Desktop Security 2010

[Yanic79]

Dobrý Den,
nainstaloval se mi tenhle otravný Desktop. Proti vykakování hlášení pomohl rkill.com... Vkládám log RSIT


Logfile of random's system information tool 1.06 (written by random/random)
Run by Lukáš at 2010-05-02 01:18:34
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 70 GB (70%) free of 100 GB
Total RAM: 2047 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:44, on 2.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\program files\common files\installshield\professional\runtime\0701\intel32\kernelikernel.exe
C:\program files\common files\installshield\professional\runtime\0701\intel32\kernelikernel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
c:\program files\installshield installation information\{60de4033-9503-48d1-a483-7846bd217ca9}\setupinstallshield.exe
c:\docume~1\luk~1\locals~1\temp\lsri.exe
c:\program files\microsoft games for windows - live\client\es\softwareadcenter2.0.3131.0.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Multimedia\Downloads\RSIT.exe
C:\Program Files\trend micro\Lukáš.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -LGE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "E:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [drmdyndataAutoRun] C:\DOCUME~1\LUK~1\LOCALS~1\Temp\lsri.exe
O4 - HKLM\..\Run: [Ctorctor] c:\program files\common files\installshield\professional\runtime\0701\intel32\kernelikernel.exe
O4 - HKLM\..\Run: [iKernelEngine] C:\program files\common files\installshield\professional\runtime\0701\intel32\kernelikernel.exe
O4 - HKLM\..\Run: [AutoRunGUIuninseReg] C:\DOCUME~1\LUK~1\LOCALS~1\Temp\lsri.exe
O4 - HKLM\..\RunServices: [avastaswV5Hlp] C:\DOCUME~1\LUK~1\LOCALS~1\Temp\lsri.exe
O4 - HKLM\..\RunServices: [acepdemsoxmlmf] c:\program files\common files\microsoft shared\office12\acepdeacecnf.exe
O4 - HKLM\..\RunServices: [InstallShieldiKernel] c:\program files\installshield installation information\{60de4033-9503-48d1-a483-7846bd217ca9}\setupinstallshield.exe
O4 - HKLM\..\RunServices: [msadctlsadCenter] c:\program files\microsoft games for windows - live\client\es\softwareadcenter2.0.3131.0.exe
O4 - HKLM\..\RunServices: [PhysXCookingFC2PhysXCooking2531] c:\program files\ageia technologies\v2.5.3\physxcorephysxcorefc2.exe
O4 - HKLM\..\RunServices: [HelpHXDSUI] c:\program files\common files\microsoft shared\help\1033\helpmicrosoft.exe
O4 - HKLM\..\RunServices: [UserSetup] C:\program files\common files\installshield\professional\runtime\0701\intel32\kernelikernel.exe
O4 - HKLM\..\RunServices: [ArtsAutoRun7] C:\DOCUME~1\LUK~1\LOCALS~1\Temp\lsri.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [2bcdoluvu5s3] C:\Documents and Settings\Lukáš\Local Settings\Temp\m.2194.tmp.exe
O4 - HKCU\..\Run: [Desktop Security 2010] "C:\Documents and Settings\Lukáš\Data aplikací\Desktop Security 2010\Desktop Security 2010.exe" /STARTUP
O4 - HKCU\..\Run: [SecurityCenter] C:\Documents and Settings\Lukáš\Data aplikací\Desktop Security 2010\securitycenter.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Stáhnout FlashGetem - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechny FlashGetem - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - E:\Program Files\QIP Infium\infium.exe (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: GootkitSSO - {FD6C33E0-359E-4A27-83FB-CB52DB9D6AFD} - C:\WINDOWS\System32\msxsltsso.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 13203 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\OGALogon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - E:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-10-05 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - E:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"=E:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"DT LGE"=C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe [2007-10-11 81920]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-08-10 16384000]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"PCSuiteTrayApplication"=E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-15 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-04 1603152]
"Adobe Reader Speed Launcher"=E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-04-14 2790472]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"NokiaMusic FastStart"=E:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe [2010-03-04 2192672]
"drmdyndataAutoRun"=C:\DOCUME~1\LUK~1\LOCALS~1\Temp\lsri.exe [2010-05-01 153600]
"Ctorctor"=c:\program files\common files\installshield\professional\runtime\0701\intel32\kernelikernel.exe [2010-05-01 153600]
"iKernelEngine"=C:\program files\common files\installshield\professional\runtime\0701\intel32\kernelikernel.exe [2010-05-01 153600]
"AutoRunGUIuninseReg"=C:\DOCUME~1\LUK~1\LOCALS~1\Temp\lsri.exe [2010-05-01 153600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-01-15 147456]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-04-06 26102056]
""= []
"NokiaOviSuite2"=C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2010-02-24 385928]
"2bcdoluvu5s3"=C:\Documents and Settings\Lukáš\Local Settings\Temp\m.2194.tmp.exe [2010-05-01 2948096]
"Desktop Security 2010"=C:\Documents and Settings\Lukáš\Data aplikací\Desktop Security 2010\Desktop Security 2010.exe [2010-04-30 1412608]
"SecurityCenter"=C:\Documents and Settings\Lukáš\Data aplikací\Desktop Security 2010\securitycenter.exe [2010-04-30 135680]

