Dobrý den.
Žádám o prevenci. Děkuji.
Logfile of random's system information tool 1.08 (written by random/random)
Run by user at 2010-07-12 19:15:50
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 212 GB (89%) free of 238 GB
Total RAM: 1023 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:16:02, on 12.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQ7.1\ICQ.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\user\Plocha\RSIT.exe
C:\Program Files\trend micro\user.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe activexdebugger32.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6102885719
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 7348 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Automatic troubleshooting.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{E5D872FD-5623-4840-B57F-D2F9143EA599}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D5D47440-0750-463D-BAEF-A47D02414806}
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-30 344064]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-10-07 1461080]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]
C:\Documents and Settings\user\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-31 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInternetIcon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoInternetIcon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"M:\Quake3\quake3.exe"="M:\Quake3\quake3.exe:*:Enabled:quake3"
"D:\QUAKE 3\QUAKE3\QUAKE3.EXE"="D:\QUAKE 3\QUAKE3\QUAKE3.EXE:*:Enabled:QUAKE3"
"J:\---GAMES---\Left 4 Dead\left4dead.exe"="J:\---GAMES---\Left 4 Dead\left4dead.exe:*:Enabled:left4dead"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\user\Plocha\utorrent.exe"="C:\Documents and Settings\user\Plocha\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-07-12 19:15:51 ----D---- C:\Program Files\trend micro
2010-07-12 19:15:50 ----D---- C:\rsit
2010-07-12 10:26:27 ----D---- C:\Program Files\GamePark
2010-07-12 10:07:10 ----D---- C:\Program Files\Activision
2010-07-12 09:52:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-07-12 09:52:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-07-11 21:26:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-07-11 21:16:35 ----D---- C:\WINDOWS\Prefetch
2010-07-11 21:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-07-11 21:00:08 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-07-11 20:59:57 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-07-11 20:59:50 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-07-11 20:59:43 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-07-11 20:59:37 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-07-11 20:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-07-11 20:59:20 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-07-11 20:59:13 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-07-11 20:59:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-07-11 20:58:57 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-07-11 20:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-07-11 20:58:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-07-11 20:58:34 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-07-11 20:58:26 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-07-11 20:58:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-07-11 20:58:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-07-11 20:58:05 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-07-11 20:57:58 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-07-11 20:57:50 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-07-11 20:57:43 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-07-11 20:57:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-07-11 20:57:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-07-11 20:57:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-07-11 20:57:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-07-11 20:57:05 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-07-11 20:56:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-07-11 20:56:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-07-11 20:56:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-07-11 20:56:36 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-07-11 20:56:28 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-07-11 20:56:19 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-07-11 20:56:11 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-07-11 20:56:02 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-07-11 20:55:56 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-07-11 20:55:43 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-07-11 20:55:37 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-07-11 20:55:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-07-11 20:55:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-07-11 20:55:16 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-07-11 20:55:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-07-11 20:55:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-07-11 20:54:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-07-11 