2010-03-04 10:15:15 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-04 10:13:38 ----D---- C:\Program Files\Windows Media Connect 2
2010-03-04 10:13:36 ----D---- C:\Program Files\Windows Media Player
2010-03-04 10:13:32 ----D---- C:\WINDOWS\Help
2010-03-04 10:13:29 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-04 10:13:24 ----RSD---- C:\WINDOWS\assembly
2010-03-04 10:08:55 ----A---- C:\WINDOWS\imsins.BAK
2010-03-04 10:08:31 ----D---- C:\WINDOWS\system32\en-us
2010-03-04 10:05:51 ----D---- C:\WINDOWS\system32\wbem
2010-03-04 09:44:47 ----A---- C:\WINDOWS\SMSCFG.ini
2010-03-04 09:42:58 ----D---- C:\WINDOWS\system32\ccmsetup
2010-03-04 09:42:25 ----D---- C:\WINDOWS\system32\CCM
2010-03-03 00:22:39 ----D---- C:\WINDOWS\ie8updates
2010-03-03 00:22:09 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-01 07:30:04 ----D---- C:\Program Files\Aktion
2010-02-23 23:22:43 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt
2010-02-17 09:58:03 ----D---- C:\Program Files\FastStone Capture
2010-02-17 08:19:17 ----SHD---- C:\WINDOWS\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 CVPNDRVA;Zentiva IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 ETFSDNT;Entrust File System Hook; \??\C:\WINDOWS\system32\etfsdrv.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2008-12-18 10384]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-08-13 11904]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2006-05-07 90688]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2010-01-07 40832]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-11-08 127744]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-16 1066278]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-12-10 187392]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-02-14 530861]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-02-14 30459]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-14 868298]
R3 catchme;catchme; \??\C:\DOCUME~1\00066876\LOCALS~1\Temp\catchme.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2003-07-24 139604]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2006-04-06 88192]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 iKeyEnum;Rainbow iKey Enumerator; C:\WINDOWS\system32\DRIVERS\ikeyenum.sys [2004-03-16 11464]
R3 iKeyIFD;Rainbow iKey Virtual Reader; C:\WINDOWS\system32\DRIVERS\ikeyifd.sys [2004-03-16 17928]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-08-17 35913]
R3 smsmdd;smsmdd; C:\WINDOWS\system32\DRIVERS\smsmdm.sys [2008-04-08 12448]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-10-13 259840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-11-14 199040]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2006-07-06 168448]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2008-01-07 2216064]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Axtmvflt;Axesstel USB Filter Service; C:\WINDOWS\system32\DRIVERS\Axtmvflt.sys [2007-09-20 3456]
S3 Axtmvmdm;Axesstel USB Modem; C:\WINDOWS\system32\DRIVERS\Axtmvmdm.sys [2007-09-20 40064]
S3 Axtmvprt;Axesstel Diagnostic Port; C:\WINDOWS\System32\Drivers\Axtmvprt.sys [2007-09-20 38784]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-02-14 149123]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2007-02-14 30285]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-02-14 67960]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 mbr;mbr; \??\C:\DOCUME~1\00066876\LOCALS~1\Temp\mbr.sys []
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-06-30 21760]
S3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\system32\CCM\prepdrv.sys []
S3 RnbToken;Rainbow iKey Token Service; C:\WINDOWS\system32\DRIVERS\rnbtoken.sys [2004-03-16 18536]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-03-31 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S3 ZSMC211;USB PC Camera (ZS211); C:\WINDOWS\System32\Drivers\ZS211.sys [2006-07-25 391791]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-06 266295]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Zentiva VPN\VPNClient\cvpnd.exe [2005-06-10 1422336]
R2 DkLogger;SafeNet Log Service; C:\WINDOWS\system32\dklog.exe [2005-12-02 106496]
R2 DkTknSrv;SafeNet Token Service; C:\WINDOWS\system32\dkcktkn.exe [2005-12-02 684032]
R2 DkVcm;SafeNet Virtual Channel Monitor; C:\WINDOWS\system32\dkvcm.exe [2005-12-02 122880]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 ELIService;Entrust Login Interface; C:\WINDOWS\etlisrv.exe [2004-03-25 28731]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-02-27 870672]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-02-27 473360]
R2 S24EventMonitor;Intel(R) PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2009-02-27 909312]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [2009-02-27 348160]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2010-01-07 58592]
S2 .EsetTrialReset;Eset Trial Reset; C:\WINDOWS\system32\regedt32.exe [2003-03-31 3584]
S2 gupdate1c9e5aa4e4f7e0;Služba Google Update (gupdate1c9e5aa4e4f7e0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-05 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-10 194032]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-05-14 272024]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2010-01-07 5950704]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2010-01-07 447216]
S4 CcmExec;SMS Agent Host; C:\WINDOWS\system32\CCM\CcmExec.exe [2009-09-18 764768]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 smstsmgr;SMS Task Sequence Agent; C:\WINDOWS\system32\CCM\TSManager.exe [2009-09-18 246624]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
earl
VIP
VIP
Příspěvky: 1279
Registrován: 14 pro 2005 20:59
Bydliště: Brno

