MBR log:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys
kernel: MBR read successfully
user & kernel MBR OK
GMER log 1
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-02 17:15:41
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: D:\DOCUME~1\Macko\LOCALS~1\Temp\awxcyfoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
GMER log 2
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-02 19:47:03
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: D:\DOCUME~1\Macko\LOCALS~1\Temp\awxcyfoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAABC6C56]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAABC6B12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xAABC70C6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAABC6FF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAABC66E8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAABC6BEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAABC6628]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAABC668C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAABC6D0C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xAABC7194]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAABC6CCC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAABC6E4C]
SSDT \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB2F14320]
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 15F 804DBE30 4 Bytes CALL 77F87A9B
? D:\DOCUME~1\Macko\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.15 ----
.text D:\Program Files\Mozilla Firefox\firefox.exe[4668] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 D:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT D:\WINDOWS\system32\services.exe[1064] @ D:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00560002
IAT D:\WINDOWS\system32\services.exe[1064] @ D:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00560000
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x94 0xC8 0x39 0x3D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x26 0x8F 0xEB 0xD4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4D 0xE2 0x02 0x61 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x94 0xC8 0x39 0x3D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x26 0x8F 0xEB 0xD4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4D 0xE2 0x02 0x61 ...
---- EOF - GMER 1.0.15 ----
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
cidrive32.exe -log HJT
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: cidrive32.exe -log HJT
Tohle otestujte na http://www.virustotal.com/cs/ D:\WINDOWS\system32\ntoskrnl.exe
(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: cidrive32.exe -log HJT
No zatiaľ ide ako hodinky 
Veľmi pekne ďakujem za pomoc
Veľmi pekne ďakujem za pomoc
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: cidrive32.exe -log HJT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Macko at 2010-04-02 20:18:30
Systém Microsoft Windows XP Professional Service Pack 2
System drive D: has 13 GB (10%) free of 131 GB
Total RAM: 1023 MB (4% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:42, on 2. 4. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
D:\PROGRA~1\MANGOS~1\EasyPHP\Apache\bin\apache.exe
D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
D:\PROGRA~1\MANGOS~1\EasyPHP\Apache\bin\apache.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\PROGRA~1\MANGOS~1\EasyPHP\MySql\bin\mysqld.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\WISPTIS.EXE
G:\RSIT\RSIT.exe