20:54:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-07-11 20:54:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-07-11 20:54:31 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-07-11 20:54:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-07-11 20:54:15 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-07-11 20:54:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-07-11 20:54:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-07-11 20:53:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-07-11 20:53:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-07-11 20:53:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-07-11 20:53:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-07-11 20:53:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-07-11 20:53:19 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-07-11 20:53:12 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-07-11 20:49:49 ----D---- C:\WINDOWS\l2schemas
2010-07-11 20:49:48 ----D---- C:\WINDOWS\system32\cs
2010-07-11 20:49:48 ----D---- C:\WINDOWS\system32\bits
2010-07-11 20:44:11 ----D---- C:\WINDOWS\network diagnostic
2010-07-11 20:39:21 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-07-11 20:36:06 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-07-11 20:36:06 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-07-11 20:36:06 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-07-11 20:36:06 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-07-11 20:36:03 ----A---- C:\WINDOWS\avisplitter.ini
2010-07-11 20:36:01 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-07-11 20:36:00 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-07-11 20:36:00 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-07-11 20:35:58 ----A---- C:\WINDOWS\system32\dpl100.dll
2010-07-11 20:35:52 ----A---- C:\WINDOWS\system32\divx.dll
2010-07-11 20:35:51 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-07-11 20:35:51 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-07-11 20:35:45 ----D---- C:\Program Files\K-Lite Codec Pack
2010-06-26 14:15:58 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2010-06-25 09:49:07 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2010-06-25 09:48:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-06-24 15:24:04 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-06-24 14:51:17 ----D---- C:\Program Files\DAEMON Tools Lite
2010-06-24 14:50:12 ----D---- C:\Documents and Settings\user\Data aplikací\ICQ
2010-06-24 14:50:03 ----D---- C:\Program Files\ICQ7.1
2010-06-24 14:41:42 ----D---- C:\Program Files\Windows Media Connect 2
2010-06-24 14:41:26 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-06-24 14:40:55 ----N---- C:\WINDOWS\system32\wmpsrcwp.dll
2010-06-24 14:40:55 ----N---- C:\WINDOWS\system32\wmpps.dll
2010-06-24 14:40:55 ----N---- C:\WINDOWS\system32\wmpmde.dll
2010-06-24 14:40:53 ----N---- C:\WINDOWS\system32\wmpencen.dll
2010-06-24 14:40:53 ----N---- C:\WINDOWS\system32\wmpeffects.dll
2010-06-24 14:39:36 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-06-24 14:38:45 ----D---- C:\WINDOWS\system32\drivers\UMDF
2010-06-24 14:38:23 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-06-24 14:35:24 ----D---- C:\Program Files\Ask.com
2010-06-24 14:34:37 ----D---- C:\Program Files\uTorrent
2010-06-24 14:33:06 ----D---- C:\Documents and Settings\user\Data aplikací\uTorrent
2010-06-24 14:29:13 ----D---- C:\Documents and Settings\user\Data aplikací\DAEMON Tools Lite
2010-06-24 14:28:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-06-24 13:05:10 ----D---- C:\Documents and Settings\user\Data aplikací\ESET
2010-06-24 13:03:23 ----D---- C:\Program Files\ESET
2010-06-24 13:03:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-06-24 12:58:22 ----D---- C:\Program Files\Mozilla Firefox
2010-06-24 12:55:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2010-06-17 22:22:35 ----D---- C:\Documents and Settings\user\Data aplikací\skypePM
2010-06-17 22:15:45 ----D---- C:\Program Files\Google
2010-06-17 22:15:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2010-06-17 22:15:19 ----D---- C:\Program Files\Common Files\Skype
2010-06-17 22:15:17 ----RD---- C:\Program Files\Skype
2010-06-16 17:15:22 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2010-06-16 04:15:19 ----HDC---- C:\WINDOWS\$NtUninstallKB961118_0$
2010-06-15 04:19:13 ----D---- C:\WINDOWS\system32\XPSViewer
2010-06-15 04:19:09 ----D---- C:\WINDOWS\system32\en-US
2010-06-15 04:19:04 ----D---- C:\Program Files\Reference Assemblies
2010-06-15 04:18:47 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-06-15 04:18:47 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-06-15 04:18:47 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-06-15 04:18:46 ----D---- C:\09bc287dca5313ba3ebc
2010-06-15 04:18:39 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2010-06-15 04:18:34 ----D---- C:\Program Files\MSXML 6.0
2010-06-15 04:03:12 ----D---- C:\WINDOWS\ie8updates
