Ahoj,
tak i moje sestra se stala obětí Security TOOLu. Už jsem udělal COMBOfix. Přikládám LOG,
moc prosím o pomoc, jestli někdo víte. Aaa děkuju!!!
ComboFix 10-04-13.02 - Administrator 13.04.2010 21:06:23.5.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.503.377 [GMT 2:00]
Spuštěný z: c:\documents and settings\VERONIKA\Plocha\abraka.com.com
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\99909440
c:\documents and settings\All Users\Data aplikací\99909440\99909440.exe
c:\documents and settings\VERONIKA\Plocha\Security Tool.lnk
c:\windows\system32\acovcnt.exe
.
---- Předchozí spuštění -------
.
c:\documents and settings\All Users\Data aplikací\29572530\29572530.exe
c:\documents and settings\VERONIKA\Plocha\Security Tool.lnk
c:\windows\Temp\_ex-68.exe
-- Předchozí spuštění --
Nakažená kopie c:\windows\system32\drivers\AGP440.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\agp440.sys
--------
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-13 do 2010-04-13 )))))))))))))))))))))))))))))))
.
2010-04-13 19:04 . 2010-04-13 19:04 -------- d--h--w- c:\windows\PIF
2010-04-13 18:57 . 2010-04-13 18:57 -------- d-----w- c:\windows\LastGood.Tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-13 19:00 . 2009-09-20 11:14 87168 ----a-w- c:\windows\system32\drivers\855feef2.sys
2010-03-28 07:27 . 2002-09-23 12:00 46394 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 07:27 . 2002-09-23 12:00 310228 ----a-w- c:\windows\system32\perfh005.dat
2008-10-12 20:16 . 2008-10-12 19:06 641056 --sha-w- c:\windows\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-08-26_21.59.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 00:07 . 2009-07-12 00:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 00:19 . 2009-07-12 00:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-11 18:41 . 2009-07-11 18:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2008-05-12 18:35 . 2008-03-21 12:57 23856 c:\windows\system32\spupdsvc.exe
+ 2010-02-02 19:08 . 2008-03-21 12:57 14640 c:\windows\system32\spmsgXP_2k3.dll
- 2002-09-23 12:00 . 2009-04-03 17:27 40326 c:\windows\system32\perfc009.dat
+ 2002-09-23 12:00 . 2010-03-28 07:27 40326 c:\windows\system32\perfc009.dat
+ 2010-02-02 19:03 . 2009-10-06 10:52 91136 c:\windows\system32\nmwcdcls.dll
+ 2010-02-02 19:04 . 2008-08-26 08:26 18816 c:\windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys
+ 2008-03-27 15:27 . 2008-03-27 15:27 35040 c:\windows\system32\drivers\wdfldr.sys
+ 2010-02-02 19:08 . 2004-08-03 22:08 25600 c:\windows\system32\drivers\usbser.sys
+ 2010-02-02 19:10 . 2006-08-29 14:56 32377 c:\windows\system32\drivers\prodigy.sys
+ 2010-02-02 19:04 . 2008-08-26 08:26 18816 c:\windows\system32\drivers\pccsmcfd.sys
+ 2008-05-12 19:23 . 2004-08-03 21:07 42368 c:\windows\system32\drivers\AGP440.sys
+ 2010-02-02 19:08 . 2004-08-03 22:08 25600 c:\windows\system32\dllcache\usbser.sys
+ 2009-08-26 22:00 . 2004-08-17 13:49 13824 c:\windows\system32\dllcache\cache\wscntfy.exe
+ 2009-08-26 22:00 . 2004-08-17 13:49 82944 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 24576 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-08-26 22:00 . 2004-08-17 13:49 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-08-26 22:00 . 2004-08-17 13:49 71680 c:\windows\system32\dllcache\cache\ssdpsrv.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-08-26 22:00 . 2004-08-17 13:49 59904 c:\windows\system32\dllcache\cache\regsvc.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 89088 c:\windows\system32\dllcache\cache\rasauto.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-08-26 22:00 . 2005-01-28 06:53 25088 c:\windows\system32\dllcache\cache\MsPMSNSv.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 33792 c:\windows\system32\dllcache\cache\msgsvc.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-08-26 22:00 . 2004-08-17 13:49 22016 c:\windows\system32\dllcache\cache\lpk.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 18944 c:\windows\system32\dllcache\cache\linkinfo.dll