C:\Documents and Settings\Lukáš\Nabídka Start\Programy\Po spuštění
Logitech . Product Registration.lnk - C:\Program Files\Logitech\QuickCam\eReg.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-07-02 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
GootkitSSO - {FD6C33E0-359E-4A27-83FB-CB52DB9D6AFD} - C:\WINDOWS\System32\msxsltsso.dll []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="E:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"E:\Program Files\FlashGet\flashget.exe"="E:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"E:\Program Files\QIP\qip.exe"="E:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre1.6.0_07\bin\java.exe"="C:\Program Files\Java\jre1.6.0_07\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"E:\Multimedia\Downloads\ICQLite\ICQLite.exe"="E:\Multimedia\Downloads\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"E:\Program Files\ICQLite\ICQLite.exe"="E:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"E:\Program Files\ICQ6\ICQ.exe"="E:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"E:\Program Files\rFactor\rFactor.exe"="E:\Program Files\rFactor\rFactor.exe:*:Enabled:rFactor"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="E:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"E:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="E:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"E:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="E:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"E:\Program Files\Restaurant Empire\re.exe"="E:\Program Files\Restaurant Empire\re.exe:*:Enabled:re"
"E:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="E:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"E:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe"="E:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-05-02 01:18:34 ----D---- C:\rsit
2010-05-02 01:18:34 ----D---- C:\Program Files\trend micro
2010-05-01 18:43:31 ----D---- C:\Documents and Settings\Lukáš\Data aplikací\Desktop Security 2010
2010-04-22 15:46:02 ----HDC---- C:\WINDOWS\$NtUninstallWudf01007$
2010-04-21 10:56:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nokia
2010-04-20 20:30:11 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2010-04-20 20:30:05 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2010-04-20 19:35:33 ----D---- C:\WINDOWS\Globalization
2010-04-20 19:35:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\NokiaMusic
2010-04-20 19:33:32 ----D---- C:\Program Files\PC Connectivity Solution
2010-04-20 19:33:11 ----SHD---- C:\Config.Msi
2010-04-20 19:32:45 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2010-04-20 19:31:53 ----D---- C:\Program Files\Nokia
2010-04-20 19:31:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\OviInstallerCache
2010-04-14 16:17:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 16:17:24 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 16:14:47 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-04-14 16:14:18 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 16:14:13 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 16:14:08 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 16:13:48 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-13 15:41:29 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-04-05 11:07:47 ----AT---- C:\WINDOWS\system32\SIntfNT.dll
2010-04-05 11:07:47 ----AT---- C:\WINDOWS\system32\SIntf32.dll
2010-04-05 11:07:47 ----AT---- C:\WINDOWS\system32\SIntf16.dll
2010-04-05 11:05:56 ----A---- C:\WINDOWS\IsUninst.exe