2010-06-15 04:00:25 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2010-06-15 04:00:25 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2010-06-15 04:00:25 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2010-06-15 04:00:25 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2010-06-15 04:00:25 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2010-06-15 04:00:25 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2010-06-15 04:00:22 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2010-06-15 04:00:22 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2010-06-15 04:00:22 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2010-06-15 04:00:22 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2010-06-15 04:00:21 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2010-06-15 04:00:21 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2010-06-15 04:00:20 ----N---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2010-06-15 04:00:20 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2010-06-15 04:00:19 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2010-06-15 04:00:19 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2010-06-15 04:00:19 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2010-06-15 04:00:17 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2010-06-15 04:00:10 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2010-06-15 04:00:10 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2010-06-15 04:00:10 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2010-06-15 03:58:28 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2010-06-15 03:58:28 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2010-06-15 03:58:28 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2010-06-15 03:58:28 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2010-06-15 03:58:27 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2010-06-15 03:58:27 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2010-06-15 03:58:27 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2010-06-15 03:58:27 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2010-06-15 03:58:27 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2010-06-15 03:58:27 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2010-06-15 03:58:27 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2010-06-15 03:58:27 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2010-06-15 03:58:27 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2010-06-15 03:58:27 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2010-06-15 03:58:27 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2010-06-15 03:58:27 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2010-06-15 03:58:27 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2010-06-15 03:58:27 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2010-06-15 03:58:27 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2010-06-15 03:58:27 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2010-06-15 03:58:27 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2010-06-14 00:07:43 ----D---- C:\WINDOWS\pss
======List of files/folders modified in the last 1 months======
2010-07-12 19:15:59 ----D---- C:\WINDOWS\Temp
2010-07-12 19:15:51 ----RD---- C:\Program Files
2010-07-12 19:06:35 ----D---- C:\Documents and Settings\user\Data aplikací\Skype
2010-07-12 19:06:02 ----D---- C:\WINDOWS
2010-07-12 13:11:15 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-07-12 12:41:36 ----D---- C:\WINDOWS\system32
2010-07-12 11:16:57 ----D---- C:\WINDOWS\Debug
2010-07-12 10:47:14 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2010-07-12 10:31:59 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-12 10:31:23 ----SHD---- C:\WINDOWS\Installer
2010-07-12 10:21:52 ----D---- C:\WINDOWS\system32\DirectX
2010-07-12 10:21:50 ----HD---- C:\WINDOWS\inf
2010-07-12 10:21:41 ----RSD---- C:\WINDOWS\assembly
2010-07-12 10:20:39 ----A---- C:\WINDOWS\game.ini
2010-07-12 09:52:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-12 09:51:53 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-12 09:51:08 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-11 22:50:22 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-07-11 21:18:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-11 21:16:14 ----D---- C:\WINDOWS\system32\wbem
2010-07-11 21:16:14 ----D---- C:\WINDOWS\system32\Setup
2010-07-11 21:16:14 ----D---- C:\WINDOWS\AppPatch
2010-07-11 21:16:14 ----D---- C:\Program Files\Messenger
2010-07-11 21:16:14 ----D---- C:\Program Files\Common Files\System
2010-07-11 21:16:13 ----RSD---- C:\WINDOWS\Fonts
2010-07-11 21:16:08 ----D---- C:\WINDOWS\system32\drivers
2010-07-11 21:15:19 ----D---- C:\WINDOWS\security
2010-07-11 21:00:18 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-11 20:59:15 ----D---- C:\Program Files\Outlook Express
2010-07-11 20:58:36 ----D---- C:\Program Files\Movie Maker
2010-07-11 20:50:22 ----D---- C:\WINDOWS\WinSxS
2010-07-11 20:50:09 ----D---- C:\WINDOWS\ehome
2010-07-11 20:50:07 ----D---- C:\WINDOWS\system32\inetsrv
2010-07-11 20:50:06 ----D---- C:\WINDOWS\ime
2010-07-11 20:50:06 ----D---- C:\WINDOWS\Help
2010-07-11 20:49:51 ----D---- C:\WINDOWS\system32\cs-CZ
2010-07-11 20:49:50 ----D---- C:\WINDOWS\system32\usmt
2010-07-11 20:49:50 ----D---- C:\Program Files\Internet Explorer