+ 2009-08-26 22:00 . 2004-08-17 13:45 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-08-26 22:00 . 2004-08-03 21:00 29056 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-08-26 22:00 . 2004-08-17 13:49 55808 c:\windows\system32\dllcache\cache\eventlog.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-08-26 22:00 . 2004-08-17 13:49 60416 c:\windows\system32\dllcache\cache\cryptsvc.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 77312 c:\windows\system32\dllcache\cache\browser.dll
+ 2009-08-26 22:00 . 2004-08-03 21:05 14336 c:\windows\system32\dllcache\cache\asyncmac.sys
+ 2009-08-26 22:00 . 2002-09-23 12:00 11776 c:\windows\system32\dllcache\cache\acpiec.sys
+ 2010-02-02 19:04 . 2010-02-02 19:04 10134 c:\windows\Installer\{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}\ARPPRODUCTICON.exe
+ 2009-08-26 22:00 . 2004-08-17 13:49 5120 c:\windows\system32\dllcache\cache\sfc.dll
+ 2009-08-26 22:00 . 2002-09-23 12:00 2944 c:\windows\system32\dllcache\cache\null.sys
+ 2009-08-26 22:00 . 2002-09-23 12:00 4224 c:\windows\system32\dllcache\cache\beep.sys
+ 2009-07-12 00:12 . 2009-07-12 00:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 00:09 . 2009-07-12 00:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 00:08 . 2009-07-12 00:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2002-09-23 12:00 . 2010-03-28 07:27 311938 c:\windows\system32\perfh009.dat
- 2002-09-23 12:00 . 2009-04-03 17:27 311938 c:\windows\system32\perfh009.dat
+ 2010-02-02 19:04 . 2009-05-11 11:30 547840 c:\windows\system32\DRVSTORE\pccswpddri_1C34ED6F4888FC93BE68C7A31A24834F522D3CBF\PCCSWpdDriver.dll
+ 2008-03-27 15:27 . 2008-03-27 15:27 503008 c:\windows\system32\drivers\wdf01000.sys
+ 2009-08-26 22:00 . 2004-08-17 13:49 129536 c:\windows\system32\dllcache\cache\xmlprov.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 111104 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-08-26 22:00 . 2004-08-17 13:49 502272 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-08-26 22:00 . 2004-08-17 13:49 657408 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 577024 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 185344 c:\windows\system32\dllcache\cache\upnphost.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 295936 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-08-26 22:00 . 2004-08-03 21:14 359040 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-08-26 22:00 . 2004-08-17 13:49 246272 c:\windows\system32\dllcache\cache\tapisrv.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 170496 c:\windows\system32\dllcache\cache\srsvc.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 190976 c:\windows\system32\dllcache\cache\schedsvc.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 134656 c:\windows\system32\dllcache\cache\shsvcs.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 108544 c:\windows\system32\dllcache\cache\services.exe
+ 2009-08-26 22:00 . 2004-08-17 13:49 184832 c:\windows\system32\dllcache\cache\scecli.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 395776 c:\windows\system32\dllcache\cache\rpcss.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 382464 c:\windows\system32\dllcache\cache\qmgr.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 435712 c:\windows\system32\dllcache\cache\ntmssvc.dll
+ 2009-08-26 22:00 . 2004-08-03 21:15 574592 c:\windows\system32\dllcache\cache\ntfs.sys
+ 2009-08-26 22:00 . 2004-08-17 13:49 198144 c:\windows\system32\dllcache\cache\netman.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 407040 c:\windows\system32\dllcache\cache\netlogon.dll
+ 2009-08-26 22:00 . 2004-08-03 21:14 182912 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-08-26 22:00 . 2004-08-17 13:49 247296 c:\windows\system32\dllcache\cache\mswsock.dll