Re: Prosim o pomoc: win32/kryptik.daq

#2 Příspěvek od earl »

Zdravim,

odinstalujte krekly NOD32 a nahradte jej nejakym free antivirem (Avast,Avira...)

Dalsi logy chci videt s jiz novym antivirem.

:arrow: CTETE POZORNE NAVOD,TENTO SOFT NETOLERUJE CHYBY V POSTUPU APLIKOVANI!

Klidne si nasledujici radky vytisknete,at vite,co se bude na obrazovce odehravat.

Budte prihlasen na pc s administratorskymi pravy.

stahnete a ulozte nejlepe na plochu ComboFix

v pripade,ze nepujde stranka nacist-stahnete odtud download , popr. nepujde ComboFix spustit - prejmenujte jej na grinder.com a postupujte dale dle instrukci.

hned po startu se zobrazi Zreknuti se prava zaruky na funkcnost software, pokracujte kliknutim na tlacitko Ano:

Obrázek

pote muze nasledovat upozorneni na nainstalovane emulatory CD mechanik,typicky Daemon Tools nebo Alcohol 120

Obrázek

odklepnout OK

Souhlasit s instalaci Recovery console(Konzola pro zotaveni)-nutno funkcni internet :!:

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: upozorneni: Vypnete rezidentni stit u antiviru a antispywaru a zakazte docasne firewall-ComboFix by nemusel fungovat korektne-pokud budete mit stity vypnute a Combofix zahlasi,ze nejsou,pokracujte dal a potvrdte.

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
ObrázekAKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ObrázekZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
ObrázekNEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
Obrázek Obrázek
Obrázek Obrázek
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Nahoru
darylko
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 25 čer 2008 09:25

Re: Prosim o pomoc: win32/kryptik.daq

#3 Příspěvek od darylko »

log z Combifix:
ComboFix 10-03-15.04 - Administrator 16.03.2010 12:56:50.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.2039.1602 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-16 do 2010-03-16 )))))))))))))))))))))))))))))))
.