2010-07-11 20:49:48 ----D---- C:\WINDOWS\PeerNet
2010-07-11 20:46:40 ----D---- C:\WINDOWS\ServicePackFiles
2010-07-11 20:46:18 ----D---- C:\WINDOWS\system32\Restore
2010-07-11 20:46:18 ----D---- C:\WINDOWS\system32\npp
2010-07-11 20:46:17 ----D---- C:\WINDOWS\msagent
2010-07-11 20:46:16 ----D---- C:\WINDOWS\srchasst
2010-07-11 20:46:15 ----D---- C:\Program Files\NetMeeting
2010-07-11 20:46:13 ----D---- C:\WINDOWS\system32\Com
2010-07-11 20:46:11 ----D---- C:\Program Files\Windows Media Player
2010-07-11 20:46:10 ----D---- C:\Program Files\Windows NT
2010-07-11 20:45:47 ----D---- C:\WINDOWS\system32\oobe
2010-07-11 20:45:46 ----D---- C:\WINDOWS\system
2010-06-24 23:08:37 ----D---- C:\Program Files\WinRAR
2010-06-24 14:58:49 ----D---- C:\WINDOWS\Minidump
2010-06-24 14:48:30 ----D---- C:\Documents and Settings\user\Data aplikací\WinRAR
2010-06-24 14:41:52 ----A---- C:\WINDOWS\win.ini
2010-06-24 14:38:44 ----D---- C:\WINDOWS\system32\LogFiles
2010-06-24 14:35:39 ----SD---- C:\WINDOWS\Tasks
2010-06-24 14:24:22 ----D---- C:\Program Files\Microton 2006
2010-06-24 13:02:08 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-06-24 12:59:06 ----D---- C:\Documents and Settings\user\Data aplikací\Mozilla
2010-06-23 19:31:40 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-17 23:58:53 ----D---- C:\Documents and Settings\user\Data aplikací\Kingston
2010-06-17 22:15:19 ----D---- C:\Program Files\Common Files
2010-06-17 22:15:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-06-15 04:18:54 ----D---- C:\WINDOWS\system32\spool
2010-06-13 15:39:18 ----D---- C:\Program Files\AskTBar
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-13 46464]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-06-24 691696]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-10-07 55256]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-06-05 30556]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-10-07 73760]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-31 1333760]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-10-07 32072]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2002-12-07 199088]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S0 tffsport;M-Systems DiskOnChip 2000; C:\WINDOWS\system32\DRIVERS\tffsport.sys [2008-04-13 149376]
S3 aoq187w9;aoq187w9; C:\WINDOWS\system32\drivers\aoq187w9.sys []
S3 npkcrypt;npkcrypt; \??\J:\-==GAMEs==-\Lineage II\system\npkcrypt.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-31 376832]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-10-07 472280]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-07-12 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-07-12 219128]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-30 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-10-07 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-03-08 435016]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prevence
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prevence
Zdravím, tohle fixni v HJT :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe activexdebugger32.exe
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
HJT najdeš zde :
C:\Program Files\trend micro\user.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Ovládací panely >> Přidat nebo odebrat odinstaluj Ask.com
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
Čištění registru je třeba několikrát zopakovat !
Nakonec použij Mbam z mého podpisu.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe activexdebugger32.exe
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
HJT najdeš zde :
C:\Program Files\trend micro\user.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Ovládací panely >> Přidat nebo odebrat odinstaluj Ask.com
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
Čištění registru je třeba několikrát zopakovat !
Nakonec použij Mbam z mého podpisu.
Re: Prevence
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4309
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
13.7.2010 18:29:11
mbam-log-2010-07-13 (18-29-11).txt
Typ skenu: Rychlý sken
Skenované objekty: 126745
Uplynulý čas: 6 minuta(y), 20 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
www.malwarebytes.org
Verze databáze: 4309
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
13.7.2010 18:29:11
mbam-log-2010-07-13 (18-29-11).txt
Typ skenu: Rychlý sken
Skenované objekty: 126745
Uplynulý čas: 6 minuta(y), 20 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Re: Prevence
Nyní použijeme větší kalibr tak že tentokrát dělat pouze co píšu, protože tenhle softík chyby netoleruje.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
Re: Prevence
ComboFix 10-07-13.05 - user 14.07.2010 8:56.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.659 [GMT 2:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Thumbs.db
c:\windows\system\ACD.CMD
c:\windows\system\ACD2.CMD
c:\windows\system32\Ijl11.dll
c:\windows\system32\ktkbdhk3.dll
c:\windows\system32\scrrntr.dll
c:\windows\system32\Temp
c:\windows\system32\Temp\aawfhriejlcmbvbhxjui.list
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-14 do 2010-07-14 )))))))))))))))))))))))))))))))
.