======List of files/folders modified in the last 1 months======

2010-05-02 01:18:44 ----D---- C:\WINDOWS\Prefetch
2010-05-02 01:18:34 ----RD---- C:\Program Files
2010-05-02 01:16:32 ----D---- C:\Program Files\Mozilla Thunderbird
2010-05-02 01:10:52 ----D---- C:\WINDOWS\Temp
2010-05-02 01:07:33 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-02 00:57:02 ----D---- C:\Documents and Settings\Lukáš\Data aplikací\Skype
2010-05-02 00:56:13 ----D---- C:\Documents and Settings\Lukáš\Data aplikací\skypePM
2010-05-01 19:26:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-27 17:40:42 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-04-27 17:38:20 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2010-04-27 17:38:19 ----A---- C:\WINDOWS\system32\pbsvc_heroes.exe
2010-04-27 16:11:52 ----D---- C:\Documents and Settings\Lukáš\Data aplikací\ZoomBrowser EX
2010-04-27 16:05:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\ZoomBrowser
2010-04-22 16:25:09 ----D---- C:\WINDOWS
2010-04-22 16:10:35 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-22 15:46:13 ----D---- C:\WINDOWS\system32\drivers
2010-04-22 15:46:10 ----HD---- C:\WINDOWS\inf
2010-04-22 15:46:08 ----D---- C:\WINDOWS\system32
2010-04-20 20:51:27 ----D---- C:\Documents and Settings\Lukáš\Data aplikací\PC Suite
2010-04-20 20:48:19 ----D---- C:\Documents and Settings\Lukáš\Data aplikací\Nokia
2010-04-20 20:31:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-20 20:30:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-20 20:30:16 ----A---- C:\WINDOWS\imsins.BAK
2010-04-20 19:36:10 ----SHD---- C:\WINDOWS\Installer
2010-04-20 19:35:31 ----RSD---- C:\WINDOWS\assembly
2010-04-20 19:35:29 ----RSD---- C:\WINDOWS\Fonts
2010-04-20 19:35:29 ----D---- C:\Program Files\Common Files\Nokia
2010-04-20 19:33:37 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-20 19:12:14 ----D---- C:\Program Files\Google
2010-04-17 15:04:09 ----D---- C:\WINDOWS\system32\DirectX
2010-04-17 15:03:55 ----D---- C:\WINDOWS\Logs
2010-04-16 17:04:52 ----D---- C:\Program Files\Mozilla Firefox
2010-04-14 18:47:03 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-04-14 16:18:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-04-14 16:17:28 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-11 10:58:42 ----D---- C:\Documents and Settings
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-04 18:25:16 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-04-14 28880]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 43008]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-04-14 162768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-04-14 46672]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-04-14 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-04-14 100432]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-04-14 23376]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-08-29 36864]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-07-02 4125696]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-08-10 4603904]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2006-11-16 15920]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 lgusbsmodem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbsmodem.sys [2007-07-09 23680]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2008-07-26 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2008-07-26 2570520]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-07-02 602112]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2007-10-11 65536]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-07-25 79136]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-04-27 75064]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-07-02 593920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-25 133104]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[cernohous13]

Vítám tě u nás

Stáhni si ComboFix
a ulož ho na plochu.
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

[Yanic79]

Děkuji.. ComboFix proveden..vkládám Log.

ComboFix 10-05-01.04 - Lukáš 02.05.2010 10:08:59.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1670 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lukáš\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\LUK~1\LOCALS~1\Temp\lsri.exe
c:\documents and settings\Lukáš\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Desktop Security 2010.lnk
c:\program files\WindowsUpdate
c:\windows\system32\vbpng1.dll
c:\windows\wiaservim.log

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-02 do 2010-05-02 )))))))))))))))))))))))))))))))
.