2010-03-16 10:36 . 2010-03-16 10:36 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-03-16 10:29 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-16 10:29 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-16 10:29 . 2010-03-09 11:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-16 10:29 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-16 10:29 . 2010-03-09 11:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-16 10:29 . 2010-03-09 11:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-16 10:29 . 2010-03-09 11:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-16 10:28 . 2010-03-09 11:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-16 10:28 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-16 10:28 . 2010-03-16 10:28 -------- d-----w- c:\program files\Alwil Software
2010-03-16 10:28 . 2010-03-16 10:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-16 09:10 . 2010-03-16 09:11 -------- d-----w- C:\rsit
2010-03-16 09:10 . 2010-03-16 09:11 -------- d-----w- c:\program files\trend micro
2010-03-14 17:37 . 2010-03-14 23:22 -------- d-----w- C:\divx
2010-03-14 17:36 . 2010-03-14 17:36 -------- d-----w- c:\documents and settings\00066876\Application Data\DivX
2010-03-14 17:19 . 2010-03-14 17:19 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-14 16:45 . 2010-03-14 16:46 -------- d-----w- c:\program files\WMV9_VCM
2010-03-14 16:45 . 2010-03-14 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G5
2010-03-14 16:45 . 2010-03-14 16:45 -------- d-----w- c:\documents and settings\00066876\Application Data\River Past G5
2010-03-13 10:40 . 2010-03-13 10:40 -------- d-----w- c:\documents and settings\00066876\Local Settings\Application Data\MagicSoftware
2010-03-10 10:16 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-03-10 10:16 . 2010-03-10 10:16 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-10 10:15 . 2009-12-30 10:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-03-10 10:15 . 2009-12-30 10:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-03-10 10:15 . 2009-12-30 10:30 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-03-10 10:14 . 2010-01-21 13:53 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-03-10 10:14 . 2009-12-30 10:30 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-03-10 10:14 . 2009-10-06 10:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-03-10 10:08 . 2010-03-10 10:07 34815368 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\NokiaSoftwareUpdaterSetup_cs.exe
2010-03-10 10:07 . 2010-03-10 10:07 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\Installer\CommonCustomActions\msxml6Exec.exe
2010-03-10 10:07 . 2010-03-10 10:07 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\Installer\CommonCustomActions\Sleep.exe
2010-03-10 10:07 . 2010-03-10 10:07 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\Installer\CommonCustomActions\vcredistExec.exe
2010-03-04 09:05 . 2010-03-04 09:05 -------- d-----w- c:\windows\system32\winrm
2010-03-04 09:05 . 2010-03-04 09:06 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-03-04 08:39 . 2010-03-04 08:39 -------- d-----w- c:\windows\ms
2010-03-04 08:38 . 2010-03-04 08:38 -------- d-----w- c:\program files\Windows Imaging
2010-02-24 11:12 . 2010-02-24 11:12 7058472 ----a-w- c:\documents and settings\00066876\Application Data\Zoner\NLMDB\product.0032\autoupdate.cz\ZPS12_Update_Build07.exe
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-18 12:22 . 2009-02-13 19:02 11520 ----a-r- c:\windows\system32\drivers\wdcsam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 08:21 . 2010-03-16 08:21 65536 ---hatw- c:\documents and settings\00066876\~Osobní složky.pst.tmp
2010-03-16 08:06 . 2010-02-04 10:34 -------- d-----w- c:\documents and settings\00066876\Application Data\vlc
2010-03-15 14:40 . 2009-09-03 10:16 -------- d-----w- c:\documents and settings\00066876\Application Data\VMware
2010-03-14 23:02 . 2009-06-04 16:53 -------- d-----w- c:\program files\CCleaner
2010-03-14 22:40 . 2009-09-03 10:14 -------- d-----w- c:\program files\VMware
2010-03-14 22:37 . 2009-09-30 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-03-14 21:21 . 2009-10-08 11:35 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-03-14 17:20 . 2010-01-28 16:12 -------- d-----w- c:\program files\DivX
2010-03-12 12:05 . 2009-07-10 07:03 -------- d-----w- c:\documents and settings\00066876\Application Data\dvdcss
2010-03-10 10:14 . 2009-06-04 15:18 -------- d-----w- c:\program files\Nokia
2010-03-10 10:08 . 2010-02-02 10:30 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-10 10:07 . 2009-06-04 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-03-04 09:13 . 2009-06-04 16:34 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-01 06:30 . 2009-11-12 12:04 -------- d-----w- c:\program files\Aktion
2010-02-17 08:58 . 2009-06-09 14:46 -------- d-----w- c:\program files\FastStone Capture
2010-02-12 16:29 . 2009-09-17 08:06 -------- d-----w- c:\program files\Zune
2010-02-12 16:17 . 2009-06-04 11:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-11 14:22 . 2009-06-05 06:50 -------- d-----w- c:\program files\Google
2010-02-09 13:47 . 2010-02-09 13:47 -------- d-----w- c:\documents and settings\00066876\Application Data\ACD Systems
2010-02-09 13:44 . 2010-02-09 13:43 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-02-09 13:44 . 2010-02-09 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2010-02-09 13:43 . 2010-02-09 13:43 -------- d-----w- c:\program files\ACD Systems
2010-02-08 20:57 . 2010-02-08 20:52 7052368 ----a-w- c:\documents and settings\00066876\Application Data\Zoner\NLMDB\product.0032\autoupdate.cz\ZPS12_Update_Build06.exe
2010-02-02 10:30 . 2010-02-02 10:30 -------- d-----w- c:\program files\Common Files\PCSuite
2010-02-02 10:27 . 2010-02-02 10:27 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-02-02 10:27 . 2010-02-02 10:27 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-02-02 10:27 . 2010-02-02 10:27 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-02-02 10:27 . 2010-02-02 10:27 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-02-02 10:27 . 2010-02-02 10:28 34701512 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_cze_web[1].exe
2010-02-02 10:17 . 2009-06-04 15:19 -------- d-----w- c:\documents and settings\00066876\Application Data\Nokia
2010-02-02 09:54 . 2010-02-01 19:48 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-02-02 09:54 . 2010-02-01 19:48 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-02-02 09:53 . 2010-02-01 19:48 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-02-02 09:53 . 2010-02-01 19:48 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-02-02 09:53 . 2010-02-01 19:48 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-02-02 09:53 . 2010-02-01 19:48 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2010-02-02 09:52 . 2010-02-02 09:52 95992424 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_webinstaller_ALL[1].exe
2010-02-02 09:42 . 2009-07-17 09:07 -------- d-----w- c:\program files\Windows Live Safety Center
2010-02-02 09:41 . 2009-06-04 13:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-01 19:47 . 2009-11-30 06:49 -------- d-----w- c:\documents and settings\All Users\Application Data\OviInstallerCache
2010-02-01 19:47 . 2010-02-01 19:47 95992424 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_PCS_Update.exe
2010-01-24 21:26 . 2009-06-30 09:52 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-24 15:39 . 2009-06-05 07:04 -------- d-----w- c:\documents and settings\00066876\Application Data\Skype
2010-01-07 13:38 . 2010-01-07 13:38 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-01-07 13:38 . 2010-01-07 13:38 58592 ----a-w- c:\windows\system32\ZuneBusEnum.exe
2010-01-07 13:22 . 2009-09-01 22:29 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2010-01-07 13:22 . 2009-09-01 22:29 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2010-01-07 13:22 . 2009-09-01 22:29 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2010-01-07 13:22 . 2009-09-01 22:29 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll
2010-01-07 13:22 . 2009-09-01 22:29 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2010-01-07 13:22 . 2009-09-01 22:29 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2010-01-07 13:22 . 2009-09-01 22:28 40832 ----a-w- c:\windows\system32\drivers\zumbus.sys
2009-12-31 16:50 . 2003-03-31 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 10:30 . 2009-06-04 15:18 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-21 19:14 . 2003-03-31 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:59 . 2009-12-17 07:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-16 18:43 . 2009-06-04 07:39 343040 ----a-w- c:\windows\system32\mspaint.exe
2007-09-20 02:45 . 2009-06-05 22:00 90112 ----a-r- c:\program files\axesstel.dll
2007-09-20 02:45 . 2009-06-05 22:00 118784 ----a-r- c:\program files\MSP_Uninstall.exe
2006-02-27 17:00 . 2009-06-04 10:46 3262 ----a-w- c:\program files\HelpDesk.ico
.