2010-07-14 06:45 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 16:40 . 2010-07-13 16:40 -------- d-----w- c:\program files\HD Tune
2010-07-13 16:39 . 2010-07-13 16:39 -------- d-----w- c:\program files\CrystalDiskInfo
2010-07-13 16:20 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-13 16:20 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-13 16:20 . 2010-07-13 16:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-13 06:52 . 2010-07-13 06:52 0 ----a-w- c:\windows\ativpsrm.bin
2010-07-12 18:33 . 2010-07-12 18:33 -------- d-----w- c:\program files\CPUID
2010-07-12 18:11 . 2010-07-12 18:11 -------- d-----w- c:\program files\Zeallsoft
2010-07-12 17:44 . 2010-07-12 17:44 -------- d-----w- C:\ATI
2010-07-12 17:15 . 2010-07-13 16:16 -------- d-----w- c:\program files\trend micro
2010-07-12 17:15 . 2010-07-12 17:16 -------- d-----w- C:\rsit
2010-07-12 08:26 . 2010-07-12 08:26 -------- d-----w- c:\program files\GamePark
2010-07-12 08:07 . 2010-07-12 08:07 -------- d-----w- c:\program files\Activision
2010-07-11 19:16 . 2010-07-11 19:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-11 18:49 . 2010-07-11 18:49 -------- d-----w- c:\windows\l2schemas
2010-07-11 18:49 . 2010-07-11 18:49 -------- d-----w- c:\windows\system32\cs
2010-07-11 18:49 . 2010-07-11 18:49 -------- d-----w- c:\windows\system32\bits
2010-07-11 18:36 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-07-11 18:36 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-07-11 18:36 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-07-11 18:35 . 2010-03-10 19:29 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-07-11 18:35 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\divx.dll
2010-07-11 18:35 . 2010-06-28 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-07-11 18:35 . 2010-07-11 18:36 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-06-24 12:51 . 2010-06-24 12:51 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-24 12:50 . 2010-06-24 12:52 -------- d-----w- c:\program files\ICQ7.1
2010-06-24 12:41 . 2010-06-24 12:41 -------- d-----w- c:\program files\Windows Media Connect 2
2010-06-24 12:40 . 2006-10-18 19:47 613376 ------w- c:\windows\system32\wmpmde.dll
2010-06-24 12:40 . 2006-10-18 19:47 204288 ------w- c:\windows\system32\wmpsrcwp.dll
2010-06-24 12:40 . 2006-10-18 19:47 130048 ------w- c:\windows\system32\wmpps.dll
2010-06-24 12:40 . 2008-06-24 16:12 295936 ------w- c:\windows\system32\wmpeffects.dll
2010-06-24 12:40 . 2006-10-18 19:47 1661440 ------w- c:\windows\system32\wmpencen.dll
2010-06-24 12:38 . 2010-06-24 12:40 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-06-24 12:34 . 2010-06-24 12:34 -------- d-----w- c:\program files\uTorrent
2010-06-24 11:59 . 2010-06-24 11:59 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-24 11:03 . 2010-06-24 11:03 -------- d-----w- c:\program files\ESET
2010-06-24 10:58 . 2010-06-24 10:58 0 ----a-w- c:\windows\nsreg.dat
2010-06-17 21:58 . 2010-06-17 21:58 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-06-17 20:22 . 2010-06-17 20:22 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-17 20:15 . 2010-06-24 13:19 -------- d-----w- c:\program files\Google
2010-06-17 20:15 . 2010-06-17 20:15 -------- d-----w- c:\program files\Common Files\Skype
2010-06-17 20:15 . 2010-06-24 12:21 -------- d-----r- c:\program files\Skype
2010-06-15 02:19 . 2010-06-15 02:19 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-06-15 02:19 . 2010-06-15 02:19 -------- d-----w- c:\windows\system32\XPSViewer
2010-06-15 02:19 . 2010-06-15 02:19 -------- d-----w- c:\program files\Reference Assemblies
2010-06-15 02:18 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-06-15 02:18 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-06-15 02:18 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-06-15 02:18 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-06-15 02:18 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-06-15 02:18 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-06-15 02:18 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-06-15 02:18 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-06-15 02:18 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-06-15 02:18 . 2010-06-15 02:18 -------- d-----w- C:\09bc287dca5313ba3ebc
2010-06-15 02:18 . 2010-06-15 02:18 -------- d-----w- c:\program files\MSXML 6.0
2010-06-15 02:03 . 2010-06-15 02:03 -------- d-----w- c:\windows\ie8updates
