Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
winlogon.exe
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: winlogon.exe
S tím počkejte na kolegu, já potřebuju ten log z combofixu
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: winlogon.exe
asi sem tupej ale nikde to není???
Re: winlogon.exe
Poprosím o log ze Rsitu, kouknu co jste vyváděl
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: winlogon.exe
Logfile of random's system information tool 1.08 (written by random/random)
Run by Admin at 2010-09-26 21:47:18
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 403 GB (84%) free of 477 GB
Total RAM: 2047 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:47:20, on 26.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dgdersvc.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Admin\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Admin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\PC Translator\WEBIE.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\PC Translator\WEBIE.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ROUTE66Sync] C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe -runinbackground
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S1162.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Program Files\Winlogon\winlogon.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Program Files\Winlogon\winlogon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .8.110.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\WINDOWS\system32\dgdersvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate1c9eab951733988) (gupdate1c9eab951733988) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9747 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\XoftSpySE 2.job
C:\WINDOWS\tasks\XoftSpySE.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Program Files\PC Translator\WEBIE.DLL [2002-01-01 360448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-06-11 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-09 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Program Files\PC Translator\WEBIE.DLL [2002-01-01 360448]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-01-21 949376]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-03-15 180224]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
""= []
"ROUTE66Sync"=C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe [2010-06-29 176128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=C:\Program Files\Winlogon\winlogon.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"=C:\Program Files\CCleaner\ccleaner.exe [2010-07-23 1755960]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2009-02-25 1103216]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-11 39408]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-08-14 106904]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2010-04-16 2938552]
"EPSON Stylus DX4000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE [2006-09-21 139264]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2010-06-30 3365176]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=C:\Program Files\Winlogon\winlogon.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon]
C:\Program Files\Winlogon\winlogon.exe []
C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-12-11 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoSMConfigurePrograms"=1
"NoStartMenuPinnedList"=1
"ForceClassicControlPanel"=1
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Electronic Arts\Need for Speed ProStreet\nfs.exe"="C:\Program Files\Electronic Arts\Need for Speed ProStreet\nfs.exe:*:Enabled:nfs"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Documents and Settings\Admin\Dokumenty\Downloads\Call of duty 4 Multiplayer\iw3mp.exe"="C:\Documents and Settings\Admin\Dokumenty\Downloads\Call of duty 4 Multiplayer\iw3mp.exe:*:Enabled:iw3mp"
"C:\Documents and Settings\Admin\Dokumenty\Stažené soubory\SweetImSetup.exe"="C:\Documents and Settings\Admin\Dokumenty\Stažené soubory\SweetImSetup.exe:*:Enabled:SweetIM Installer"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ROUTE 66\ROUTE 66 Sync\ROUTE66Sync.exe"="C:\Program Files\ROUTE 66\ROUTE 66 Sync\ROUTE66Sync.exe:*:Enabled:ROUTE 66 Sync"
"C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe"="C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe:*:Enabled:Sync9Loader"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
======List of files/folders created in the last 1 months======
2010-09-26 20:51:30 ----D---- C:\ampapa12448a
2010-09-26 20:51:29 ----D---- C:\ampapa
2010-09-25 18:18:52 ----A---- C:\WINDOWS\PEV.exe
2010-09-25 18:18:52 ----A---- C:\WINDOWS\NIRCMD.exe
2010-09-25 18:18:52 ----A---- C:\WINDOWS\MBR.exe
2010-09-25 18:18:51 ----A---- C:\WINDOWS\zip.exe
2010-09-25 18:18:51 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-09-25 18:18:51 ----A---- C:\WINDOWS\SWSC.exe
2010-09-25 18:18:51 ----A---- C:\WINDOWS\SWREG.exe
2010-09-25 18:18:51 ----A---- C:\WINDOWS\sed.exe
2010-09-25 18:18:51 ----A---- C:\WINDOWS\grep.exe
2010-09-25 18:18:47 ----D---- C:\WINDOWS\ERDNT
2010-09-25 18:18:34 ----D---- C:\Qoobox
2010-09-25 18:12:21 ----D---- C:\_OTM
2010-09-25 10:39:36 ----D---- C:\rsit
2010-09-25 00:18:34 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-09-22 20:07:07 ----D---- C:\Documents and Settings\Admin\Data aplikací\TuneUp Software
2010-09-22 20:07:00 ----D---- C:\Program Files\TuneUp Utilities 2010
2010-09-22 20:06:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2010-09-22 20:06:48 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-09-22 19:43:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\RegSERVO
2010-09-21 07:27:48 ----A---- C:\Documents and Settings\Admin\Data aplikací\Admin3SQLite3.dll
2010-09-06 16:20:21 ----D---- C:\Program Files\EA GAMES
======List of files/folders modified in the last 1 months======
2010-09-26 21:47:20 ----D---- C:\Program Files\Trend Micro
2010-09-26 21:47:10 ----AD---- C:\WINDOWS
2010-09-26 21:47:10 ----A---- C:\WINDOWS\TRNCOM.INI
2010-09-26 21:34:33 ----SD---- C:\WINDOWS\Tasks
2010-09-26 21:34:30 ----D---- C:\WINDOWS\temp
2010-09-26 20:27:45 ----D---- C:\WINDOWS\system32\drivers
2010-09-26 20:27:45 ----D---- C:\WINDOWS\system32
2010-09-26 20:27:45 ----D---- C:\WINDOWS\AppPatch
2010-09-26 20:27:45 ----D---- C:\Program Files\Common Files
2010-09-26 20:26:41 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-26 19:28:23 ----D---- C:\WINDOWS\Prefetch
2010-09-25 18:30:45 ----D---- C:\Program Files
2010-09-25 18:12:23 ----SHD---- C:\WINDOWS\Installer
2010-09-25 18:12:23 ----D---- C:\WINDOWS\system32\dllcache
2010-09-22 22:09:47 ----SHD---- C:\Config.Msi
2010-09-22 20:40:16 ----D---- C:\Documents and Settings\Admin\Data aplikací\uTorrent
2010-09-21 23:55:58 ----D---- C:\Program Files\WinRAR
2010-09-21 23:06:54 ----D---- C:\Program Files\Unlocker
2010-09-16 14:34:43 ----D---- C:\Program Files\Mozilla Firefox
2010-09-11 19:11:43 ----D---- C:\Nostale(CZ)
2010-09-09 19:05:40 ----D---- C:\Perfect World Entertainment
2010-09-07 06:27:08 ----D---- C:\Program Files\uTorrent