G:\HJT\Macko.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zaparit.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - D:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - D:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OrderReminder] D:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [pdfFactory Dispatcher v3] "D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UVS10 Preload] D:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [avast5] D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CurseClient] D:\Program Files\Curse\CurseClient.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: MyVitalAgent.lnk = D:\Program Files\INS\VitalAgent\Program\VtlAgent.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apache2 - Apache Software Foundation - D:\PROGRA~1\MANGOS~1\EasyPHP\Apache\bin\apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9afd1e0e7928) (gupdate1c9afd1e0e7928) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - D:\PROGRA~1\MANGOS~1\EasyPHP\MySql\bin\mysqld.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Ventrilo - Unknown owner - D:\Program Files\VentSrv\ventrilo_svc.exe (file missing)
--
End of file - 7645 bytes
======Scheduled tasks folder======
D:\WINDOWS\tasks\AppleSoftwareUpdate.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - D:\Program Files\Java\jre6\bin\ssv.dll [2009-04-19 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-19 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-19 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
Fast Browser Search Toolbar Helper - D:\Program Files\Fast Browser Search\IE\FBStoolbar.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1BB22D38-A411-4B13-A746-C2A4F4EC7344} - Fast Browser Search Toolbar - D:\Program Files\Fast Browser Search\IE\FBStoolbar.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=D:\WINDOWS\SOUNDMAN.EXE [2005-04-15 77824]
"ATIPTA"=D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-06-28 344064]
"ATICCC"=D:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-06-29 32768]
"HP Software Update"=D:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]
"OrderReminder"=D:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [2005-03-18 98304]
"SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2009-04-19 136600]
"pdfFactory Dispatcher v3"=D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe [2008-03-05 516096]
"NeroFilterCheck"=D:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"QuickTime Task"=D:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]
"UVS10 Preload"=D:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [2006-03-07 36864]
"AdobeCS4ServiceManager"=D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"LogMeIn Hamachi Ui"=D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]
"avast5"=D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2769336]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CurseClient"=D:\Program Files\Curse\CurseClient.exe [2008-05-19 1400832]
"Skype"=D:\Program Files\Skype\Phone\Skype.exe [2009-06-02 24264488]
"SUPERAntiSpyware"=D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-04-01 2010864]
D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
ATI CATALYST System Tray.lnk - D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
AutoCAD Startup Accelerator.lnk - D:\Program Files\Common Files\Autodesk Shared\acstart16.exe
HP Image Zone Fast Start.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
MyVitalAgent.lnk - D:\Program Files\INS\VitalAgent\Program\VtlAgent.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2005-06-29 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\MaNGOS 5770\realmd.exe"="D:\Program Files\MaNGOS 5770\realmd.exe:*:Enabled:realmd"
"D:\Program Files\MaNGOS 5770\mangosd.exe"="D:\Program Files\MaNGOS 5770\mangosd.exe:*:Enabled:mangosd"
"D:\Program Files\Mozilla Firefox\firefox.exe"="D:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Program Files\MaNGOS 5770\EasyPHP\mysql\bin\mysqld.exe"="D:\Program Files\MaNGOS 5770\EasyPHP\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"D:\Program Files\MaNGOS 5770\EasyPHP\apache\bin\Apache.exe"="D:\Program Files\MaNGOS 5770\EasyPHP\apache\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"D:\Documents and Settings\Macko\Plocha\utorrent.exe"="D:\Documents and Settings\Macko\Plocha\utorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\TeamViewer\Version5\TeamViewer.exe"="D:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======File associations======
.scr - open - "D:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2010-04-02 16:42:59 ----SHD---- D:\RECYCLER