+ 2009-08-26 22:00 . 2002-09-23 12:00 924432 c:\windows\system32\dllcache\cache\mfc40u.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 982016 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 243200 c:\windows\system32\dllcache\cache\es.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 806912 c:\windows\system32\dllcache\cache\comres.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 611328 c:\windows\system32\dllcache\cache\comctl32.dll
+ 2009-08-26 22:00 . 2004-08-03 20:39 142464 c:\windows\system32\dllcache\cache\aec.sys
+ 2010-02-02 19:04 . 2010-02-02 19:04 496128 c:\windows\Installer\a3319.msi
+ 2010-02-02 19:03 . 2010-02-02 19:03 215552 c:\windows\Installer\a330b.msi
+ 2010-02-02 19:08 . 2008-03-21 12:57 379184 c:\windows\$NtUninstallWdf01007$\spuninst\updspapi.dll
+ 2010-02-02 19:08 . 2008-03-21 12:57 221488 c:\windows\$NtUninstallWdf01007$\spuninst\spuninst.exe
+ 2009-07-11 19:46 . 2009-07-11 19:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-11 19:46 . 2009-07-11 19:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2010-02-02 19:04 . 2009-05-11 10:47 1302600 c:\windows\system32\DRVSTORE\pccswpddri_1C34ED6F4888FC93BE68C7A31A24834F522D3CBF\WUDFUpdate_01007.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 1548288 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-08-26 22:00 . 2004-08-17 13:45 2150400 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-08-26 22:00 . 2004-08-17 13:45 2017280 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-08-26 22:00 . 2004-08-17 13:49 3003392 c:\windows\system32\dllcache\cache\mshtml.dll
+ 2009-08-26 22:00 . 2004-08-17 13:49 1032704 c:\windows\system32\dllcache\cache\explorer.exe
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-13 282624]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-29 544768]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-02-21 17920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"NodEnabler"="c:\program files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe" [2009-04-08 357521]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
S1 855feef2;855feef2;c:\windows\system32\drivers\855feef2.sys [20.9.2009 13:14 87168]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.7.2009 19:02 222968]
S3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [12.5.2008 20:52 841110]
S3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [12.5.2008 20:52 8278]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
Celkový čas: 2010-04-13 21:11:45
ComboFix-quarantined-files.txt 2010-04-13 19:11
ComboFix2.txt 2009-08-27 18:28
ComboFix3.txt 2009-08-26 22:01
ComboFix4.txt 2008-10-13 19:40
Před spuštěním: Volných bajtů: 15 350 509 568
Po spuštění: Volných bajtů: 15 320 322 048
- - End Of File - - 0614647578143695408B9BBF715EF051
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Security TOOL. Už i já...
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Security TOOL. Už i já...
Zdravím 
Na logu se pracuje, prosím o strpení.
Nedoporučuji používat ComboFix z vlastní iniciativy, může dojít k poškození systému!
Na logu se pracuje, prosím o strpení.
Nedoporučuji používat ComboFix z vlastní iniciativy, může dojít k poškození systému!
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Security TOOL. Už i já...
Pokud nemáte, přesuňte Combofix na plochu
- Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.
Kód: Vybrat vše
Driver::
855feef2
File::
c:\windows\system32\drivers\855feef2.sys
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NodEnabler"=-
Folder::
c:\program files\ESET\ESET Smart Security- Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
- Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
- Po aplikaci na Vás vypadne další log,vložte ho sem
Re: Security TOOL. Už i já...