2010-09-06 17:21:30 ----D---- C:\WINDOWS\system32\DirectX
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2006-07-10 27032]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2007-01-12 82296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2009-01-21 15424]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2009-01-21 512096]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys [2010-05-25 18136]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-12-11 4879360]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-06-25 36864]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-12-11 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2008-12-11 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2002-01-01 47360]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S0 Si3114r5;Si3114r5; C:\WINDOWS\system32\drivers\Si3114r5.sys [2008-12-11 202032]
S3 catchme;catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM); C:\WINDOWS\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter; C:\WINDOWS\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers; C:\WINDOWS\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-12-11 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S3 XDva281;XDva281; \??\C:\WINDOWS\system32\XDva281.sys []
S3 XDva344;XDva344; \??\C:\WINDOWS\system32\XDva344.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 dgdersvc;Device Error Recovery Service; C:\WINDOWS\system32\dgdersvc.exe [2010-05-25 95568]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-08-14 237984]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-09 153376]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-01-21 552064]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-05-07 75064]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate1c9eab951733988;Služba Google Update (gupdate1c9eab951733988); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-11 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-11 183280]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2002-01-01 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2010-06-07 3549224]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Run by Admin at 2010-09-26 21:47:18
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 403 GB (84%) free of 477 GB
Total RAM: 2047 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:47:20, on 26.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dgdersvc.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Admin\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Admin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\PC Translator\WEBIE.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\PC Translator\WEBIE.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ROUTE66Sync] C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe -runinbackground
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S1162.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Program Files\Winlogon\winlogon.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Program Files\Winlogon\winlogon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .8.110.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\WINDOWS\system32\dgdersvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate1c9eab951733988) (gupdate1c9eab951733988) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9747 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\XoftSpySE 2.job
C:\WINDOWS\tasks\XoftSpySE.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Program Files\PC Translator\WEBIE.DLL [2002-01-01 360448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-06-11 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-09 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Program Files\PC Translator\WEBIE.DLL [2002-01-01 360448]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-01-21 949376]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-03-15 180224]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
""= []
"ROUTE66Sync"=C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe [2010-06-29 176128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=C:\Program Files\Winlogon\winlogon.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"=C:\Program Files\CCleaner\ccleaner.exe [2010-07-23 1755960]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2009-02-25 1103216]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-11 39408]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-08-14 106904]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2010-04-16 2938552]
"EPSON Stylus DX4000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE [2006-09-21 139264]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2010-06-30 3365176]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=C:\Program Files\Winlogon\winlogon.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon]
C:\Program Files\Winlogon\winlogon.exe []
C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-12-11 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoSMConfigurePrograms"=1
"NoStartMenuPinnedList"=1
"ForceClassicControlPanel"=1
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Electronic Arts\Need for Speed ProStreet\nfs.exe"="C:\Program Files\Electronic Arts\Need for Speed ProStreet\nfs.exe:*:Enabled:nfs"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Documents and Settings\Admin\Dokumenty\Downloads\Call of duty 4 Multiplayer\iw3mp.exe"="C:\Documents and Settings\Admin\Dokumenty\Downloads\Call of duty 4 Multiplayer\iw3mp.exe:*:Enabled:iw3mp"
"C:\Documents and Settings\Admin\Dokumenty\Stažené soubory\SweetImSetup.exe"="C:\Documents and Settings\Admin\Dokumenty\Stažené soubory\SweetImSetup.exe:*:Enabled:SweetIM Installer"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ROUTE 66\ROUTE 66 Sync\ROUTE66Sync.exe"="C:\Program Files\ROUTE 66\ROUTE 66 Sync\ROUTE66Sync.exe:*:Enabled:ROUTE 66 Sync"
"C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe"="C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe:*:Enabled:Sync9Loader"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
======List of files/folders created in the last 1 months======
2010-09-26 20:51:30 ----D---- C:\ampapa12448a
2010-09-26 20:51:29 ----D---- C:\ampapa
2010-09-25 18:18:52 ----A---- C:\WINDOWS\PEV.exe
2010-09-25 18:18:52 ----A---- C:\WINDOWS\NIRCMD.exe
2010-09-25 18:18:52 ----A---- C:\WINDOWS\MBR.exe
2010-09-25 18:18:51 ----A---- C:\WINDOWS\zip.exe
2010-09-25 18:18:51 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-09-25 18:18:51 ----A---- C:\WINDOWS\SWSC.exe
2010-09-25 18:18:51 ----A---- C:\WINDOWS\SWREG.exe
2010-09-25 18:18:51 ----A---- C:\WINDOWS\sed.exe
2010-09-25 18:18:51 ----A---- C:\WINDOWS\grep.exe
2010-09-25 18:18:47 ----D---- C:\WINDOWS\ERDNT
2010-09-25 18:18:34 ----D---- C:\Qoobox
2010-09-25 18:12:21 ----D---- C:\_OTM
2010-09-25 10:39:36 ----D---- C:\rsit
2010-09-25 00:18:34 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-09-22 20:07:07 ----D---- C:\Documents and Settings\Admin\Data aplikací\TuneUp Software
2010-09-22 20:07:00 ----D---- C:\Program Files\TuneUp Utilities 2010