2010-04-02 15:58:14 ----A---- D:\ComboFix.txt
2010-04-02 13:58:45 ----A---- D:\WINDOWS\zip.exe
2010-04-02 13:58:45 ----A---- D:\WINDOWS\SWXCACLS.exe
2010-04-02 13:58:45 ----A---- D:\WINDOWS\SWSC.exe
2010-04-02 13:58:45 ----A---- D:\WINDOWS\SWREG.exe
2010-04-02 13:58:45 ----A---- D:\WINDOWS\sed.exe
2010-04-02 13:58:45 ----A---- D:\WINDOWS\PEV.exe
2010-04-02 13:58:45 ----A---- D:\WINDOWS\NIRCMD.exe
2010-04-02 13:58:45 ----A---- D:\WINDOWS\MBR.exe
2010-04-02 13:58:45 ----A---- D:\WINDOWS\grep.exe
2010-04-02 13:58:26 ----D---- D:\WINDOWS\ERDNT
2010-04-02 13:56:03 ----D---- D:\Qoobox
2010-04-02 13:07:15 ----D---- D:\rsit
2010-04-02 12:11:12 ----A---- D:\WINDOWS\system32\aswBoot.exe
2010-04-02 12:11:06 ----D---- D:\Program Files\Alwil Software
2010-04-02 12:11:06 ----D---- D:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-04-02 11:45:58 ----D---- D:\Documents and Settings\All Users\Data aplikací\PrevxCSI
2010-04-02 11:45:58 ----A---- D:\WINDOWS\wininit.ini
2010-04-02 10:16:52 ----D---- D:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-04-02 10:16:46 ----D---- D:\Program Files\SUPERAntiSpyware
2010-04-02 10:16:46 ----D---- D:\Documents and Settings\Macko\Data aplikací\SUPERAntiSpyware.com
2010-03-30 13:57:25 ----D---- D:\Program Files\LogMeIn Hamachi
2010-03-22 17:47:11 ----D---- D:\Documents and Settings\All Users\Data aplikací\MSScanAppDataDir
2010-03-20 14:17:24 ----D---- D:\Documents and Settings\All Users\Data aplikací\FLEXnet
2010-03-20 14:02:30 ----D---- D:\Program Files\Adobe Media Player
2010-03-20 14:00:31 ----D---- D:\Program Files\Common Files\Adobe AIR
2010-03-20 13:56:32 ----D---- D:\Program Files\Common Files\Macrovision Shared
2010-03-16 19:26:12 ----D---- D:\server c
2010-03-04 17:43:39 ----D---- D:\Half-Life
2010-03-03 00:46:10 ----D---- D:\Program Files\Vypinac
======List of files/folders modified in the last 1 months======
2010-04-02 20:18:38 ----D---- D:\WINDOWS\Prefetch
2010-04-02 20:13:47 ----D---- D:\WINDOWS\system32\CatRoot2
2010-04-02 17:17:15 ----D---- D:\WINDOWS\Temp
2010-04-02 17:03:01 ----D---- D:\Documents and Settings\Macko\Data aplikací\Skype
2010-04-02 17:02:56 ----D---- D:\WINDOWS
2010-04-02 17:02:37 ----D---- D:\Documents and Settings\Macko\Data aplikací\skypePM
2010-04-02 17:00:40 ----A---- D:\WINDOWS\SchedLgU.Txt
2010-04-02 16:49:51 ----D---- D:\WINDOWS\system32\NtmsData
2010-04-02 16:43:00 ----RD---- D:\Program Files
2010-04-02 16:41:43 ----D---- D:\WINDOWS\system32
2010-04-02 15:56:27 ----A---- D:\WINDOWS\system.ini
2010-04-02 15:53:47 ----D---- D:\WINDOWS\system32\drivers
2010-04-02 15:53:47 ----D---- D:\WINDOWS\AppPatch
2010-04-02 15:53:45 ----D---- D:\Program Files\Common Files
2010-04-02 14:10:10 ----D---- D:\WINDOWS\system32\config
2010-04-02 13:52:18 ----D---- D:\Documents and Settings\Macko\Data aplikací\uTorrent
2010-04-02 13:13:18 ----A---- D:\WINDOWS\NeroDigital.ini
2010-04-02 13:08:30 ----D---- D:\Program Files\Mozilla Firefox
2010-04-02 12:13:25 ----D---- D:\Program Files\Google
2010-04-02 12:11:20 ----SHD---- D:\WINDOWS\Installer
2010-04-02 12:11:20 ----D---- D:\Config.Msi
2010-04-02 12:11:19 ----D---- D:\WINDOWS\WinSxS
2010-04-02 10:16:28 ----D---- D:\Program Files\Common Files\Wise Installation Wizard
2010-04-01 00:12:00 ----D---- D:\Program Files\Wowcko
2010-03-31 19:50:11 ----D---- D:\WOW 243
2010-03-29 15:31:18 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2010-03-28 13:05:23 ----D---- D:\Program Files\Optimik
2010-03-27 13:55:09 ----D---- D:\Documents and Settings\Macko\Data aplikací\SQLyog
2010-03-27 13:45:34 ----D---- D:\wow old
2010-03-20 15:49:01 ----D---- D:\Documents and Settings\Macko\Data aplikací\Adobe
2010-03-20 14:45:34 ----D---- D:\Documents and Settings\All Users\Data aplikací\Adobe
2010-03-20 14:04:46 ----D---- D:\Program Files\Adobe
2010-03-20 14:03:28 ----D---- D:\Program Files\Common Files\Adobe
2010-03-20 14:01:58 ----RSD---- D:\WINDOWS\Fonts
2010-03-18 19:53:53 ----SD---- D:\Documents and Settings\Macko\Data aplikací\Microsoft
2010-03-17 18:17:16 ----D---- D:\Documents and Settings\Macko\Data aplikací\Mp3 Audio Editor