2010-05-01 23:18 . 2010-05-01 23:18 -------- d-----w- C:\rsit
2010-05-01 23:18 . 2010-05-01 23:18 -------- d-----w- c:\program files\trend micro
2010-04-20 18:30 . 2008-04-13 17:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-04-20 18:30 . 2008-04-13 17:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-04-20 18:30 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-04-20 17:35 . 2010-04-20 17:35 -------- d-----w- c:\windows\Globalization
2010-04-20 17:33 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-20 17:33 . 2010-04-20 17:33 -------- d-----w- c:\program files\PC Connectivity Solution
2010-04-20 17:32 . 2009-12-30 09:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-04-20 17:32 . 2009-12-30 09:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-04-20 17:32 . 2009-12-30 09:30 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-04-20 17:32 . 2010-01-21 12:53 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-04-20 17:32 . 2009-10-06 09:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-04-20 17:31 . 2010-04-20 17:36 -------- d-----w- c:\program files\Nokia
2010-04-13 13:41 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-11 08:58 . 2010-04-11 08:58 -------- d-----w- c:\documents and settings\Luká?
2010-04-05 09:07 . 2010-04-05 09:14 21036 ----atw- c:\windows\system32\SIntfNT.dll
2010-04-05 09:07 . 2010-04-05 09:14 15132 ----atw- c:\windows\system32\SIntf32.dll
2010-04-05 09:07 . 2010-04-05 09:14 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-04-05 09:05 . 1998-01-23 10:22 304128 ----a-w- c:\windows\IsUninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 23:16 . 2008-04-01 14:04 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-27 15:40 . 2009-12-22 15:12 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-27 15:40 . 2009-12-22 15:12 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-27 15:38 . 2009-12-22 15:12 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-04-27 15:38 . 2009-12-22 15:12 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-04-22 13:46 . 2010-04-22 13:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-04-22 13:46 . 2010-04-22 13:46 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-04-20 18:31 . 2004-08-18 12:00 81262 ----a-w- c:\windows\system32\perfc005.dat
2010-04-20 18:31 . 2004-08-18 12:00 437076 ----a-w- c:\windows\system32\perfh005.dat
2010-04-20 18:30 . 2010-04-20 18:30 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-04-20 18:30 . 2010-04-20 18:30 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-04-20 17:35 . 2008-03-25 19:43 -------- d-----w- c:\program files\Common Files\Nokia
2010-04-20 17:12 . 2008-04-03 17:15 -------- d-----w- c:\program files\Google
2010-04-14 16:47 . 2010-02-19 18:45 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 16:47 . 2010-02-19 18:45 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-14 16:35 . 2010-02-19 18:45 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-14 16:35 . 2010-02-19 18:45 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-14 16:31 . 2010-02-19 18:45 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-14 16:31 . 2010-02-19 18:45 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-14 16:31 . 2010-02-19 18:45 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-14 16:31 . 2010-02-19 18:45 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-14 16:30 . 2010-02-19 18:45 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-04 16:25 . 2008-03-07 12:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-01 06:40 . 2010-04-01 06:40 -------- d-----w- c:\program files\Common Files\Skype
2010-03-28 16:05 . 2009-07-10 18:27 -------- d-----w- c:\program files\Alwil Software
2010-03-21 13:25 . 2010-03-21 13:25 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-21 13:25 . 2010-03-21 13:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-21 13:24 . 2010-03-21 13:24 -------- d-----w- c:\program files\AMD
2010-03-11 12:36 . 2004-08-17 14:49 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2004-08-17 14:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2004-08-17 14:49 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:11 . 2004-08-17 14:49 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2004-08-03 22:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 16:34 . 2009-10-03 17:12 703 ----a-w- c:\windows\eReg.dat
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-16 19:08 . 2004-08-17 15:45 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:08 . 2004-08-17 14:45 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-12 04:35 . 2004-08-17 14:49 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-03 22:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-10-05 17:34 . 2010-02-13 08:20 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-04-06 26102056]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"SecurityCenter"="c:\documents and settings\Lukáš\Data aplikací\Desktop Security 2010\securitycenter.exe" [2010-04-30 135680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"DAEMON Tools-1033"="e:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"DT LGE"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2007-10-11 81920]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]
"PCSuiteTrayApplication"="e:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
"NokiaMusic FastStart"="e:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"Ctorctor"="c:\program files\common files\installshield\professional\runtime\0701\intel32\kernelikernel.exe" [2010-05-01 153600]
"iKernelEngine"="c:\program files\common files\installshield\professional\runtime\0701\intel32\kernelikernel.exe" [2010-05-01 153600]
"setup2kKernel"="c:\program files\installshield installation information\{60de4033-9503-48d1-a483-7846bd217ca9}\setupinstallshield.exe" [2010-05-01 153600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="e:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"e:\\Program Files\\rFactor\\rFactor.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [9.3.2008 19:07 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [9.3.2008 19:07 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19.2.2010 20:45 162768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.2.2010 20:45 19024]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [7.3.2008 14:53 36864]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.7.2009 11:49 133104]
S3 lgusbsmodem;LGE Mobile USB Modem;c:\windows\system32\drivers\lgusbsmodem.sys [25.12.2009 12:27 23680]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 16:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-25 09:48]

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-25 09:48]

2010-05-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Stáhnout FlashGetem - e:\program files\FlashGet\jc_link.htm
IE: &Stáhnout všechny FlashGetem - e:\program files\FlashGet\jc_all.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Filter: video/x-flv - {08C72DD4-19AD-49f1-83DA-8542B4D302C5} -
FF - ProfilePath - c:\documents and settings\Lukáš\Data aplikací\Mozilla\Firefox\Profiles\4ny0ak67.default\
FF - prefs.js: browser.search.selectedEngine - qtl
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: e:\program files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: e:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SSODL-GootkitSSO-{FD6C33E0-359E-4A27-83FB-CB52DB9D6AFD} - c:\windows\System32\msxsltsso.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-02 10:13
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A234BC0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> 0x8a234bc0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9dccbb0
PacketIndicateHandler -> NDIS.sys @ 0xb9dd9a21
SendHandler -> NDIS.sys @ 0xb9db787b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-854245398-823518204-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\1*C]
"Order"=hex:08,00,00,00,02,00,00,00,80,00,00,00,01,00,00,00,01,00,00,00,74,00,
00,00,00,00,00,00,66,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,54,00,31,\

[HKEY_USERS\S-1-5-21-854245398-823518204-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\1*C\BumbleBeast]
"Order"=hex:08,00,00,00,02,00,00,00,76,00,00,00,01,00,00,00,01,00,00,00,6a,00,
00,00,00,00,00,00,5c,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,4a,00,31,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-05-02 10:15:27
ComboFix-quarantined-files.txt 2010-05-02 08:15