2010-09-22 20:06:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2010-09-22 20:06:48 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-09-22 19:43:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\RegSERVO
2010-09-21 07:27:48 ----A---- C:\Documents and Settings\Admin\Data aplikací\Admin3SQLite3.dll
2010-09-06 16:20:21 ----D---- C:\Program Files\EA GAMES
======List of files/folders modified in the last 1 months======
2010-09-26 21:47:20 ----D---- C:\Program Files\Trend Micro
2010-09-26 21:47:10 ----AD---- C:\WINDOWS
2010-09-26 21:47:10 ----A---- C:\WINDOWS\TRNCOM.INI
2010-09-26 21:34:33 ----SD---- C:\WINDOWS\Tasks
2010-09-26 21:34:30 ----D---- C:\WINDOWS\temp
2010-09-26 20:27:45 ----D---- C:\WINDOWS\system32\drivers
2010-09-26 20:27:45 ----D---- C:\WINDOWS\system32
2010-09-26 20:27:45 ----D---- C:\WINDOWS\AppPatch
2010-09-26 20:27:45 ----D---- C:\Program Files\Common Files
2010-09-26 20:26:41 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-26 19:28:23 ----D---- C:\WINDOWS\Prefetch
2010-09-25 18:30:45 ----D---- C:\Program Files
2010-09-25 18:12:23 ----SHD---- C:\WINDOWS\Installer
2010-09-25 18:12:23 ----D---- C:\WINDOWS\system32\dllcache
2010-09-22 22:09:47 ----SHD---- C:\Config.Msi
2010-09-22 20:40:16 ----D---- C:\Documents and Settings\Admin\Data aplikací\uTorrent
2010-09-21 23:55:58 ----D---- C:\Program Files\WinRAR
2010-09-21 23:06:54 ----D---- C:\Program Files\Unlocker
2010-09-16 14:34:43 ----D---- C:\Program Files\Mozilla Firefox
2010-09-11 19:11:43 ----D---- C:\Nostale(CZ)
2010-09-09 19:05:40 ----D---- C:\Perfect World Entertainment
2010-09-07 06:27:08 ----D---- C:\Program Files\uTorrent
2010-09-06 17:21:30 ----D---- C:\WINDOWS\system32\DirectX
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2006-07-10 27032]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2007-01-12 82296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2009-01-21 15424]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2009-01-21 512096]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys [2010-05-25 18136]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-12-11 4879360]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-06-25 36864]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-12-11 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2008-12-11 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2002-01-01 47360]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S0 Si3114r5;Si3114r5; C:\WINDOWS\system32\drivers\Si3114r5.sys [2008-12-11 202032]
S3 catchme;catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM); C:\WINDOWS\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter; C:\WINDOWS\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers; C:\WINDOWS\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-12-11 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S3 XDva281;XDva281; \??\C:\WINDOWS\system32\XDva281.sys []
S3 XDva344;XDva344; \??\C:\WINDOWS\system32\XDva344.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 dgdersvc;Device Error Recovery Service; C:\WINDOWS\system32\dgdersvc.exe [2010-05-25 95568]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-08-14 237984]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-09 153376]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-01-21 552064]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-05-07 75064]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate1c9eab951733988;Služba Google Update (gupdate1c9eab951733988); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-11 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-11 183280]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2002-01-01 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2010-06-07 3549224]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: winlogon.exe
Combofix se Vám asi celý neprovedl. Jděte do nouzového režimu ( po erstartu mačkejte F8) a spusťte ho znovu. Log vložte zde.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: winlogon.exe
ComboFix 10-09-24.05 - Admin 26.09.2010 21:59:23.7.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1694 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Admin\Dokumenty\Stažené soubory\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Admin\Data aplikací\Desktopicon
C:\Documents and Settings\Admin\Data aplikací\Desktopicon\config.ini
C:\Documents and Settings\Admin\Data aplikací\facemoods.com
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\inst.dat
C:\WINDOWS\system32\kw.dat
C:\WINDOWS\system32\muzapp.exe
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pk.bin
C:\WINDOWS\system32\rinst.exe
C:\WINDOWS\system32\web.dat
C:\WINDOWS\system32\websites.html
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\srsvc.dll . . . je infikován!!
C:\WINDOWS\system32\proquota.exe . . . chybí !!
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-26 do 2010-09-26 )))))))))))))))))))))))))))))))
.
2010-09-26 20:01:06 . 2010-09-26 20:01:06 552 ----a-w- C:\WINDOWS\system32\d3d8caps.dat
2010-09-26 18:51:30 . 2010-09-26 18:51:30 -------- d-----w- C:\ampapa12448a
2010-09-26 18:51:29 . 2010-09-26 18:51:33 -------- d-----w- C:\ampapa
2010-09-25 16:12:21 . 2010-09-25 16:12:21 -------- d-----w- C:\_OTM
2010-09-25 08:39:36 . 2010-09-25 08:40:32 -------- d-----w- C:\rsit
2010-09-22 18:07:00 . 2010-09-22 20:09:40 -------- d-----w- C:\Program Files\TuneUp Utilities 2010
2010-09-17 12:03:52 . 2010-09-17 12:03:52 4096 ----a-w- C:\WINDOWS\d3dx.dat
2010-09-06 14:20:21 . 2010-09-06 15:40:23 -------- d-----w- C:\Program Files\EA GAMES
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 19:47:20 . 2009-02-22 16:20:27 -------- d-----w- C:\Program Files\Trend Micro
2010-09-21 21:06:54 . 2002-01-01 01:27:45 -------- d-----w- C:\Program Files\Unlocker
2010-09-07 04:27:08 . 2009-04-08 06:25:39 -------- d-----w- C:\Program Files\uTorrent
2010-08-22 08:50:03 . 2002-01-01 01:27:41 -------- d-----w- C:\Program Files\CCleaner
2010-08-22 08:48:12 . 2009-02-08 15:58:02 -------- d-----w- C:\Program Files\Nokia
2010-08-22 07:17:16 . 2002-01-01 04:33:49 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-08-22 07:16:57 . 2010-08-22 07:16:57 -------- d-----w- C:\Program Files\Common Files\ROUTE 66
2010-08-22 07:16:56 . 2010-08-22 07:16:56 -------- d-----w- C:\Program Files\ROUTE 66
2010-08-20 16:58:37 . 2009-03-15 12:20:17 108144 ----a-w- C:\WINDOWS\system32\CmdLineExt.dll
2010-08-10 18:12:13 . 2010-08-10 17:24:10 -------- d-----w- C:\Program Files\Metin2
2010-08-07 20:28:39 . 2010-08-07 20:28:39 -------- d-----w- C:\Program Files\Common Files\INCA Shared
2010-08-03 12:21:08 . 2002-01-01 04:44:08 -------- d-----r- C:\Program Files\Skype
2010-07-30 15:36:24 . 2010-04-16 14:44:28 -------- d-----w- C:\Program Files\Outspark
2010-07-18 11:14:19 . 2001-10-25 11:00:00 80910 ----a-w- C:\WINDOWS\system32\perfc005.dat
2010-07-18 11:14:19 . 2001-10-25 11:00:00 435122 ----a-w- C:\WINDOWS\system32\perfh005.dat
2010-01-02 10:22:57 . 2010-01-02 10:22:49 9812992 ----a-w- C:\Program Files\epson324677eu.exe
2009-06-11 17:21:54 . 2009-06-11 17:21:35 1086616 ----a-w- C:\Program Files\Google_Updater.exe
.