((((((((((((((((((((((((((((( SnapShot_2010-03-16_09.01.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2010-03-16 11:55 . 2010-03-16 11:55 16384 c:\windows\Temp\Perflib_Perfdata_178.dat
- 2003-03-31 12:00 . 2010-03-15 15:35 73888 c:\windows\system32\perfc009.dat
+ 2003-03-31 12:00 . 2010-03-16 09:25 73888 c:\windows\system32\perfc009.dat
- 2003-03-31 12:00 . 2010-03-15 15:35 452074 c:\windows\system32\perfh009.dat
+ 2003-03-31 12:00 . 2010-03-16 09:25 452074 c:\windows\system32\perfh009.dat
+ 2010-03-16 10:29 . 2010-03-16 10:29 219648 c:\windows\Installer\18981f.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-02-27 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-27 1202448]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 815104]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"AGRSMMSG"="AGRSMMSG.exe" [2005-11-16 88209]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2006-07-14 49152]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
"DkStartup"="c:\program files\SafeNet\BSecClient\dkstartup.exe" [2005-12-02 217088]
"AxMonitor"="c:\program files\SafeNet\BSecClient\axmonitor.exe" [2005-12-02 454656]
"DKAXSvr.exe"="c:\windows\system32\DKAXSvr.exe" [2005-12-02 577594]
"DkAutoReg"="c:\program files\SafeNet\BSecClient\DkAutoReg.exe" [2005-12-02 249856]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\00066876\Start Menu\Programs\Startup\
start.bat.lnk - c:\batch\start.bat [2009-6-4 500]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Entrust.lnk - c:\windows\system32\etlitr50.exe [2009-6-16 53308]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-5 813584]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
Zentiva Zentiva VPN pýˇstup.lnk - c:\program files\Zentiva VPN\VPNClient\vpngui.exe [2009-6-16 1426424]