Tak toto je další log
ComboFix 10-04-13.02 - Administrator 13.04.2010 22:33:11.6.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.503.387 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\abraka.com.com
Použité ovládací přepínače :: c:\docume~1\ADMINI~1\Plocha\CFScript.txt
FILE ::
"c:\windows\system32\drivers\855feef2.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ESET\ESET Smart Security
c:\program files\ESET\ESET Smart Security\em006_32.dat
c:\program files\ESET\ESET Smart Security\em009_32.dat
c:\program files\ESET\ESET Smart Security\em013_32.dat
c:\program files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe
c:\program files\ESET\ESET Smart Security\NodEnabler\Uninstall.exe
c:\windows\system32\drivers\855feef2.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_855feef2
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-13 do 2010-04-13 )))))))))))))))))))))))))))))))
.
2010-04-13 20:37 . 2010-04-13 20:37 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-04-13 19:13 . 2010-04-13 19:13 -------- d-s---w- c:\documents and settings\Administrator\UserData
2010-04-13 19:05 . 2010-04-13 19:11 -------- d-----w- C:\abraka.com
2010-04-13 19:04 . 2010-04-13 19:04 -------- d--h--w- c:\windows\PIF
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 07:27 . 2002-09-23 12:00 46394 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 07:27 . 2002-09-23 12:00 310228 ----a-w- c:\windows\system32\perfh005.dat
2008-10-12 20:16 . 2008-10-12 19:06 641056 --sha-w- c:\windows\system32\drivers\fidbox.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-13 282624]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-29 544768]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-02-21 17920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.7.2009 19:02 222968]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [12.5.2008 20:52 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [12.5.2008 20:52 8278]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-nodenabler - c:\program files\ESET\ESET Smart Security\NodEnabler\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-13 22:37
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\windows\system32\ACEngSvr.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\acovcnt.exe
c:\windows\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Celkový čas: 2010-04-13 22:39:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-13 20:39
ComboFix2.txt 2010-04-13 19:11
ComboFix3.txt 2009-08-27 18:28
ComboFix4.txt 2009-08-26 22:01
ComboFix5.txt 2010-04-13 20:32
Před spuštěním: Volných bajtů: 15 320 899 584
Po spuštění: Volných bajtů: 15 290 343 424
- - End Of File - - 2BD8B63745DA4CBB7F47F44C59555A1B
ComboFix 10-04-13.02 - Administrator 13.04.2010 22:33:11.6.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.503.387 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\abraka.com.com
Použité ovládací přepínače :: c:\docume~1\ADMINI~1\Plocha\CFScript.txt
FILE ::
"c:\windows\system32\drivers\855feef2.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ESET\ESET Smart Security
c:\program files\ESET\ESET Smart Security\em006_32.dat
c:\program files\ESET\ESET Smart Security\em009_32.dat
c:\program files\ESET\ESET Smart Security\em013_32.dat
c:\program files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe
c:\program files\ESET\ESET Smart Security\NodEnabler\Uninstall.exe
c:\windows\system32\drivers\855feef2.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_855feef2
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-13 do 2010-04-13 )))))))))))))))))))))))))))))))
.
2010-04-13 20:37 . 2010-04-13 20:37 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-04-13 19:13 . 2010-04-13 19:13 -------- d-s---w- c:\documents and settings\Administrator\UserData
2010-04-13 19:05 . 2010-04-13 19:11 -------- d-----w- C:\abraka.com
2010-04-13 19:04 . 2010-04-13 19:04 -------- d--h--w- c:\windows\PIF
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 07:27 . 2002-09-23 12:00 46394 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 07:27 . 2002-09-23 12:00 310228 ----a-w- c:\windows\system32\perfh005.dat
2008-10-12 20:16 . 2008-10-12 19:06 641056 --sha-w- c:\windows\system32\drivers\fidbox.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-13 282624]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-29 544768]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-02-21 17920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.7.2009 19:02 222968]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [12.5.2008 20:52 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [12.5.2008 20:52 8278]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-nodenabler - c:\program files\ESET\ESET Smart Security\NodEnabler\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-13 22:37
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\windows\system32\ACEngSvr.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\acovcnt.exe
c:\windows\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Celkový čas: 2010-04-13 22:39:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-13 20:39
ComboFix2.txt 2010-04-13 19:11
ComboFix3.txt 2009-08-27 18:28
ComboFix4.txt 2009-08-26 22:01
ComboFix5.txt 2010-04-13 20:32
Před spuštěním: Volných bajtů: 15 320 899 584
Po spuštění: Volných bajtů: 15 290 343 424
- - End Of File - - 2BD8B63745DA4CBB7F47F44C59555A1B
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Security TOOL. Už i já...