------- Sigcheck -------
[-] 2008-12-10 22:23:37 . DF70435F3D17C40D5CB15E6DC918342E . 361600 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . C:\WINDOWS\system32\drivers\tcpip.sys
[-] 2008-12-10 22:22:05 . BE68EA4457E2E5717231CF91BE5448E0 . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\system32\es.dll
[-] 2008-12-10 22:21:57 . B6CEC406351EA5EF131416D5F52D006F . 247296 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . C:\WINDOWS\system32\mswsock.dll
[-] 2008-12-10 22:22:33 . 0E2B40ADAAB8F6F5FCAB06C1D49795B6 . 2147328 . . [5.1.2600.5657 (xpsp_sp3_qfe.080814-1300)] . . C:\WINDOWS\system32\ntoskrnl.exe
[-] 2008-10-03 14:11:27 . 19E05B2ECDCB296AA2F246A8EB52B20A . 1704448 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\explorer.exe
[-] 2008-12-10 22:19:59 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . C:\WINDOWS\system32\mspmsnsv.dll
[-] 2008-12-10 22:44:07 . 176C2A8E2243EA1D07FD978294B99994 . 2287104 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\ntkrnlpa.exe
C:\WINDOWS\System32\wuauclt.exe ... chybí !!
C:\WINDOWS\System32\srsvc.dll ... chybí !!
C:\WINDOWS\System32\wscntfy.exe ... chybí !!
C:\WINDOWS\System32\ctfmon.exe ... chybí !!
C:\WINDOWS\System32\regsvc.dll ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2010-07-23 14:49:28 1755960]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2009-02-25 03:20:06 1103216]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-11 17:23:02 39408]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-08-14 13:48:06 106904]
"Pando Media Booster"="C:\Program Files\Pando Networks\Media Booster\PMB.exe" [2010-04-16 14:33:52 2938552]
"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" [2010-06-30 04:12:16 3365176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2009-01-21 07:51:47 949376]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-10-07 10:33:00 13574144]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 05:03:26 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03:04 81920]
"nwiz"="nwiz.exe" [2008-10-07 10:33:00 1630208]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-10-07 10:33:00 86016]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2009-03-15 10:15:16 180224]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 09:43:18 248040]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 13:47:36 57344]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 08:06:33 976832]
"ROUTE66Sync"="C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe" [2010-06-29 10:18:32 176128]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2008-10-16 19:33:48 124928]
C:\Documents and Settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-2-28 155648]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Electronic Arts\\Need for Speed ProStreet\\nfs.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"C:\\Documents and Settings\\Admin\\Dokumenty\\Downloads\\Call of duty 4 Multiplayer\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\ROUTE 66\\ROUTE 66 Sync\\ROUTE66Sync.exe"=
"C:\\Program Files\\ROUTE 66\\ROUTE 66 Sync\\Sync9Loader.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57169:TCP"= 57169:TCP:Pando Media Booster
"57169:UDP"= 57169:UDP:Pando Media Booster
"57482:TCP"= 57482:TCP:Pando Media Booster
"57482:UDP"= 57482:UDP:Pando Media Booster
"58975:TCP"= 58975:TCP:Pando Media Booster
"58975:UDP"= 58975:UDP:Pando Media Booster
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [5.7.2006 14:46:06 63352]
R1 nod32drv;nod32drv;C:\WINDOWS\system32\drivers\nod32drv.sys [21.1.2009 9:51:53 15424]
R2 dgdersvc;Device Error Recovery Service;C:\WINDOWS\system32\dgdersvc.exe [25.5.2010 8:44:30 95568]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [22.8.2009 9:56:48 237984]
R3 dgderdrv;dgderdrv;C:\WINDOWS\system32\drivers\dgderdrv.sys [25.5.2010 8:44:30 18136]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [22.8.2009 9:56:48 36608]
S2 gupdate1c9eab951733988;Služba Google Update (gupdate1c9eab951733988);C:\Program Files\Google\Update\GoogleUpdate.exe [11.6.2009 19:23:20 133104]
S3 EagleXNt;EagleXNt;\??\C:\WINDOWS\system32\drivers\EagleXNt.sys --> C:\WINDOWS\system32\drivers\EagleXNt.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [19.7.2009 21:19:35 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [19.7.2009 21:19:36 8320]
S3 npggsvc;nProtect GameGuard Service;C:\WINDOWS\system32\GameMon.des -service --> C:\WINDOWS\system32\GameMon.des -service [?]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);C:\WINDOWS\system32\drivers\sscebus.sys [18.7.2010 13:26:41 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;C:\WINDOWS\system32\drivers\sscemdfl.sys [18.7.2010 13:26:42 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;C:\WINDOWS\system32\drivers\sscemdm.sys [18.7.2010 13:26:42 123648]
S3 XDva281;XDva281;\??\C:\WINDOWS\system32\XDva281.sys --> C:\WINDOWS\system32\XDva281.sys [?]
S3 XDva344;XDva344;\??\C:\WINDOWS\system32\XDva344.sys --> C:\WINDOWS\system32\XDva344.sys [?]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - FSUSBEXDISK
.
Obsah adresáře 'Naplánované úlohy'
2010-09-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34:12 . 2008-07-30 10:34:12]
2010-09-26 C:\WINDOWS\Tasks\Google Software Updater.job
- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-11 17:23:00 . 2009-06-11 17:23:00]
2010-09-26 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-11 17:23:20 . 2009-06-11 17:23:18]
2010-09-26 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-11 17:23:20 . 2009-06-11 17:23:18]
2010-09-26 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-09-10 14:51:22 . 2008-09-10 15:51:22]
2002-01-01 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-09-10 14:51:22 . 2008-09-10 15:51:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator\WEBIE.DLL
LSP: C:\WINDOWS\system32\imon.dll
FF - ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\rs2b7hnj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: C:\Program Files\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
---- NASTAVENÍ FIREFOXU ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
MSConfigStartUp-winlogon - C:\Program Files\Winlogon\winlogon.exe
ActiveSetup-{NJ524UM3-S046-U185-K4V0-VD307NU7PP5E} - C:\Program Files\Winlogon\winlogon.exe
AddRemove-01_Simmental - C:\Program Files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - C:\Program Files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - C:\Program Files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - C:\Program Files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - C:\Program Files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - C:\Program Files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - C:\Program Files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - C:\Program Files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - C:\Program Files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - C:\Program Files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1694 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Admin\Dokumenty\Stažené soubory\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Admin\Data aplikací\Desktopicon
C:\Documents and Settings\Admin\Data aplikací\Desktopicon\config.ini
C:\Documents and Settings\Admin\Data aplikací\facemoods.com
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\inst.dat
C:\WINDOWS\system32\kw.dat
C:\WINDOWS\system32\muzapp.exe
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pk.bin
C:\WINDOWS\system32\rinst.exe
C:\WINDOWS\system32\web.dat
C:\WINDOWS\system32\websites.html
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\srsvc.dll . . . je infikován!!