2010-06-15 01:58 . 2004-08-03 20:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2010-06-14 22:42 . 2010-05-06 10:35 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-14 22:42 . 2010-05-06 10:35 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-14 22:42 . 2010-05-06 10:35 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-14 22:42 . 2010-05-06 10:35 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-14 22:42 . 2010-05-06 10:35 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-06-14 22:42 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-14 22:42 . 2010-05-06 10:35 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-06-14 22:39 . 2010-06-14 22:39 -------- d-sh--w- c:\documents and settings\user\IECompatCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-12 17:49 . 2006-02-06 06:07 -------- d-----w- c:\program files\ATI Technologies
2010-07-12 17:47 . 2006-02-06 06:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-12 11:11 . 2008-02-17 17:05 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-12 10:49 . 2008-02-17 17:05 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-12 08:47 . 2008-02-17 17:05 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-07-11 19:18 . 2004-08-18 12:00 79062 ----a-w- c:\windows\system32\perfc005.dat
2010-07-11 19:18 . 2004-08-18 12:00 432004 ----a-w- c:\windows\system32\perfh005.dat
2010-07-11 18:52 . 2006-02-06 05:47 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-11 18:52 . 2006-02-06 05:47 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-24 12:51 . 2006-02-07 09:35 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-24 12:24 . 2009-01-24 09:18 -------- d-----w- c:\program files\Microton 2006
2010-06-14 14:31 . 2006-02-06 05:46 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 13:39 . 2006-02-07 21:43 -------- d-----w- c:\program files\AskTBar
2010-05-06 10:35 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2004-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-04-09 22:20 . 2008-02-01 06:28 48 --sh--w- c:\windows\SE61757FB.tmp
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-10-07 1461080]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [7.10.2009 9:16 472280]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 16:05 1021256]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 8:24 10064]
S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [7.2.2006 11:52 149376]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.2.2006 11:35 691696]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-07-14 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 14:12]
2010-07-14 c:\windows\Tasks\User_Feed_Synchronization-{E5D872FD-5623-4840-B57F-D2F9143EA599}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\u1blgba1.default\
FF - prefs.js: browser.search.selectedEngine - Centrum.cz Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-14 08:59
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1935655697-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{60D0CCED-129A-76F2-4E40-9C5E48A5FDA0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"dbfgbanholbfkkbenmmdciknjdidgpcakneninch"=hex:69,61,62,64,70,66,67,66,65,64,
6e,69,61,6b,70,67,6c,64,00,00
"cbpfhdiinnkcnbkhlnaajblolcfofemhdhenlm"=hex:69,61,62,64,70,66,67,66,65,64,6e,
69,61,6b,70,67,6c,64,00,00
"abbbjdkdcenejjndgfebmgnflakdgjajhl"=hex:61,61,00,00
"macbeemcaphldaaelkkhlicnao"=hex:61,61,00,00
[HKEY_USERS\S-1-5-21-1935655697-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C1DFC29E-7725-E115-B47A-A3E5F5E45FB7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"dbidbnlambjkljophkghpgfnfhaclbbnjgnpneno"=hex:69,61,6d,61,6c,66,64,6d,6e,64,
61,70,65,69,70,67,6a,66,00,00
"cboglabelghpbcbpmiefaindlmhbijbgdblino"=hex:69,61,6d,61,6c,66,64,6d,6e,64,61,
70,65,69,70,67,6a,66,00,00
"abmgbadngjjimhkjfpbpebchicnlcdhlfd"=hex:61,61,00,00
"majgmfdphnmglnhakkmiallhfo"=hex:61,61,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-07-14 09:00:39
ComboFix-quarantined-files.txt 2010-07-14 07:00
Před spuštěním: Volných bajtů: 211 636 228 096
Po spuštění: Volných bajtů: 211 926 355 968
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 3EB5679D4F4FEC3E5351735E98A6ADB0
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.659 [GMT 2:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Thumbs.db
c:\windows\system\ACD.CMD
c:\windows\system\ACD2.CMD
c:\windows\system32\Ijl11.dll
c:\windows\system32\ktkbdhk3.dll
c:\windows\system32\scrrntr.dll
c:\windows\system32\Temp
c:\windows\system32\Temp\aawfhriejlcmbvbhxjui.list
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-14 do 2010-07-14 )))))))))))))))))))))))))))))))
.