Logfile of random's system information tool 1.06 (written by random/random)
Run by VERONIKA at 2010-04-14 19:04:42
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 15 GB (66%) free of 22 GB
Total RAM: 503 MB (39% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04:45, on 14.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\acovcnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\VERONIKA\Plocha\RSIT.exe
C:\Program Files\trend micro\VERONIKA.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer (servicelayer) - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5699 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-04-17 110592]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-02-13 282624]
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2006-03-29 544768]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2005-10-17 987136]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-04-14 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-04-14 602182]
"EOUApp"=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2006-04-14 569413]
"ACMON"=C:\Program Files\ASUS\Splendid\ACMON.exe [2006-02-21 17920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-10-21 761945]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-02-07 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-02-07 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-02-07 118784]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-10-03 139264]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-04-13 22:39:46 ----D---- C:\WINDOWS\temp
2010-04-13 22:39:44 ----A---- C:\ComboFix.txt
2010-04-13 22:37:37 ----A---- C:\WINDOWS\system32\acovcnt.exe
2010-04-13 21:13:09 ----D---- C:\WINDOWS\CSC
2010-04-13 21:05:16 ----D---- C:\abraka.com
2010-04-13 21:04:21 ----HD---- C:\WINDOWS\PIF
2010-04-13 19:59:56 ----A---- C:\WINDOWS\zip.exe
2010-04-13 19:59:56 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-13 19:59:56 ----A---- C:\WINDOWS\SWSC.exe
2010-04-13 19:59:56 ----A---- C:\WINDOWS\SWREG.exe
2010-04-13 19:59:56 ----A---- C:\WINDOWS\sed.exe
2010-04-13 19:59:56 ----A---- C:\WINDOWS\PEV.exe
2010-04-13 19:59:56 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-13 19:59:56 ----A---- C:\WINDOWS\MBR.exe
2010-04-13 19:59:56 ----A---- C:\WINDOWS\grep.exe
2010-04-13 19:46:09 ----A---- C:\WINDOWS\ntbtlog.txt
======List of files/folders modified in the last 1 months======
2010-04-14 19:04:43 ----D---- C:\Program Files\trend micro
2010-04-14 19:03:55 ----D---- C:\WINDOWS\Prefetch
2010-04-14 19:02:35 ----D---- C:\WINDOWS\system32
2010-04-14 19:02:34 ----HD---- C:\WINDOWS\inf
2010-04-14 01:47:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-14 01:47:15 ----D---- C:\WINDOWS\system32\drivers
2010-04-13 22:39:46 ----D---- C:\WINDOWS
2010-04-13 22:39:24 ----D---- C:\Qoobox
2010-04-13 22:38:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-13 22:37:42 ----A---- C:\WINDOWS\system.ini
2010-04-13 22:36:25 ----D---- C:\WINDOWS\system32\config
2010-04-13 22:36:17 ----D---- C:\WINDOWS\ERDNT
2010-04-13 22:35:18 ----D---- C:\WINDOWS\AppPatch
2010-04-13 22:35:15 ----D---- C:\Program Files\Common Files
2010-04-13 20:55:28 ----SHD---- C:\WINDOWS\Installer
2010-04-13 20:06:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-13 19:50:30 ----D---- C:\WINDOWS\system32\appmgmt
2010-04-13 19:46:34 ----D---- C:\Documents and Settings
2010-04-09 18:08:22 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-03-28 09:27:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2008-05-12 21275]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2006-04-14 13568]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2008-10-03 1399615]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\System32\DRIVERS\rimmptsk.sys [2005-09-17 28672]
R3 rimsptsk;rimsptsk; C:\WINDOWS\System32\DRIVERS\rimsptsk.sys [2005-09-14 50560]
R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 smserial;smserial; C:\WINDOWS\System32\DRIVERS\smserial.sys [2006-03-29 889472]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-02-13 1106888]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF; C:\WINDOWS\System32\Drivers\SynMini.sys [2006-01-20 841110]
R3 SynScan;ASUS WebCam Still Image; C:\WINDOWS\System32\Drivers\SynScan.sys [2006-01-02 8278]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-10-21 191936]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\System32\DRIVERS\tosporte.sys [2005-11-24 47104]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\System32\DRIVERS\w39n51.sys [2006-04-04 1429632]