C:\WINDOWS\system32\proquota.exe . . . chybí !!
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-26 do 2010-09-26 )))))))))))))))))))))))))))))))
.
2010-09-26 20:01:06 . 2010-09-26 20:01:06 552 ----a-w- C:\WINDOWS\system32\d3d8caps.dat
2010-09-26 18:51:30 . 2010-09-26 18:51:30 -------- d-----w- C:\ampapa12448a
2010-09-26 18:51:29 . 2010-09-26 18:51:33 -------- d-----w- C:\ampapa
2010-09-25 16:12:21 . 2010-09-25 16:12:21 -------- d-----w- C:\_OTM
2010-09-25 08:39:36 . 2010-09-25 08:40:32 -------- d-----w- C:\rsit
2010-09-22 18:07:00 . 2010-09-22 20:09:40 -------- d-----w- C:\Program Files\TuneUp Utilities 2010
2010-09-17 12:03:52 . 2010-09-17 12:03:52 4096 ----a-w- C:\WINDOWS\d3dx.dat
2010-09-06 14:20:21 . 2010-09-06 15:40:23 -------- d-----w- C:\Program Files\EA GAMES
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 19:47:20 . 2009-02-22 16:20:27 -------- d-----w- C:\Program Files\Trend Micro
2010-09-21 21:06:54 . 2002-01-01 01:27:45 -------- d-----w- C:\Program Files\Unlocker
2010-09-07 04:27:08 . 2009-04-08 06:25:39 -------- d-----w- C:\Program Files\uTorrent
2010-08-22 08:50:03 . 2002-01-01 01:27:41 -------- d-----w- C:\Program Files\CCleaner
2010-08-22 08:48:12 . 2009-02-08 15:58:02 -------- d-----w- C:\Program Files\Nokia
2010-08-22 07:17:16 . 2002-01-01 04:33:49 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-08-22 07:16:57 . 2010-08-22 07:16:57 -------- d-----w- C:\Program Files\Common Files\ROUTE 66
2010-08-22 07:16:56 . 2010-08-22 07:16:56 -------- d-----w- C:\Program Files\ROUTE 66
2010-08-20 16:58:37 . 2009-03-15 12:20:17 108144 ----a-w- C:\WINDOWS\system32\CmdLineExt.dll
2010-08-10 18:12:13 . 2010-08-10 17:24:10 -------- d-----w- C:\Program Files\Metin2
2010-08-07 20:28:39 . 2010-08-07 20:28:39 -------- d-----w- C:\Program Files\Common Files\INCA Shared
2010-08-03 12:21:08 . 2002-01-01 04:44:08 -------- d-----r- C:\Program Files\Skype
2010-07-30 15:36:24 . 2010-04-16 14:44:28 -------- d-----w- C:\Program Files\Outspark
2010-07-18 11:14:19 . 2001-10-25 11:00:00 80910 ----a-w- C:\WINDOWS\system32\perfc005.dat
2010-07-18 11:14:19 . 2001-10-25 11:00:00 435122 ----a-w- C:\WINDOWS\system32\perfh005.dat
2010-01-02 10:22:57 . 2010-01-02 10:22:49 9812992 ----a-w- C:\Program Files\epson324677eu.exe
2009-06-11 17:21:54 . 2009-06-11 17:21:35 1086616 ----a-w- C:\Program Files\Google_Updater.exe
.
------- Sigcheck -------
[-] 2008-12-10 22:23:37 . DF70435F3D17C40D5CB15E6DC918342E . 361600 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . C:\WINDOWS\system32\drivers\tcpip.sys
[-] 2008-12-10 22:22:05 . BE68EA4457E2E5717231CF91BE5448E0 . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\system32\es.dll
[-] 2008-12-10 22:21:57 . B6CEC406351EA5EF131416D5F52D006F . 247296 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . C:\WINDOWS\system32\mswsock.dll
[-] 2008-12-10 22:22:33 . 0E2B40ADAAB8F6F5FCAB06C1D49795B6 . 2147328 . . [5.1.2600.5657 (xpsp_sp3_qfe.080814-1300)] . . C:\WINDOWS\system32\ntoskrnl.exe
[-] 2008-10-03 14:11:27 . 19E05B2ECDCB296AA2F246A8EB52B20A . 1704448 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\explorer.exe
[-] 2008-12-10 22:19:59 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . C:\WINDOWS\system32\mspmsnsv.dll
[-] 2008-12-10 22:44:07 . 176C2A8E2243EA1D07FD978294B99994 . 2287104 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\ntkrnlpa.exe
C:\WINDOWS\System32\wuauclt.exe ... chybí !!
C:\WINDOWS\System32\srsvc.dll ... chybí !!
C:\WINDOWS\System32\wscntfy.exe ... chybí !!
C:\WINDOWS\System32\ctfmon.exe ... chybí !!