Před spuštěním: Volných bajtů: 73 671 520 256
Po spuštění: Volných bajtů: 75 713 429 504

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 267DC1E485C4E47D622920F88FE805C2

[cernohous13]

Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

CFscript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecurityCenter"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"Adobe Reader Speed Launcher"=-
"Ctorctor"=-
"iKernelEngine"=
"setup2kKernel"=-

Folder::
c:\documents and settings\Lukáš\Data aplikací\Desktop Security 2010
C:\Program Files\Symantec
C:\Program Files\Common Files\Symantec Shared

File::
c:\program files\common files\installshield\professional\runtime\0701\intel32\kernelikernel.exe
c:\program files\installshield installation information\{60de4033-9503-48d1-a483-7846bd217ca9}\setupinstallshield.exe

RegLock::
[HKEY_USERS\S-1-5-21-854245398-823518204-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\1*C]
[HKEY_USERS\S-1-5-21-854245398-823518204-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\1*C\BumbleBeast]

Driver::
Automatic LiveUpdate Scheduler
LiveUpdate Notice Service
NMIndexingService
LiveUpdate Notice Ex
LiveUpdate

Vypnout driver sptd.sys takto:
stáhni http://jpshortstuff.247fixes.com/beta/Defogger.exe
spusť - klik "Disable" - potvrď hlášku "Continue" - dej sem log který se vytvoří - samozřejmě nech restartovat PC

stáhni MBR http://www2.gmer.net/mbr/mbr.exe ulož ho na plochu
klik Start -> Spustit... - do okna zkopíruj celý červený příkaz
"%userprofile%\plocha\mbr" -t -> OK
na ploše vznikne mbr.log - jeho obsah sem zkopíruj

[Yanic79]

Log z ComboFix...

ComboFix 10-05-01.04 - Lukáš 02.05.2010 17:32:20.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1662 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lukáš\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Lukáš\Plocha\CFscript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\program files\common files\installshield\professional\runtime\0701\intel32\kernelikernel.exe"
"c:\program files\installshield installation information\{60de4033-9503-48d1-a483-7846bd217ca9}\setupinstallshield.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lukáš\Data aplikací\Desktop Security 2010
c:\documents and settings\Lukáš\Data aplikací\Desktop Security 2010\Desktop Security 2010.exe
c:\documents and settings\Lukáš\Data aplikací\Desktop Security 2010\mfc71.dll
c:\documents and settings\Lukáš\Data aplikací\Desktop Security 2010\MFC71ENU.DLL
c:\documents and settings\Lukáš\Data aplikací\Desktop Security 2010\msvcp71.dll
c:\documents and settings\Lukáš\Data aplikací\Desktop Security 2010\msvcr71.dll
c:\documents and settings\Lukáš\Data aplikací\Desktop Security 2010\securitycenter.exe
c:\documents and settings\Lukáš\Data aplikací\Desktop Security 2010\securityhelper.exe
c:\documents and settings\Lukáš\Data aplikací\Desktop Security 2010\taskmgr.dll
c:\program files\common files\installshield\professional\runtime\0701\intel32\kernelikernel.exe
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\Firewall\AppendRules.xml
c:\program files\Common Files\Symantec Shared\Help\LUALL.CHM
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertUi.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcGlobal.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcmhSvar.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcProd.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\09\01\AlertEng.loc
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\fallback.dat
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\lun.ico