2010-07-14 06:45 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 16:40 . 2010-07-13 16:40 -------- d-----w- c:\program files\HD Tune
2010-07-13 16:39 . 2010-07-13 16:39 -------- d-----w- c:\program files\CrystalDiskInfo
2010-07-13 16:20 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-13 16:20 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-13 16:20 . 2010-07-13 16:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-13 06:52 . 2010-07-13 06:52 0 ----a-w- c:\windows\ativpsrm.bin
2010-07-12 18:33 . 2010-07-12 18:33 -------- d-----w- c:\program files\CPUID
2010-07-12 18:11 . 2010-07-12 18:11 -------- d-----w- c:\program files\Zeallsoft
2010-07-12 17:44 . 2010-07-12 17:44 -------- d-----w- C:\ATI
2010-07-12 17:15 . 2010-07-13 16:16 -------- d-----w- c:\program files\trend micro
2010-07-12 17:15 . 2010-07-12 17:16 -------- d-----w- C:\rsit
2010-07-12 08:26 . 2010-07-12 08:26 -------- d-----w- c:\program files\GamePark
2010-07-12 08:07 . 2010-07-12 08:07 -------- d-----w- c:\program files\Activision
2010-07-11 19:16 . 2010-07-11 19:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-11 18:49 . 2010-07-11 18:49 -------- d-----w- c:\windows\l2schemas
2010-07-11 18:49 . 2010-07-11 18:49 -------- d-----w- c:\windows\system32\cs
2010-07-11 18:49 . 2010-07-11 18:49 -------- d-----w- c:\windows\system32\bits
2010-07-11 18:36 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-07-11 18:36 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-07-11 18:36 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-07-11 18:35 . 2010-03-10 19:29 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-07-11 18:35 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\divx.dll
2010-07-11 18:35 . 2010-06-28 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-07-11 18:35 . 2010-07-11 18:36 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-06-24 12:51 . 2010-06-24 12:51 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-24 12:50 . 2010-06-24 12:52 -------- d-----w- c:\program files\ICQ7.1
2010-06-24 12:41 . 2010-06-24 12:41 -------- d-----w- c:\program files\Windows Media Connect 2
2010-06-24 12:40 . 2006-10-18 19:47 613376 ------w- c:\windows\system32\wmpmde.dll
2010-06-24 12:40 . 2006-10-18 19:47 204288 ------w- c:\windows\system32\wmpsrcwp.dll
2010-06-24 12:40 . 2006-10-18 19:47 130048 ------w- c:\windows\system32\wmpps.dll
2010-06-24 12:40 . 2008-06-24 16:12 295936 ------w- c:\windows\system32\wmpeffects.dll
2010-06-24 12:40 . 2006-10-18 19:47 1661440 ------w- c:\windows\system32\wmpencen.dll
2010-06-24 12:38 . 2010-06-24 12:40 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-06-24 12:34 . 2010-06-24 12:34 -------- d-----w- c:\program files\uTorrent
2010-06-24 11:59 . 2010-06-24 11:59 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-24 11:03 . 2010-06-24 11:03 -------- d-----w- c:\program files\ESET
2010-06-24 10:58 . 2010-06-24 10:58 0 ----a-w- c:\windows\nsreg.dat
2010-06-17 21:58 . 2010-06-17 21:58 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-06-17 20:22 . 2010-06-17 20:22 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-17 20:15 . 2010-06-24 13:19 -------- d-----w- c:\program files\Google
2010-06-17 20:15 . 2010-06-17 20:15 -------- d-----w- c:\program files\Common Files\Skype
2010-06-17 20:15 . 2010-06-24 12:21 -------- d-----r- c:\program files\Skype
2010-06-15 02:19 . 2010-06-15 02:19 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-06-15 02:19 . 2010-06-15 02:19 -------- d-----w- c:\windows\system32\XPSViewer
2010-06-15 02:19 . 2010-06-15 02:19 -------- d-----w- c:\program files\Reference Assemblies
2010-06-15 02:18 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-06-15 02:18 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-06-15 02:18 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-06-15 02:18 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-06-15 02:18 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-06-15 02:18 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-06-15 02:18 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-06-15 02:18 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-06-15 02:18 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-06-15 02:18 . 2010-06-15 02:18 -------- d-----w- C:\09bc287dca5313ba3ebc
2010-06-15 02:18 . 2010-06-15 02:18 -------- d-----w- c:\program files\MSXML 6.0
2010-06-15 02:03 . 2010-06-15 02:03 -------- d-----w- c:\windows\ie8updates