S3 catchme;catchme; \??\C:\abraka.com12064a\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-09-23 9600]
S3 M3AD;Motorola Messenger Modem Audio Device; C:\WINDOWS\system32\drivers\m3aux.sys [2006-03-29 133632]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-09-23 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [2005-02-16 70144]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-03 11136]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-03 10240]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-02-02 108928]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2005-12-14 37632]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [2006-02-08 62848]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2005-11-11 52864]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-01-31 39808]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-23 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-04-14 114753]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-04-24 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-04-14 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-04-14 540745]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 servicelayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
-----------------EOF-----------------
Run by VERONIKA at 2010-04-14 19:04:42
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 15 GB (66%) free of 22 GB
Total RAM: 503 MB (39% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04:45, on 14.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\acovcnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\VERONIKA\Plocha\RSIT.exe
C:\Program Files\trend micro\VERONIKA.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer (servicelayer) - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5699 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-04-17 110592]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-02-13 282624]
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2006-03-29 544768]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2005-10-17 987136]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-04-14 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-04-14 602182]
"EOUApp"=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2006-04-14 569413]
"ACMON"=C:\Program Files\ASUS\Splendid\ACMON.exe [2006-02-21 17920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-10-21 761945]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-02-07 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-02-07 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-02-07 118784]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-10-03 139264]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-04-13 22:39:46 ----D---- C:\WINDOWS\temp
2010-04-13 22:39:44 ----A---- C:\ComboFix.txt
2010-04-13 22:37:37 ----A---- C:\WINDOWS\system32\acovcnt.exe
2010-04-13 21:13:09 ----D---- C:\WINDOWS\CSC
2010-04-13 21:05:16 ----D---- C:\abraka.com
2010-04-13 21:04:21 ----HD---- C:\WINDOWS\PIF
2010-04-13 19:59:56 ----A---- C:\WINDOWS\zip.exe
2010-04-13 19:59:56 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-13 19:59:56 ----A---- C:\WINDOWS\SWSC.exe
2010-04-13 19:59:56 ----A---- C:\WINDOWS\SWREG.exe
2010-04-13 19:59:56 ----A---- C:\WINDOWS\sed.exe
2010-04-13 19:59:56 ----A---- C:\WINDOWS\PEV.exe
2010-04-13 19:59:56 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-13 19:59:56 ----A---- C:\WINDOWS\MBR.exe
2010-04-13 19:59:56 ----A---- C:\WINDOWS\grep.exe
2010-04-13 19:46:09 ----A---- C:\WINDOWS\ntbtlog.txt
======List of files/folders modified in the last 1 months======
2010-04-14 19:04:43 ----D---- C:\Program Files\trend micro
2010-04-14 19:03:55 ----D---- C:\WINDOWS\Prefetch
2010-04-14 19:02:35 ----D---- C:\WINDOWS\system32
2010-04-14 19:02:34 ----HD---- C:\WINDOWS\inf
2010-04-14 01:47:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-14 01:47:15 ----D---- C:\WINDOWS\system32\drivers
2010-04-13 22:39:46 ----D---- C:\WINDOWS
2010-04-13 22:39:24 ----D---- C:\Qoobox
2010-04-13 22:38:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-13 22:37:42 ----A---- C:\WINDOWS\system.ini
2010-04-13 22:36:25 ----D---- C:\WINDOWS\system32\config
2010-04-13 22:36:17 ----D---- C:\WINDOWS\ERDNT
2010-04-13 22:35:18 ----D---- C:\WINDOWS\AppPatch
2010-04-13 22:35:15 ----D---- C:\Program Files\Common Files
2010-04-13 20:55:28 ----SHD---- C:\WINDOWS\Installer
2010-04-13 20:06:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-13 19:50:30 ----D---- C:\WINDOWS\system32\appmgmt