2010-03-16 18:03:04 ----D---- D:\DATA
2010-03-10 22:36:09 ----A---- D:\WINDOWS\LuminancesDlg.ini
2010-03-08 18:24:58 ----D---- D:\Documents and Settings\Macko\Data aplikací\AdobeUM
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; D:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 AmdK8;AMD Processor Driver; D:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;aswSP; D:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; D:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 SASDIFSV;SASDIFSV; \??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 0VsNdis08;VitalAgent Network Driver 8.1; \??\D:\Program Files\INS\VitalAgent\Program\VsNdis08.sys []
R2 adfs;adfs; D:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; D:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;avast! Standard Shield Support; D:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service; D:\WINDOWS\System32\Drivers\ousbehci.sys [2004-06-15 44928]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); D:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 aswRdr;aswRdr; D:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
R3 ati2mtag;ati2mtag; D:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2005-06-29 1241088]
R3 atinrvxx;ATI WDM Rage Theater Video; D:\WINDOWS\System32\DRIVERS\atinrvxx.sys [2004-08-04 105984]
R3 hamachi;Hamachi Network Interface; D:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 MVDCODEC;ATI WDM Specialized MVD Codec; D:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2004-08-04 13824]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support; D:\WINDOWS\System32\DRIVERS\ousb2hub.sys [2004-06-15 55808]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; D:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [2004-04-13 70144]
R3 SASENUM;SASENUM; \??\D:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 teamviewervpn;TeamViewer VPN Adapter; D:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088]
R3 usbhub;Rozbočovač umožnující USB2; D:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; D:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S1 kbdhid;Ovladač klávesnice standardu HID; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 0VsComm12;VitalAgent Serial Port Driver 12.4; \??\D:\Program Files\INS\VitalAgent\Program\VsComm12.sys []
S3 awxcyfoc;awxcyfoc; \??\D:\DOCUME~1\Macko\LOCALS~1\Temp\awxcyfoc.sys []
S3 catchme;catchme; \??\D:\DOCUME~1\Macko\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 dtscsi;dtscsi; D:\WINDOWS\System32\Drivers\dtscsi.sys [2008-06-07 223128]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mbr;mbr; \??\D:\DOCUME~1\Macko\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; D:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 se45bus;Sony Ericsson Device 069 driver (WDM); D:\WINDOWS\system32\DRIVERS\se45bus.sys [2006-11-30 61536]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; D:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; D:\WINDOWS\System32\Drivers\sptd.sys [2008-06-07 642560]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apache2;Apache2; D:\PROGRA~1\MANGOS~1\EasyPHP\Apache\bin\apache.exe [2006-07-27 20539]
R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\System32\Ati2evxx.exe [2005-06-29 376832]
R2 avast! Antivirus;avast! Antivirus; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; D:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2009-04-19 152984]
R2 MDM;Machine Debug Manager; D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MySQL;MySQL; D:\PROGRA~1\MANGOS~1\EasyPHP\MySql\bin\mysqld.exe [2006-10-22 4493312]
R2 PnkBstrA;PnkBstrA; D:\WINDOWS\system32\PnkBstrA.exe [2009-07-22 75064]
R2 UleadBurningHelper;Ulead Burning Helper; D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R3 avast! Mail Scanner;avast! Mail Scanner; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 avast! Web Scanner;avast! Web Scanner; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
S2 ATI Smart;ATI Smart; D:\WINDOWS\system32\ati2sgag.exe [2005-06-28 516096]