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhDSA.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhSched.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhUpgr.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\pifCrawl.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifPep06.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifPep07.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollMgr.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\readme.txt
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\SymHTML.dll
c:\program files\Common Files\Symantec Shared\SPManifests\AlertEng.grd
c:\program files\Common Files\Symantec Shared\SPManifests\AlertEng.sig
c:\program files\Common Files\Symantec Shared\SPManifests\AlertEng.spm
c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.grd
c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.sig
c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.spm
c:\program files\Common Files\Symantec Shared\SPManifests\PifCore.grd
c:\program files\Common Files\Symantec Shared\SPManifests\PifCore.sig
c:\program files\Common Files\Symantec Shared\SPManifests\PifCore.spm
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\latest-hub-webauth.sql\LHW.sql.bin
c:\program files\installshield installation information\{60de4033-9503-48d1-a483-7846bd217ca9}\setupinstallshield.exe
c:\program files\Symantec
c:\program files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate
c:\program files\Symantec\LiveUpdate\ALUNOTIFY.EXE
c:\program files\Symantec\LiveUpdate\ALUNOTIFYRES.DLL
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvcRes.dll
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\program files\Symantec\LiveUpdate\AUPDATERES.DLL
c:\program files\Symantec\LiveUpdate\LSETUP.EXE
c:\program files\Symantec\LiveUpdate\LUALL.EXE
c:\program files\Symantec\LiveUpdate\LUALLRES.DLL
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuComServer_3_2.EXE
c:\program files\Symantec\LiveUpdate\LuConfig.EXE
c:\program files\Symantec\LiveUpdate\ludirloc.dat
c:\program files\Symantec\LiveUpdate\LUCheck.exe
c:\program files\Symantec\LiveUpdate\LUINFO.INF
c:\program files\Symantec\LiveUpdate\LUInit.exe
c:\program files\Symantec\LiveUpdate\LUInit.ini
c:\program files\Symantec\LiveUpdate\LUINSDLL.DLL
c:\program files\Symantec\LiveUpdate\LuInsRes.dll
c:\program files\Symantec\LiveUpdate\LuPreCon.DLL
c:\program files\Symantec\LiveUpdate\LuResult.txt
c:\program files\Symantec\LiveUpdate\LUSETUP.EXE
c:\program files\Symantec\LiveUpdate\LUUPDATE.EXE
c:\program files\Symantec\LiveUpdate\MFC71.DLL
c:\program files\Symantec\LiveUpdate\MSVCP71.DLL
c:\program files\Symantec\LiveUpdate\MSVCR71.DLL
c:\program files\Symantec\LiveUpdate\NetDetectController_3_2.DLL
c:\program files\Symantec\LiveUpdate\NotifyHA.exe
c:\program files\Symantec\LiveUpdate\ProductRegCom_3_2.DLL
c:\program files\Symantec\LiveUpdate\README.TXT
c:\program files\Symantec\LiveUpdate\ResLuComServer_3_2.DLL
c:\program files\Symantec\LiveUpdate\S32LIVE1.DLL
c:\program files\Symantec\LiveUpdate\S32LUCP1RES.DLL
c:\program files\Symantec\LiveUpdate\S32LUCP2.CPL
c:\program files\Symantec\LiveUpdate\S32LUIS1.DLL
c:\program files\Symantec\LiveUpdate\S32LUWI1.DLL
c:\program files\Symantec\LiveUpdate\Settings.Default.LiveUpdate
c:\program files\Symantec\LiveUpdate\SETUPRES.DLL
c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.exe
c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.log
c:\program files\Symantec\LiveUpdate\SymantecRootInstallerRes.dll
c:\program files\Symantec\LiveUpdate\UNRAR.DLL