2010-04-13 19:46:34 ----D---- C:\Documents and Settings
2010-04-09 18:08:22 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-03-28 09:27:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2008-05-12 21275]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2006-04-14 13568]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2008-10-03 1399615]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\System32\DRIVERS\rimmptsk.sys [2005-09-17 28672]
R3 rimsptsk;rimsptsk; C:\WINDOWS\System32\DRIVERS\rimsptsk.sys [2005-09-14 50560]
R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 smserial;smserial; C:\WINDOWS\System32\DRIVERS\smserial.sys [2006-03-29 889472]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-02-13 1106888]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF; C:\WINDOWS\System32\Drivers\SynMini.sys [2006-01-20 841110]
R3 SynScan;ASUS WebCam Still Image; C:\WINDOWS\System32\Drivers\SynScan.sys [2006-01-02 8278]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-10-21 191936]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\System32\DRIVERS\tosporte.sys [2005-11-24 47104]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\System32\DRIVERS\w39n51.sys [2006-04-04 1429632]
S3 catchme;catchme; \??\C:\abraka.com12064a\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-09-23 9600]
S3 M3AD;Motorola Messenger Modem Audio Device; C:\WINDOWS\system32\drivers\m3aux.sys [2006-03-29 133632]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-09-23 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [2005-02-16 70144]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-03 11136]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-03 10240]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-02-02 108928]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2005-12-14 37632]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [2006-02-08 62848]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2005-11-11 52864]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-01-31 39808]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-23 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-04-14 114753]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-04-24 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-04-14 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-04-14 540745]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 servicelayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
-----------------EOF-----------------
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Security TOOL. Už i já...
Ahoj. Security TOOL už nenabíhá. Jinak zatim ho nikdo nepoužívá, tak těžko říct. Snad jen že zmizelo pozadí XP (takový ty mraky a tráva) a naskočila na pozadí modrá obrazovka.
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Security TOOL. Už i já...
Pozadí plochy si můžete změnit.
Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:
ComboFix /Uninstall
stiskněte Enter
Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe
Stáhněte a použijte http://oldtimer.geekstogo.com/TFC.exe
Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe
Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
Doinstalujte SP3 http://www.viry.cz/forum/viewtopic.php?f=46&t=86100
V logu nevidím antivir a firewall, doinstalujte 
http://www.viry.cz/forum/viewtopic.php?f=29&t=6152 + http://www.viry.cz/forum/viewtopic.php?f=41&t=6523
Doporučuji aktualizovat Adobe Reader http://www.stahuj.centrum.cz/podnikani_ ... batreader/
Odinstalujte ComboFix přes:Start >> Spustit, zkopírujte do okénka:
ComboFix /Uninstall
stiskněte Enter
Stáhněte T-Cleanerhttp://sweb.cz/Marinus/T-Cleaner.exe
- Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
- Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.
Stáhněte a použijte http://oldtimer.geekstogo.com/TFC.exe Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe
- Spusťte.
- Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)
Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
- Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
Záložka Čistič - Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
Záložka Registry - Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít
Doinstalujte SP3 http://www.viry.cz/forum/viewtopic.php?f=46&t=86100 V logu nevidím antivir a firewall, doinstalujte http://www.viry.cz/forum/viewtopic.php?f=29&t=6152 + http://www.viry.cz/forum/viewtopic.php?f=41&t=6523 Doporučuji aktualizovat Adobe Reader http://www.stahuj.centrum.cz/podnikani_ ... batreader/
Přispějete na provoz fóra?