S2 gupdate1c9afd1e0e7928;Google Update Service (gupdate1c9afd1e0e7928); D:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-28 133104]
S2 Ventrilo;Ventrilo; D:\Program Files\VentSrv\ventrilo_svc.exe []
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-09-05 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-20 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; d:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
-----------------EOF-----------------
Run by Macko at 2010-04-02 20:18:30
Systém Microsoft Windows XP Professional Service Pack 2
System drive D: has 13 GB (10%) free of 131 GB
Total RAM: 1023 MB (4% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:42, on 2. 4. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
D:\PROGRA~1\MANGOS~1\EasyPHP\Apache\bin\apache.exe
D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
D:\PROGRA~1\MANGOS~1\EasyPHP\Apache\bin\apache.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\PROGRA~1\MANGOS~1\EasyPHP\MySql\bin\mysqld.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\WISPTIS.EXE
G:\RSIT\RSIT.exe
G:\HJT\Macko.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zaparit.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - D:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - D:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OrderReminder] D:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [pdfFactory Dispatcher v3] "D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UVS10 Preload] D:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [avast5] D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CurseClient] D:\Program Files\Curse\CurseClient.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: MyVitalAgent.lnk = D:\Program Files\INS\VitalAgent\Program\VtlAgent.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apache2 - Apache Software Foundation - D:\PROGRA~1\MANGOS~1\EasyPHP\Apache\bin\apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9afd1e0e7928) (gupdate1c9afd1e0e7928) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - D:\PROGRA~1\MANGOS~1\EasyPHP\MySql\bin\mysqld.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Ventrilo - Unknown owner - D:\Program Files\VentSrv\ventrilo_svc.exe (file missing)
--
End of file - 7645 bytes
======Scheduled tasks folder======
D:\WINDOWS\tasks\AppleSoftwareUpdate.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - D:\Program Files\Java\jre6\bin\ssv.dll [2009-04-19 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-19 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-19 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
Fast Browser Search Toolbar Helper - D:\Program Files\Fast Browser Search\IE\FBStoolbar.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1BB22D38-A411-4B13-A746-C2A4F4EC7344} - Fast Browser Search Toolbar - D:\Program Files\Fast Browser Search\IE\FBStoolbar.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=D:\WINDOWS\SOUNDMAN.EXE [2005-04-15 77824]
"ATIPTA"=D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-06-28 344064]
"ATICCC"=D:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-06-29 32768]
"HP Software Update"=D:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]
"OrderReminder"=D:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [2005-03-18 98304]
"SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2009-04-19 136600]
"pdfFactory Dispatcher v3"=D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe [2008-03-05 516096]
"NeroFilterCheck"=D:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"QuickTime Task"=D:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]
"UVS10 Preload"=D:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [2006-03-07 36864]
"AdobeCS4ServiceManager"=D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"LogMeIn Hamachi Ui"=D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]
"avast5"=D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2769336]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CurseClient"=D:\Program Files\Curse\CurseClient.exe [2008-05-19 1400832]