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AUTOMATIC_LIVEUPDATE_SCHEDULER
-------\Legacy_LIVEUPDATE
-------\Legacy_LIVEUPDATE_NOTICE_EX
-------\Legacy_LIVEUPDATE_NOTICE_SERVICE
-------\Legacy_NMINDEXINGSERVICE
-------\Service_Automatic LiveUpdate Scheduler
-------\Service_LiveUpdate
-------\Service_LiveUpdate Notice Ex
-------\Service_LiveUpdate Notice Service
-------\Service_NMIndexingService


((((((((((((((((((((((((( Soubory vytvořené od 2010-04-02 do 2010-05-02 )))))))))))))))))))))))))))))))
.

2010-05-01 23:18 . 2010-05-01 23:18 -------- d-----w- C:\rsit
2010-05-01 23:18 . 2010-05-01 23:18 -------- d-----w- c:\program files\trend micro
2010-04-20 18:30 . 2008-04-13 17:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-04-20 18:30 . 2008-04-13 17:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-04-20 18:30 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-04-20 17:35 . 2010-04-20 17:35 -------- d-----w- c:\windows\Globalization
2010-04-20 17:33 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-20 17:33 . 2010-04-20 17:33 -------- d-----w- c:\program files\PC Connectivity Solution
2010-04-20 17:32 . 2009-12-30 09:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-04-20 17:32 . 2009-12-30 09:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-04-20 17:32 . 2009-12-30 09:30 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-04-20 17:32 . 2010-01-21 12:53 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-04-20 17:32 . 2009-10-06 09:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-04-20 17:31 . 2010-04-20 17:36 -------- d-----w- c:\program files\Nokia
2010-04-13 13:41 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-11 08:58 . 2010-04-11 08:58 -------- d-----w- c:\documents and settings\Luká?
2010-04-05 09:07 . 2010-04-05 09:14 21036 ----atw- c:\windows\system32\SIntfNT.dll
2010-04-05 09:07 . 2010-04-05 09:14 15132 ----atw- c:\windows\system32\SIntf32.dll
2010-04-05 09:07 . 2010-04-05 09:14 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-04-05 09:05 . 1998-01-23 10:22 304128 ----a-w- c:\windows\IsUninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 23:16 . 2008-04-01 14:04 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-27 15:40 . 2009-12-22 15:12 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-27 15:40 . 2009-12-22 15:12 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-27 15:38 . 2009-12-22 15:12 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-04-27 15:38 . 2009-12-22 15:12 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-04-22 13:46 . 2010-04-22 13:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-04-22 13:46 . 2010-04-22 13:46 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-04-20 18:31 . 2004-08-18 12:00 81262 ----a-w- c:\windows\system32\perfc005.dat
2010-04-20 18:31 . 2004-08-18 12:00 437076 ----a-w- c:\windows\system32\perfh005.dat
2010-04-20 18:30 . 2010-04-20 18:30 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-04-20 18:30 . 2010-04-20 18:30 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-04-20 17:35 . 2008-03-25 19:43 -------- d-----w- c:\program files\Common Files\Nokia
2010-04-20 17:12 . 2008-04-03 17:15 -------- d-----w- c:\program files\Google
2010-04-14 16:47 . 2010-02-19 18:45 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 16:47 . 2010-02-19 18:45 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-14 16:35 . 2010-02-19 18:45 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-14 16:35 . 2010-02-19 18:45 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-14 16:31 . 2010-02-19 18:45 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-14 16:31 . 2010-02-19 18:45 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-14 16:31 . 2010-02-19 18:45 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-14 16:31 . 2010-02-19 18:45 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-14 16:30 . 2010-02-19 18:45 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-04 16:25 . 2008-03-07 12:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-01 06:40 . 2010-04-01 06:40 -------- d-----w- c:\program files\Common Files\Skype
2010-03-28 16:05 . 2009-07-10 18:27 -------- d-----w- c:\program files\Alwil Software
2010-03-21 13:25 . 2010-03-21 13:25 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-21 13:25 . 2010-03-21 13:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-21 13:24 . 2010-03-21 13:24 -------- d-----w- c:\program files\AMD
2010-03-11 12:36 . 2004-08-17 14:49 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2004-08-17 14:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2004-08-17 14:49 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:11 . 2004-08-17 14:49 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2004-08-03 22:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 16:34 . 2009-10-03 17:12 703 ----a-w- c:\windows\eReg.dat
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-16 19:08 . 2004-08-17 15:45 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:08 . 2004-08-17 14:45 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-12 04:35 . 2004-08-17 14:49 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-03 22:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-10-05 17:34 . 2010-02-13 08:20 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-05-02_08.13.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-02 15:39 . 2010-05-02 15:39 16384 c:\windows\temp\Perflib_Perfdata_dd8.dat
+ 2010-05-02 15:33 . 2010-05-02 15:33 16384 c:\windows\temp\Perflib_Perfdata_834.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-04-06 26102056]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"DAEMON Tools-1033"="e:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"DT LGE"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2007-10-11 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]
"PCSuiteTrayApplication"="e:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
"NokiaMusic FastStart"="e:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"CatalystRuntime"="c:\program files\ati technologies\ati.ace\graphics-light\graphicscontrol.exe" [2010-05-01 153600]
"DSHELP64DirectSkin"="c:\program files\ati technologies\ati.ace\core-implementation\64\dshelp64wbhelp64.exe" [2010-05-01 153600]
"RuntimeCaste"="c:\program files\ati technologies\ati.ace\graphics-light\graphicscontrol.exe" [2010-05-01 153600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"WizardGraphics2.0.3257.27071"="c:\program files\ati technologies\ati.ace\graphics-light\graphicscontrol.exe" [2010-05-01 153600]
"PhysXCookingR1Library2312"="c:\program files\ageia technologies\v2.3.1\physxcookingr1physxcookingr1.exe" [2010-05-01 153600]
"PhysXCoreLibrary"="c:\program files\ageia technologies\v2.3.2\linkdynamic.exe" [2010-05-01 153600]
"PhysXCoreDynamic"="c:\program files\ageia technologies\v2.3.3\physxcookingfc4physxcore2334.exe" [2010-05-01 153600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="e:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"e:\\Program Files\\rFactor\\rFactor.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [9.3.2008 19:07 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [9.3.2008 19:07 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19.2.2010 20:45 162768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.2.2010 20:45 19024]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [7.3.2008 14:53 36864]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.7.2009 11:49 133104]
S3 lgusbsmodem;LGE Mobile USB Modem;c:\windows\system32\drivers\lgusbsmodem.sys [25.12.2009 12:27 23680]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 16:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-25 09:48]

2010-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-25 09:48]