C:\WINDOWS\System32\regsvc.dll ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2010-07-23 14:49:28 1755960]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2009-02-25 03:20:06 1103216]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-11 17:23:02 39408]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-08-14 13:48:06 106904]
"Pando Media Booster"="C:\Program Files\Pando Networks\Media Booster\PMB.exe" [2010-04-16 14:33:52 2938552]
"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" [2010-06-30 04:12:16 3365176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2009-01-21 07:51:47 949376]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-10-07 10:33:00 13574144]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 05:03:26 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03:04 81920]
"nwiz"="nwiz.exe" [2008-10-07 10:33:00 1630208]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-10-07 10:33:00 86016]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2009-03-15 10:15:16 180224]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 09:43:18 248040]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 13:47:36 57344]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 08:06:33 976832]
"ROUTE66Sync"="C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe" [2010-06-29 10:18:32 176128]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2008-10-16 19:33:48 124928]
C:\Documents and Settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-2-28 155648]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Electronic Arts\\Need for Speed ProStreet\\nfs.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"C:\\Documents and Settings\\Admin\\Dokumenty\\Downloads\\Call of duty 4 Multiplayer\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\ROUTE 66\\ROUTE 66 Sync\\ROUTE66Sync.exe"=
"C:\\Program Files\\ROUTE 66\\ROUTE 66 Sync\\Sync9Loader.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57169:TCP"= 57169:TCP:Pando Media Booster
"57169:UDP"= 57169:UDP:Pando Media Booster
"57482:TCP"= 57482:TCP:Pando Media Booster
"57482:UDP"= 57482:UDP:Pando Media Booster
"58975:TCP"= 58975:TCP:Pando Media Booster
"58975:UDP"= 58975:UDP:Pando Media Booster
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [5.7.2006 14:46:06 63352]
R1 nod32drv;nod32drv;C:\WINDOWS\system32\drivers\nod32drv.sys [21.1.2009 9:51:53 15424]
R2 dgdersvc;Device Error Recovery Service;C:\WINDOWS\system32\dgdersvc.exe [25.5.2010 8:44:30 95568]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [22.8.2009 9:56:48 237984]
R3 dgderdrv;dgderdrv;C:\WINDOWS\system32\drivers\dgderdrv.sys [25.5.2010 8:44:30 18136]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [22.8.2009 9:56:48 36608]
S2 gupdate1c9eab951733988;Služba Google Update (gupdate1c9eab951733988);C:\Program Files\Google\Update\GoogleUpdate.exe [11.6.2009 19:23:20 133104]
S3 EagleXNt;EagleXNt;\??\C:\WINDOWS\system32\drivers\EagleXNt.sys --> C:\WINDOWS\system32\drivers\EagleXNt.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [19.7.2009 21:19:35 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [19.7.2009 21:19:36 8320]
S3 npggsvc;nProtect GameGuard Service;C:\WINDOWS\system32\GameMon.des -service --> C:\WINDOWS\system32\GameMon.des -service [?]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);C:\WINDOWS\system32\drivers\sscebus.sys [18.7.2010 13:26:41 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;C:\WINDOWS\system32\drivers\sscemdfl.sys [18.7.2010 13:26:42 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;C:\WINDOWS\system32\drivers\sscemdm.sys [18.7.2010 13:26:42 123648]
S3 XDva281;XDva281;\??\C:\WINDOWS\system32\XDva281.sys --> C:\WINDOWS\system32\XDva281.sys [?]
S3 XDva344;XDva344;\??\C:\WINDOWS\system32\XDva344.sys --> C:\WINDOWS\system32\XDva344.sys [?]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - FSUSBEXDISK
.
Obsah adresáře 'Naplánované úlohy'
2010-09-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34:12 . 2008-07-30 10:34:12]
2010-09-26 C:\WINDOWS\Tasks\Google Software Updater.job
- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-11 17:23:00 . 2009-06-11 17:23:00]
2010-09-26 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-11 17:23:20 . 2009-06-11 17:23:18]
2010-09-26 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-11 17:23:20 . 2009-06-11 17:23:18]
2010-09-26 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-09-10 14:51:22 . 2008-09-10 15:51:22]
2002-01-01 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-09-10 14:51:22 . 2008-09-10 15:51:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator\WEBIE.DLL
LSP: C:\WINDOWS\system32\imon.dll
FF - ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\rs2b7hnj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: C:\Program Files\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
---- NASTAVENÍ FIREFOXU ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
MSConfigStartUp-winlogon - C:\Program Files\Winlogon\winlogon.exe
ActiveSetup-{NJ524UM3-S046-U185-K4V0-VD307NU7PP5E} - C:\Program Files\Winlogon\winlogon.exe
AddRemove-01_Simmental - C:\Program Files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - C:\Program Files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - C:\Program Files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - C:\Program Files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - C:\Program Files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - C:\Program Files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - C:\Program Files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - C:\Program Files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - C:\Program Files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - C:\Program Files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
Re: winlogon.exe
Vysvětlete mi podrobněji, co to po vás konkrétně chce.ampapa píše:je to změněno ale stejně se mě to pořád pta při každem zapnutí windows že sem nebyl přihlašen a ještě nějaký věci co s tím?
Pokud jste s naší pomocí spokojeni, můžete nás podpořit. Informace zde
Re: winlogon.exe
systém vás nemohl přihlásit.ujistěte se že uživatelské jmeno a doména jsou správné pote znovu zadejte heslo
Re: winlogon.exe
Počkám až to s kolegou vyřešíte, zítra večer pokračujeme 
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: winlogon.exe
ok tak zitra a pujde to vyčistit?? 
Re: winlogon.exe
A proč by nešlo? Akorát já na to už dnes nevidím
Akorát já na to už dnes nevidím Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: winlogon.exe
díky a pěkný večer
Re: winlogon.exe
Spusťte si Regedit, najděte klíč
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Klikněte na něj pravým tlačítkem a vyexportujte ho. Soubor mi pak upněte na www.leteckaposta.cz.
Kdyby jste si s tím nevěděl rady, kolegyně vám s tím určitě pomůže. Já tu budu až po 22,15.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Klikněte na něj pravým tlačítkem a vyexportujte ho. Soubor mi pak upněte na www.leteckaposta.cz.
Kdyby jste si s tím nevěděl rady, kolegyně vám s tím určitě pomůže. Já tu budu až po 22,15.
Pokud jste s naší pomocí spokojeni, můžete nás podpořit. Informace zde
Re: winlogon.exe
A já tu budu až večer .
Ještě nás čeká kupa práce, bud nás combofix šidí, nebo máte chybějící syst. soubory, máte to nějaké divoké
Běžte do nouzového režimu (po restartu mačkejte F8)
Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
.Ještě nás čeká kupa práce, bud nás combofix šidí, nebo máte chybějící syst. soubory, máte to nějaké divoké
Běžte do nouzového režimu (po restartu mačkejte F8) Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\muzapp.exe"=-
Driver::
XDva281
XDva344
Collect::
C:\WINDOWS\system32\XDva281.sys
C:\WINDOWS\system32\XDva344.sys
Restore::
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\srsvc.dll
C:\WINDOWS\System32\wscntfy.exe .
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\regsvc.dll
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: winlogon.exe
ComboFix 10-09-24.05 - Admin 27.09.2010 21:47:19.8.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1795 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt.lnk
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Admin\Dokumenty\hkey.reg
.
---- Předchozí spuštění -------
.
c:\documents and settings\Admin\Data aplikací\Desktopicon\config.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\inst.dat
c:\windows\system32\kw.dat
c:\windows\system32\muzapp.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pk.bin
c:\windows\system32\rinst.exe
c:\windows\system32\web.dat
c:\windows\system32\websites.html
c:\windows\system32\wpcap.dll
-- Předchozí spuštění --
c:\windows\system32\srsvc.dll . . . je infikován!!
c:\windows\system32\proquota.exe . . . chybí !!