2010-06-15 01:58 . 2004-08-03 20:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2010-06-14 22:42 . 2010-05-06 10:35 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-14 22:42 . 2010-05-06 10:35 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-14 22:42 . 2010-05-06 10:35 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-14 22:42 . 2010-05-06 10:35 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-14 22:42 . 2010-05-06 10:35 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-06-14 22:42 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-14 22:42 . 2010-05-06 10:35 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-06-14 22:39 . 2010-06-14 22:39 -------- d-sh--w- c:\documents and settings\user\IECompatCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-12 17:49 . 2006-02-06 06:07 -------- d-----w- c:\program files\ATI Technologies
2010-07-12 17:47 . 2006-02-06 06:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-12 11:11 . 2008-02-17 17:05 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-12 10:49 . 2008-02-17 17:05 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-12 08:47 . 2008-02-17 17:05 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-07-11 19:18 . 2004-08-18 12:00 79062 ----a-w- c:\windows\system32\perfc005.dat
2010-07-11 19:18 . 2004-08-18 12:00 432004 ----a-w- c:\windows\system32\perfh005.dat
2010-07-11 18:52 . 2006-02-06 05:47 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-11 18:52 . 2006-02-06 05:47 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-24 12:51 . 2006-02-07 09:35 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-24 12:24 . 2009-01-24 09:18 -------- d-----w- c:\program files\Microton 2006
2010-06-14 14:31 . 2006-02-06 05:46 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 13:39 . 2006-02-07 21:43 -------- d-----w- c:\program files\AskTBar
2010-05-06 10:35 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2004-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-04-09 22:20 . 2008-02-01 06:28 48 --sh--w- c:\windows\SE61757FB.tmp
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-10-07 1461080]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [7.10.2009 9:16 472280]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 16:05 1021256]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 8:24 10064]
S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [7.2.2006 11:52 149376]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.2.2006 11:35 691696]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-07-14 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 14:12]
2010-07-14 c:\windows\Tasks\User_Feed_Synchronization-{E5D872FD-5623-4840-B57F-D2F9143EA599}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\u1blgba1.default\
FF - prefs.js: browser.search.selectedEngine - Centrum.cz Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-14 08:59
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1935655697-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{60D0CCED-129A-76F2-4E40-9C5E48A5FDA0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"dbfgbanholbfkkbenmmdciknjdidgpcakneninch"=hex:69,61,62,64,70,66,67,66,65,64,
6e,69,61,6b,70,67,6c,64,00,00
"cbpfhdiinnkcnbkhlnaajblolcfofemhdhenlm"=hex:69,61,62,64,70,66,67,66,65,64,6e,
69,61,6b,70,67,6c,64,00,00
"abbbjdkdcenejjndgfebmgnflakdgjajhl"=hex:61,61,00,00
"macbeemcaphldaaelkkhlicnao"=hex:61,61,00,00
[HKEY_USERS\S-1-5-21-1935655697-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C1DFC29E-7725-E115-B47A-A3E5F5E45FB7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"dbidbnlambjkljophkghpgfnfhaclbbnjgnpneno"=hex:69,61,6d,61,6c,66,64,6d,6e,64,
61,70,65,69,70,67,6a,66,00,00
"cboglabelghpbcbpmiefaindlmhbijbgdblino"=hex:69,61,6d,61,6c,66,64,6d,6e,64,61,
70,65,69,70,67,6a,66,00,00
"abmgbadngjjimhkjfpbpebchicnlcdhlfd"=hex:61,61,00,00
"majgmfdphnmglnhakkmiallhfo"=hex:61,61,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-07-14 09:00:39
ComboFix-quarantined-files.txt 2010-07-14 07:00
Před spuštěním: Volných bajtů: 211 636 228 096
Po spuštění: Volných bajtů: 211 926 355 968
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 3EB5679D4F4FEC3E5351735E98A6ADB0
Re: Prevence
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
File::
c:\windows\SE61757FB.tmp
Folder::
c:\program files\AskTBar
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Přispějete na provoz fóra?