"Skype"=D:\Program Files\Skype\Phone\Skype.exe [2009-06-02 24264488]
"SUPERAntiSpyware"=D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-04-01 2010864]
D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
ATI CATALYST System Tray.lnk - D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
AutoCAD Startup Accelerator.lnk - D:\Program Files\Common Files\Autodesk Shared\acstart16.exe
HP Image Zone Fast Start.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
MyVitalAgent.lnk - D:\Program Files\INS\VitalAgent\Program\VtlAgent.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2005-06-29 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\MaNGOS 5770\realmd.exe"="D:\Program Files\MaNGOS 5770\realmd.exe:*:Enabled:realmd"
"D:\Program Files\MaNGOS 5770\mangosd.exe"="D:\Program Files\MaNGOS 5770\mangosd.exe:*:Enabled:mangosd"
"D:\Program Files\Mozilla Firefox\firefox.exe"="D:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Program Files\MaNGOS 5770\EasyPHP\mysql\bin\mysqld.exe"="D:\Program Files\MaNGOS 5770\EasyPHP\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"D:\Program Files\MaNGOS 5770\EasyPHP\apache\bin\Apache.exe"="D:\Program Files\MaNGOS 5770\EasyPHP\apache\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"D:\Documents and Settings\Macko\Plocha\utorrent.exe"="D:\Documents and Settings\Macko\Plocha\utorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\TeamViewer\Version5\TeamViewer.exe"="D:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======File associations======
.scr - open - "D:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2010-04-02 16:42:59 ----SHD---- D:\RECYCLER
2010-04-02 15:58:14 ----A---- D:\ComboFix.txt
2010-04-02 13:58:45 ----A---- D:\WINDOWS\zip.exe
2010-04-02 13:58:45 ----A---- D:\WINDOWS\SWXCACLS.exe
2010-04-02 13:58:45 ----A---- D:\WINDOWS\SWSC.exe
2010-04-02 13:58:45 ----A---- D:\WINDOWS\SWREG.exe
2010-04-02 13:58:45 ----A---- D:\WINDOWS\sed.exe
2010-04-02 13:58:45 ----A---- D:\WINDOWS\PEV.exe
2010-04-02 13:58:45 ----A---- D:\WINDOWS\NIRCMD.exe
2010-04-02 13:58:45 ----A---- D:\WINDOWS\MBR.exe
2010-04-02 13:58:45 ----A---- D:\WINDOWS\grep.exe
2010-04-02 13:58:26 ----D---- D:\WINDOWS\ERDNT
2010-04-02 13:56:03 ----D---- D:\Qoobox
2010-04-02 13:07:15 ----D---- D:\rsit
2010-04-02 12:11:12 ----A---- D:\WINDOWS\system32\aswBoot.exe
2010-04-02 12:11:06 ----D---- D:\Program Files\Alwil Software
2010-04-02 12:11:06 ----D---- D:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-04-02 11:45:58 ----D---- D:\Documents and Settings\All Users\Data aplikací\PrevxCSI
2010-04-02 11:45:58 ----A---- D:\WINDOWS\wininit.ini
2010-04-02 10:16:52 ----D---- D:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-04-02 10:16:46 ----D---- D:\Program Files\SUPERAntiSpyware
2010-04-02 10:16:46 ----D---- D:\Documents and Settings\Macko\Data aplikací\SUPERAntiSpyware.com
2010-03-30 13:57:25 ----D---- D:\Program Files\LogMeIn Hamachi
2010-03-22 17:47:11 ----D---- D:\Documents and Settings\All Users\Data aplikací\MSScanAppDataDir
2010-03-20 14:17:24 ----D---- D:\Documents and Settings\All Users\Data aplikací\FLEXnet
2010-03-20 14:02:30 ----D---- D:\Program Files\Adobe Media Player
2010-03-20 14:00:31 ----D---- D:\Program Files\Common Files\Adobe AIR
2010-03-20 13:56:32 ----D---- D:\Program Files\Common Files\Macrovision Shared
2010-03-16 19:26:12 ----D---- D:\server c
2010-03-04 17:43:39 ----D---- D:\Half-Life
2010-03-03 00:46:10 ----D---- D:\Program Files\Vypinac
======List of files/folders modified in the last 1 months======
2010-04-02 20:18:38 ----D---- D:\WINDOWS\Prefetch
2010-04-02 20:13:47 ----D---- D:\WINDOWS\system32\CatRoot2
2010-04-02 17:17:15 ----D---- D:\WINDOWS\Temp
2010-04-02 17:03:01 ----D---- D:\Documents and Settings\Macko\Data aplikací\Skype
2010-04-02 17:02:56 ----D---- D:\WINDOWS
2010-04-02 17:02:37 ----D---- D:\Documents and Settings\Macko\Data aplikací\skypePM
2010-04-02 17:00:40 ----A---- D:\WINDOWS\SchedLgU.Txt
2010-04-02 16:49:51 ----D---- D:\WINDOWS\system32\NtmsData