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DkWLNP]
2005-12-02 07:59 61440 ----a-w- c:\windows\system32\DkWLNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2963089401-4283054333-1430871042-4950\Scripts\Logon\0\0]
"Script"=usr_logon.cmd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16.3.2010 11:29 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.3.2010 11:29 19024]
R2 DkVcm;SafeNet Virtual Channel Monitor;c:\windows\system32\dkvcm.exe [2.12.2005 8:59 122880]
R2 ETFSDNT;Entrust File System Hook;c:\windows\system32\Etfsdrv.sys [25.3.2004 1:04 52224]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [5.6.2009 10:48 10384]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [4.6.2009 15:07 88192]
R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [16.6.2009 15:27 11464]
R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [16.6.2009 15:27 17928]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.6.2009 18:25 721904]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [31.3.2003 13:00 3584]
S2 gupdate1c9e5aa4e4f7e0;Služba Google Update (gupdate1c9e5aa4e4f7e0);c:\program files\Google\Update\GoogleUpdate.exe [5.6.2009 7:51 133104]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [5.6.2009 23:00 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [5.6.2009 23:00 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\axtmvprt.sys [5.6.2009 23:00 38784]
S3 RnbToken;Rainbow iKey Token Service;c:\windows\system32\drivers\RNBTOKEN.SYS [16.6.2009 15:27 18536]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [18.2.2010 13:22 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [31.3.2003 13:00 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'

2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-05 06:50]

2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-05 06:50]

2010-03-16 c:\windows\Tasks\User_Feed_Synchronization-{56E3CED2-D8DB-42C1-9D41-8FD43D50C50A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: gepro.cz\zentiva
DPF: iLO 2 Remote Console Applet - hxxps://pr1778i/dvc.cab
DPF: {C7648BB8-7FF5-4192-886A-6C542051A522} - hxxps://fsnt1i/HideCursor.cab
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-16 13:03
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-73586283-630328440-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,c9,3f,5a,bd,c4,f8,43,9a,c5,bf,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,c9,3f,5a,bd,c4,f8,43,9a,c5,bf,\

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\IWPDGINA.DLL
c:\program files\Intel\WiFi\bin\LangResources\ENU\SsoGnENU.dll
c:\windows\system32\DkWLNP.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Celkový čas: 2010-03-16 13:06:00
ComboFix-quarantined-files.txt 2010-03-16 12:05
ComboFix2.txt 2010-03-16 09:06
ComboFix3.txt 2009-07-14 07:17

Před spuštěním: 13 244 997 632 bytes free
Po spuštění: 13 207 486 464 bytes free

- - End Of File - - 387B2E0A844F37642BB53379D36E1CC4
Nahoru
darylko
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 25 čer 2008 09:25

Re: Prosim o pomoc: win32/kryptik.daq

#4 Příspěvek od darylko »

dobry den,

bude se to dat odstranit?
nevadi, ze jsem combofix poustel s jineho profilu (administrator)?

dekuji vam.
Nahoru
Uživatelský avatar
earl
VIP
VIP
Příspěvky: 1279
Registrován: 14 pro 2005 20:59
Bydliště: Brno

Re: Prosim o pomoc: win32/kryptik.daq

#5 Příspěvek od earl »

Nevadi.