--------
c:\windows\system32\srsvc.dll . . . je infikován!!
c:\windows\system32\proquota.exe . . . chybí !!
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-27 do 2010-09-27 )))))))))))))))))))))))))))))))
.
2010-09-26 20:01 . 2010-09-26 20:01 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-09-25 16:12 . 2010-09-25 16:12 -------- d-----w- C:\_OTM
2010-09-25 08:39 . 2010-09-25 08:40 -------- d-----w- C:\rsit
2010-09-22 18:07 . 2010-09-22 20:09 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-09-17 12:03 . 2010-09-17 12:03 4096 ----a-w- c:\windows\d3dx.dat
2010-09-06 14:20 . 2010-09-06 15:40 -------- d-----w- c:\program files\EA GAMES
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 19:47 . 2009-02-22 16:20 -------- d-----w- c:\program files\Trend Micro
2010-09-21 21:06 . 2002-01-01 01:27 -------- d-----w- c:\program files\Unlocker
2010-09-07 04:27 . 2009-04-08 06:25 -------- d-----w- c:\program files\uTorrent
2010-08-22 08:50 . 2002-01-01 01:27 -------- d-----w- c:\program files\CCleaner
2010-08-22 08:48 . 2009-02-08 15:58 -------- d-----w- c:\program files\Nokia
2010-08-22 07:17 . 2002-01-01 04:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-22 07:16 . 2010-08-22 07:16 -------- d-----w- c:\program files\Common Files\ROUTE 66
2010-08-22 07:16 . 2010-08-22 07:16 -------- d-----w- c:\program files\ROUTE 66
2010-08-20 16:58 . 2009-03-15 12:20 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-08-10 18:12 . 2010-08-10 17:24 -------- d-----w- c:\program files\Metin2
2010-08-07 20:28 . 2010-08-07 20:28 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-08-03 12:21 . 2002-01-01 04:44 -------- d-----r- c:\program files\Skype
2010-07-30 15:36 . 2010-04-16 14:44 -------- d-----w- c:\program files\Outspark
2010-07-18 11:14 . 2001-10-25 11:00 80910 ----a-w- c:\windows\system32\perfc005.dat
2010-07-18 11:14 . 2001-10-25 11:00 435122 ----a-w- c:\windows\system32\perfh005.dat
2010-01-02 10:22 . 2010-01-02 10:22 9812992 ----a-w- c:\program files\epson324677eu.exe
2009-06-11 17:21 . 2009-06-11 17:21 1086616 ----a-w- c:\program files\Google_Updater.exe
.
------- Sigcheck -------
[-] 2008-12-10 . DF70435F3D17C40D5CB15E6DC918342E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-12-10 22:22 . BE68EA4457E2E5717231CF91BE5448E0 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-12-10 . B6CEC406351EA5EF131416D5F52D006F . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-12-10 . 0E2B40ADAAB8F6F5FCAB06C1D49795B6 . 2147328 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe
[-] 2008-10-03 . 19E05B2ECDCB296AA2F246A8EB52B20A . 1704448 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-12-10 22:19 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2008-12-10 . 176C2A8E2243EA1D07FD978294B99994 . 2287104 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
c:\windows\System32\wuauclt.exe ... chybí !!
c:\windows\System32\srsvc.dll ... chybí !!
c:\windows\System32\wscntfy.exe ... chybí !!
c:\windows\System32\ctfmon.exe ... chybí !!
c:\windows\System32\regsvc.dll ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2010-07-23 1755960]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-02-25 1103216]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-11 39408]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-08-14 106904]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-16 2938552]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2010-06-30 3365176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-01-21 949376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"ROUTE66Sync"="c:\program files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe" [2010-06-29 176128]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2008-10-16 124928]
c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Cyber-shot Viewer Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-2-28 155648]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon]
c:\program files\Winlogon\winlogon.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed ProStreet\\nfs.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Admin\\Dokumenty\\Downloads\\Call of duty 4 Multiplayer\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ROUTE 66\\ROUTE 66 Sync\\ROUTE66Sync.exe"=
"c:\\Program Files\\ROUTE 66\\ROUTE 66 Sync\\Sync9Loader.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57169:TCP"= 57169:TCP:Pando Media Booster
"57169:UDP"= 57169:UDP:Pando Media Booster
"57482:TCP"= 57482:TCP:Pando Media Booster
"57482:UDP"= 57482:UDP:Pando Media Booster
"58975:TCP"= 58975:TCP:Pando Media Booster
"58975:UDP"= 58975:UDP:Pando Media Booster
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [21.1.2009 9:51 15424]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [25.5.2010 8:44 95568]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [22.8.2009 9:56 237984]
S2 gupdate1c9eab951733988;Služba Google Update (gupdate1c9eab951733988);c:\program files\Google\Update\GoogleUpdate.exe [11.6.2009 19:23 133104]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [25.5.2010 8:44 18136]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [22.8.2009 9:56 36608]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [19.7.2009 21:19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [19.7.2009 21:19 8320]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [18.7.2010 13:26 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [18.7.2010 13:26 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [18.7.2010 13:26 123648]
S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]
S3 XDva344;XDva344;\??\c:\windows\system32\XDva344.sys --> c:\windows\system32\XDva344.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{NJ524UM3-S046-U185-K4V0-VD307NU7PP5E}]
c:\program files\Winlogon\winlogon.exe [BU]
.
Obsah adresáře 'Naplánované úlohy'
2010-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-09-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-11 17:23]
2010-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 17:23]
2010-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 17:23]
2010-09-27 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2008-09-10 15:51]
2002-01-01 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2008-09-10 15:51]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\PC Translator\WEBIE.DLL
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\rs2b7hnj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1085031214-1788223648-682003330-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Celkový čas: 2010-09-27 21:52:14
ComboFix-quarantined-files.txt 2010-09-27 19:52
Před spuštěním: Volných bajtů: 422 066 622 464
Po spuštění: Volných bajtů: 422 056 816 640
- - End Of File - - 9FA79315CA30A0F1FE6E2A4EDD508D4F
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1795 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt.lnk
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Admin\Dokumenty\hkey.reg
.