2010-04-02 16:43:00 ----RD---- D:\Program Files
2010-04-02 16:41:43 ----D---- D:\WINDOWS\system32
2010-04-02 15:56:27 ----A---- D:\WINDOWS\system.ini
2010-04-02 15:53:47 ----D---- D:\WINDOWS\system32\drivers
2010-04-02 15:53:47 ----D---- D:\WINDOWS\AppPatch
2010-04-02 15:53:45 ----D---- D:\Program Files\Common Files
2010-04-02 14:10:10 ----D---- D:\WINDOWS\system32\config
2010-04-02 13:52:18 ----D---- D:\Documents and Settings\Macko\Data aplikací\uTorrent
2010-04-02 13:13:18 ----A---- D:\WINDOWS\NeroDigital.ini
2010-04-02 13:08:30 ----D---- D:\Program Files\Mozilla Firefox
2010-04-02 12:13:25 ----D---- D:\Program Files\Google
2010-04-02 12:11:20 ----SHD---- D:\WINDOWS\Installer
2010-04-02 12:11:20 ----D---- D:\Config.Msi
2010-04-02 12:11:19 ----D---- D:\WINDOWS\WinSxS
2010-04-02 10:16:28 ----D---- D:\Program Files\Common Files\Wise Installation Wizard
2010-04-01 00:12:00 ----D---- D:\Program Files\Wowcko
2010-03-31 19:50:11 ----D---- D:\WOW 243
2010-03-29 15:31:18 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2010-03-28 13:05:23 ----D---- D:\Program Files\Optimik
2010-03-27 13:55:09 ----D---- D:\Documents and Settings\Macko\Data aplikací\SQLyog
2010-03-27 13:45:34 ----D---- D:\wow old
2010-03-20 15:49:01 ----D---- D:\Documents and Settings\Macko\Data aplikací\Adobe
2010-03-20 14:45:34 ----D---- D:\Documents and Settings\All Users\Data aplikací\Adobe
2010-03-20 14:04:46 ----D---- D:\Program Files\Adobe
2010-03-20 14:03:28 ----D---- D:\Program Files\Common Files\Adobe
2010-03-20 14:01:58 ----RSD---- D:\WINDOWS\Fonts
2010-03-18 19:53:53 ----SD---- D:\Documents and Settings\Macko\Data aplikací\Microsoft
2010-03-17 18:17:16 ----D---- D:\Documents and Settings\Macko\Data aplikací\Mp3 Audio Editor
2010-03-16 18:03:04 ----D---- D:\DATA
2010-03-10 22:36:09 ----A---- D:\WINDOWS\LuminancesDlg.ini
2010-03-08 18:24:58 ----D---- D:\Documents and Settings\Macko\Data aplikací\AdobeUM
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; D:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 AmdK8;AMD Processor Driver; D:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;aswSP; D:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; D:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 SASDIFSV;SASDIFSV; \??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 0VsNdis08;VitalAgent Network Driver 8.1; \??\D:\Program Files\INS\VitalAgent\Program\VsNdis08.sys []
R2 adfs;adfs; D:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; D:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;avast! Standard Shield Support; D:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service; D:\WINDOWS\System32\Drivers\ousbehci.sys [2004-06-15 44928]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); D:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 aswRdr;aswRdr; D:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
R3 ati2mtag;ati2mtag; D:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2005-06-29 1241088]
R3 atinrvxx;ATI WDM Rage Theater Video; D:\WINDOWS\System32\DRIVERS\atinrvxx.sys [2004-08-04 105984]
R3 hamachi;Hamachi Network Interface; D:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 MVDCODEC;ATI WDM Specialized MVD Codec; D:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2004-08-04 13824]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support; D:\WINDOWS\System32\DRIVERS\ousb2hub.sys [2004-06-15 55808]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; D:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [2004-04-13 70144]
R3 SASENUM;SASENUM; \??\D:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 teamviewervpn;TeamViewer VPN Adapter; D:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088]
R3 usbhub;Rozbočovač umožnující USB2; D:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; D:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S1 kbdhid;Ovladač klávesnice standardu HID; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 0VsComm12;VitalAgent Serial Port Driver 12.4; \??\D:\Program Files\INS\VitalAgent\Program\VsComm12.sys []