:arrow:Otestujte na VIRUSTOTALu a JOTTISCANu

c:\batch\start.bat

(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledky sem vlozte)

Pokud skener napíše, že soubor již byl testován, dejte otestovat znovu.
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
ObrázekAKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ObrázekZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
ObrázekNEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
Obrázek Obrázek
Obrázek Obrázek
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Nahoru
darylko
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 25 čer 2008 09:25

Re: Prosim o pomoc: win32/kryptik.daq

#6 Příspěvek od darylko »

c:\batch\start.bat je muj script, a je v poradku.
Nahoru
Uživatelský avatar
earl
VIP
VIP
Příspěvky: 1279
Registrován: 14 pro 2005 20:59
Bydliště: Brno

Re: Prosim o pomoc: win32/kryptik.daq

#7 Příspěvek od earl »

Ok,jak se chova pc ted?
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
ObrázekAKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ObrázekZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
ObrázekNEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
Obrázek Obrázek
Obrázek Obrázek
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Nahoru
darylko
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 25 čer 2008 09:25

Re: Prosim o pomoc: win32/kryptik.daq

#8 Příspěvek od darylko »

spustil jsem jeste virus removal tool od Kaspersky a zatim PC se chova normalne.
budu to sledovat a kdyz tak se jeste ozvu.

zatim dekuji za pomoc.
Nahoru
Uživatelský avatar
earl
VIP
VIP
Příspěvky: 1279
Registrován: 14 pro 2005 20:59
Bydliště: Brno

Re: Prosim o pomoc: win32/kryptik.daq

#9 Příspěvek od earl »

:arrow: Start - spustit - napiste ComboFix /Uninstall - a klepnout na OK
-----------------------------------------------------------------------------------------------------------------
:arrow: Vycistete pc Ccleanerem.

Vzdy nejprve Analyzovat a pak Spustit Cleaner.2x po sobe.

Windows-odskrtnout historii a historii automatickeho vyplnovani formularu - prisel byste o historii navstivenych stranek a o ulozena hesla ve formularich

(je to sice z pohledu zabezpeceni spatne,ale aspon pak uzivatel nenadava,kam ze mu to zmizelo :D )

Aplikace-u prohlizecu internetu odskrtnout Historii internetu.

Registry-nechat vse zaskrtle,Hledej problemy,Opravit vybrane problemy

(nechat ho udelat zalohu-ta je ulozena v Dokumentech-DULEZITE).

Taktez 2x-3x po sobe.

A nemate zac.
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
ObrázekAKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ObrázekZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
ObrázekNEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
Obrázek Obrázek
Obrázek Obrázek
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Nahoru
darylko
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 25 čer 2008 09:25

Re: Prosim o pomoc: win32/kryptik.daq

#10 Příspěvek od darylko »

Dobry den,

porad pozoruji pomalost meho PC. Muzeme se jeste jednou na to podivat?
CCcleaner jsem zopar krat pustil, nasel klice pro .Net 1.0 odkazujici na chybejici sdilene DLL, ktere jsem dal odstranit z registru.
Samozrejme mam zalohu.

Dekuji.
Nahoru
Uživatelský avatar
earl
VIP
VIP
Příspěvky: 1279
Registrován: 14 pro 2005 20:59
Bydliště: Brno

Re: Prosim o pomoc: win32/kryptik.daq

#11 Příspěvek od earl »

:arrow: Pro zrychleni startu Windows stahnete a spustte program StartUpLite

Program vypise seznam zbytecnych programu spoustejicich se pri startu Windows .

K vypnuti spousteni techto programu zaskrtnete u prislusnych radku Disable a kliknete na Continue.

:arrow: Start - Vsechny programy - Prislusenstvi - Systemove nastroje - Defragmentace - a opakovane provest defrag disku C:

:arrow: Stahnete OTL

spustte, oznacte "Scan All Users,30days zmente na 7,kliknete na Run Scan,

po skonceni skenu sem vlozte obsah logu z OTL.txt.

:arrow: Stahnete GMER , rozbalte a spustte

probehne sken, po jehoz ukonceni na vas vyskoci vysledky

pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte

pote dle tohoto navodu

absolvujte druhy sken a opet obsah logu sem.
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
ObrázekAKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ObrázekZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
ObrázekNEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
Obrázek Obrázek
Obrázek Obrázek
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“