---- Předchozí spuštění -------
.
c:\documents and settings\Admin\Data aplikací\Desktopicon\config.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\inst.dat
c:\windows\system32\kw.dat
c:\windows\system32\muzapp.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pk.bin
c:\windows\system32\rinst.exe
c:\windows\system32\web.dat
c:\windows\system32\websites.html
c:\windows\system32\wpcap.dll
-- Předchozí spuštění --
c:\windows\system32\srsvc.dll . . . je infikován!!
c:\windows\system32\proquota.exe . . . chybí !!
--------
c:\windows\system32\srsvc.dll . . . je infikován!!
c:\windows\system32\proquota.exe . . . chybí !!
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-27 do 2010-09-27 )))))))))))))))))))))))))))))))
.
2010-09-26 20:01 . 2010-09-26 20:01 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-09-25 16:12 . 2010-09-25 16:12 -------- d-----w- C:\_OTM
2010-09-25 08:39 . 2010-09-25 08:40 -------- d-----w- C:\rsit
2010-09-22 18:07 . 2010-09-22 20:09 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-09-17 12:03 . 2010-09-17 12:03 4096 ----a-w- c:\windows\d3dx.dat
2010-09-06 14:20 . 2010-09-06 15:40 -------- d-----w- c:\program files\EA GAMES
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 19:47 . 2009-02-22 16:20 -------- d-----w- c:\program files\Trend Micro
2010-09-21 21:06 . 2002-01-01 01:27 -------- d-----w- c:\program files\Unlocker
2010-09-07 04:27 . 2009-04-08 06:25 -------- d-----w- c:\program files\uTorrent
2010-08-22 08:50 . 2002-01-01 01:27 -------- d-----w- c:\program files\CCleaner
2010-08-22 08:48 . 2009-02-08 15:58 -------- d-----w- c:\program files\Nokia
2010-08-22 07:17 . 2002-01-01 04:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-22 07:16 . 2010-08-22 07:16 -------- d-----w- c:\program files\Common Files\ROUTE 66
2010-08-22 07:16 . 2010-08-22 07:16 -------- d-----w- c:\program files\ROUTE 66
2010-08-20 16:58 . 2009-03-15 12:20 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-08-10 18:12 . 2010-08-10 17:24 -------- d-----w- c:\program files\Metin2
2010-08-07 20:28 . 2010-08-07 20:28 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-08-03 12:21 . 2002-01-01 04:44 -------- d-----r- c:\program files\Skype
2010-07-30 15:36 . 2010-04-16 14:44 -------- d-----w- c:\program files\Outspark
2010-07-18 11:14 . 2001-10-25 11:00 80910 ----a-w- c:\windows\system32\perfc005.dat
2010-07-18 11:14 . 2001-10-25 11:00 435122 ----a-w- c:\windows\system32\perfh005.dat
2010-01-02 10:22 . 2010-01-02 10:22 9812992 ----a-w- c:\program files\epson324677eu.exe
2009-06-11 17:21 . 2009-06-11 17:21 1086616 ----a-w- c:\program files\Google_Updater.exe
.
------- Sigcheck -------
[-] 2008-12-10 . DF70435F3D17C40D5CB15E6DC918342E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-12-10 22:22 . BE68EA4457E2E5717231CF91BE5448E0 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-12-10 . B6CEC406351EA5EF131416D5F52D006F . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-12-10 . 0E2B40ADAAB8F6F5FCAB06C1D49795B6 . 2147328 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe
[-] 2008-10-03 . 19E05B2ECDCB296AA2F246A8EB52B20A . 1704448 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-12-10 22:19 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2008-12-10 . 176C2A8E2243EA1D07FD978294B99994 . 2287104 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
c:\windows\System32\wuauclt.exe ... chybí !!
c:\windows\System32\srsvc.dll ... chybí !!
c:\windows\System32\wscntfy.exe ... chybí !!
c:\windows\System32\ctfmon.exe ... chybí !!
c:\windows\System32\regsvc.dll ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2010-07-23 1755960]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-02-25 1103216]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-11 39408]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-08-14 106904]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-16 2938552]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2010-06-30 3365176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-01-21 949376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"ROUTE66Sync"="c:\program files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe" [2010-06-29 176128]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2008-10-16 124928]
c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Cyber-shot Viewer Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-2-28 155648]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon]
c:\program files\Winlogon\winlogon.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed ProStreet\\nfs.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Admin\\Dokumenty\\Downloads\\Call of duty 4 Multiplayer\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ROUTE 66\\ROUTE 66 Sync\\ROUTE66Sync.exe"=
"c:\\Program Files\\ROUTE 66\\ROUTE 66 Sync\\Sync9Loader.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57169:TCP"= 57169:TCP:Pando Media Booster
"57169:UDP"= 57169:UDP:Pando Media Booster
"57482:TCP"= 57482:TCP:Pando Media Booster
"57482:UDP"= 57482:UDP:Pando Media Booster
"58975:TCP"= 58975:TCP:Pando Media Booster
"58975:UDP"= 58975:UDP:Pando Media Booster
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [21.1.2009 9:51 15424]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [25.5.2010 8:44 95568]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [22.8.2009 9:56 237984]
S2 gupdate1c9eab951733988;Služba Google Update (gupdate1c9eab951733988);c:\program files\Google\Update\GoogleUpdate.exe [11.6.2009 19:23 133104]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [25.5.2010 8:44 18136]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [22.8.2009 9:56 36608]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [19.7.2009 21:19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [19.7.2009 21:19 8320]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [18.7.2010 13:26 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [18.7.2010 13:26 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [18.7.2010 13:26 123648]
S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]
S3 XDva344;XDva344;\??\c:\windows\system32\XDva344.sys --> c:\windows\system32\XDva344.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{NJ524UM3-S046-U185-K4V0-VD307NU7PP5E}]
c:\program files\Winlogon\winlogon.exe [BU]
.
Obsah adresáře 'Naplánované úlohy'
2010-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-09-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-11 17:23]
2010-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 17:23]
2010-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 17:23]
2010-09-27 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2008-09-10 15:51]
2002-01-01 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2008-09-10 15:51]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\PC Translator\WEBIE.DLL
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\rs2b7hnj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1085031214-1788223648-682003330-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Celkový čas: 2010-09-27 21:52:14
ComboFix-quarantined-files.txt 2010-09-27 19:52
Před spuštěním: Volných bajtů: 422 066 622 464
Po spuštění: Volných bajtů: 422 056 816 640
- - End Of File - - 9FA79315CA30A0F1FE6E2A4EDD508D4F
Přispějete na provoz fóra?