S3 awxcyfoc;awxcyfoc; \??\D:\DOCUME~1\Macko\LOCALS~1\Temp\awxcyfoc.sys []
S3 catchme;catchme; \??\D:\DOCUME~1\Macko\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 dtscsi;dtscsi; D:\WINDOWS\System32\Drivers\dtscsi.sys [2008-06-07 223128]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mbr;mbr; \??\D:\DOCUME~1\Macko\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; D:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 se45bus;Sony Ericsson Device 069 driver (WDM); D:\WINDOWS\system32\DRIVERS\se45bus.sys [2006-11-30 61536]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; D:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; D:\WINDOWS\System32\Drivers\sptd.sys [2008-06-07 642560]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apache2;Apache2; D:\PROGRA~1\MANGOS~1\EasyPHP\Apache\bin\apache.exe [2006-07-27 20539]
R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\System32\Ati2evxx.exe [2005-06-29 376832]
R2 avast! Antivirus;avast! Antivirus; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; D:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2009-04-19 152984]
R2 MDM;Machine Debug Manager; D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MySQL;MySQL; D:\PROGRA~1\MANGOS~1\EasyPHP\MySql\bin\mysqld.exe [2006-10-22 4493312]
R2 PnkBstrA;PnkBstrA; D:\WINDOWS\system32\PnkBstrA.exe [2009-07-22 75064]
R2 UleadBurningHelper;Ulead Burning Helper; D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R3 avast! Mail Scanner;avast! Mail Scanner; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 avast! Web Scanner;avast! Web Scanner; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
S2 ATI Smart;ATI Smart; D:\WINDOWS\system32\ati2sgag.exe [2005-06-28 516096]
S2 gupdate1c9afd1e0e7928;Google Update Service (gupdate1c9afd1e0e7928); D:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-28 133104]
S2 Ventrilo;Ventrilo; D:\Program Files\VentSrv\ventrilo_svc.exe []
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-09-05 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-20 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; d:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
-----------------EOF-----------------
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: cidrive32.exe -log HJT
Odinstalujte ComboFix přes:Start >> Spustit, zkopírujte do okénka:
ComboFix /Uninstall
stiskněte Enter
Stáhněte T-Cleanerhttp://sweb.cz/Marinus/T-Cleaner.exe
- Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
- Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.
Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe
- Spusťte.
- Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)
Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
- Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
Záložka Čistič - Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
Záložka Registry - Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít
Doinstalujte SP3 http://www.viry.cz/forum/viewtopic.php?f=46&t=86100 V logu nevidím firewall, doinstalujte 
Přehled: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523Re: cidrive32.exe -log HJT
to nema konca 
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: cidrive32.exe -log HJT
už taham SP3 + firewall
potom ked to nainštalujem tak je všetko?
potom ked to nainštalujem tak je všetko?
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: cidrive32.exe -log HJT
Tak ešte raz ďakujem za pomoc 
. Chcel by som sa spýtať či by bolo možno ešte jeden PC opraviť pretože matka ma ten istý problém, ak by to bolo možne. Ak áno tak mam pokračovať v tomto topiku? (ale až zajtra)
. Chcel by som sa spýtať či by bolo možno ešte jeden PC opraviť pretože matka ma ten istý problém, ak by to bolo možne. Ak áno tak mam pokračovať v tomto topiku? (ale až zajtra)-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: cidrive32.exe -log HJT
Nemáte zač 
Na druhý počítač si založte nové téma, bylo by to tu nepřehledné.
Na druhý počítač si založte nové téma, bylo by to tu nepřehledné.
Přispějete na provoz fóra?