2010-05-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Download All with FlashGet - e:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - e:\program files\FlashGet\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Filter: video/x-flv - {08C72DD4-19AD-49f1-83DA-8542B4D302C5} -
FF - ProfilePath - c:\documents and settings\Lukáš\Data aplikací\Mozilla\Firefox\Profiles\4ny0ak67.default\
FF - prefs.js: browser.search.selectedEngine - qtl
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: e:\program files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: e:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
HKLM-Run-iKernelEngine - c:\program files\common files\installshield\professional\runtime\0701\intel32\kernelikernel.exe
HKLM-Run-setup2ksetup2k - c:\program files\installshield installation information\{60de4033-9503-48d1-a483-7846bd217ca9}\setupinstallshield.exe
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-02 17:40
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A058210]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> 0x8a058210
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9dccbb0
PacketIndicateHandler -> NDIS.sys @ 0xb9dd9a21
SendHandler -> NDIS.sys @ 0xb9db787b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-854245398-823518204-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\1*C]
"Order"=hex:08,00,00,00,02,00,00,00,80,00,00,00,01,00,00,00,01,00,00,00,74,00,
00,00,00,00,00,00,66,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,54,00,31,\

[HKEY_USERS\S-1-5-21-854245398-823518204-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\1*C\BumbleBeast]
"Order"=hex:08,00,00,00,02,00,00,00,76,00,00,00,01,00,00,00,01,00,00,00,6a,00,
00,00,00,00,00,00,5c,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,4a,00,31,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3184)
c:\windows\system32\WPDShServiceObj.dll
e:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
e:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
e:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
e:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Portrait Displays\forteManager\DTHtml.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Nokia\NoA\nokiaaserver.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-05-02 17:42:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-02 15:42
ComboFix2.txt 2010-05-02 08:15

Před spuštěním: Volných bajtů: 75 682 996 224
Po spuštění: Volných bajtů: 75 514 683 392

- - End Of File - - 451F1DECE9A9F5B2B4115B60B5E55654

[Yanic79]

Log Defogger:

defogger_disable by jpshortstuff (25.01.10.1)
Log created at 17:47 on 02/05/2010 (Lukáš)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
d347prt -> Disabled (Service running -> reboot required)
d347bus -> Disabled (Service running -> reboot required)


-=E.O.F=-

[cernohous13]

Po restartu

stáhni MBR http://www2.gmer.net/mbr/mbr.exe ulož ho na plochu
klik Start -> Spustit... - do okna zkopíruj celý červený příkaz
"%userprofile%\plocha\mbr" -t -> OK
na ploše vznikne mbr.log - jeho obsah sem zkopíruj

[Yanic79]

Nevím,zda mbr proběhl správně. Když ho na ploše spustím,jen na okamžik problikne okno a na ploše se vytvoří tento log. Takže ten červený příkaz nemám kdy vložit..

Log mbr:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

[cernohous13]

Klikni vlevo dole na tlačítko Start -> pak na Spustit... -> červený příkaz vlož do okna s blikajícím kurzorem -> OK

[Yanic79]

jejda,já to blbě pochopil,promiň Tak teď už by to mělo být ok...

Log

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

[cernohous13]

jj, to je skvělé.

další postup ti hodím o poločase (Baník-Sparta)

nech mi tu zprávu jak se chová PC, jestli je ještě nějaký problém.

[Yanic79]

Díky..tady už jdu koukat. Ale radši Ti neprozradím,komu přeju vítěztví,abys mi pak ještě napsal
PC vypadá v pohodě,běží rychle,žádná okna už nevyskakují,žádné zvláštní chování...

[cernohous13]

Pro mě je nejlepším výsledkem remíza. Viz bodový odstup Jablonce

[cernohous13]

Pokud ti všechno funguje podle tvých představ, tak trochu uklidíme.

teď ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK

Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exe
Zavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)

pak použij

Stáhni a spusť T-cleaner http://sweb.cz/Marinus/T-Cleaner.exe - uklidí po použitých čističích.
Po spuštění ignoruj případné varování antiviru - je to v pořádku
Po provedení akce T-cleaner smažeš

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.
spustit "Nástroje" > "Obnova systému" - 1.řádek zachovej, ostatní "Odstranit"

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

Po vyčištění by se hodila defragmentace
doporučuji http://www.slunecnice.cz/sw/defraggler/ + čeština

[Yanic79]

Tak za tu dnešní pomoc,za kterou Ti mnohokrát děkuji,jsem Ti tu remízu přál Ale jinak věřím,že Sparta ještě klopýtne a BANÍK to dotáhne k titulu!!
Veškeré přočištění jsem provedl i pomocí Ccleaneru... Vše vypadá OK.
Ještě jednou moc díky....