Vytuhnutie systemu

Zpráva

j.a · #1 Příspěvek od **j.a** » 14 pro 2010 10:58

bez ohladu na vykonanu pracu PC tuhne a da sa iba resetovat. pri scane av programom avira nenajde ziadne virusy. pri samotnej praci na stroji av nahlasi virus v system volume information v subore xxxxxxxxxx.exe a navrhne jeho odstranenie. meni sa nazov suboru a jeho lokacia, nezjavuje sa ale pravidelne.(tlacidlo remove, ina moznost ignore) po stlaceni remove av urobi operaciu stroj blizsie neurcenu dobu ide nasledne bez vystrahy ztuhne. Opakovany scan av v save mode nenajde nic. v save mode som spustil CCleaner ktory tak isto nehlasil z mojeho pohladu nic neobvykle. Pouzivam este Advance win. care free verziu ktory ma cistit registre a chranit proti spyware, ktory tak isto neupozornuje na ziadnu zavaznu vec. Prosim o preskumanie logu a vopred dakujem za cas a namahu.

Logfile of random's system information tool 1.08 (written by random/random)
Run by cadpc at 2010-12-14 09:07:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 110 GB (55%) free of 200 GB
Total RAM: 3327 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:07:08, on 14. 12. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\cadpc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cadpc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cadpc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cadpc\Desktop\00pom\RSIT\RSIT.exe
C:\Program Files\Trend Micro\HiJackThis\cadpc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sme.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: webcamXP Service (wxpSvc) - Unknown owner - C:\Program Files\wLite\wService.exe

--
End of file - 7784 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-57989841-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-57989841-725345543-1003UA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{2B6D4A61-9859-4C88-819B-DA8E000613C7}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-06 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-06 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-10-26 98304]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-08-02 281768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-09-28 2407632]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-10-27 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\00t\totalcmd702a\TOTALCMD.EXE"="C:\Program Files\00t\totalcmd702a\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe"="C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe:*:Enabled:Foxit PDF Editor, the first REAL editor for PDF files!"
"C:\Program Files\00t\utorrent\uTorrent.exe"="C:\Program Files\00t\utorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\cadpc\temp\TeamViewer3\TeamViewer.exe"="C:\Documents and Settings\cadpc\temp\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\00t\TC 7.5 RC2\TOTALCMD.EXE"="C:\Program Files\00t\TC 7.5 RC2\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x86\sandra.mui"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x86\sandra.mui:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\wLite\wLite.exe"="C:\Program Files\wLite\wLite.exe:*:Enabled:webcamXP"
"C:\Program Files\wLite\wService.exe"="C:\Program Files\wLite\wService.exe:*:Enabled:webcamXP Service"
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe"="C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\PFPortChecker\PFPortChecker.exe"="C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded."
"C:\Program Files\00t\Total CMA Pack\TOTALCMD.EXE"="C:\Program Files\00t\Total CMA Pack\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-12-14 09:07:04 ----D---- C:\rsit
2010-12-13 12:20:33 ----A---- C:\WINDOWS\ntbtlog.txt
2010-12-13 11:23:25 ----D---- C:\Program Files\Common Files\Skype
2010-12-13 09:55:49 ----D---- C:\Program Files\SourceTec
2010-12-13 08:23:12 ----D---- C:\Program Files\QuickTime
2010-12-09 10:19:18 ----A---- C:\WINDOWS\resetlog.txt
2010-12-08 23:09:59 ----A---- C:\ComboFix.txt
2010-12-08 22:55:43 ----A---- C:\Boot.bak
2010-12-08 22:55:39 ----RASHD---- C:\cmdcons
2010-12-08 22:52:26 ----A---- C:\WINDOWS\zip.exe
2010-12-08 22:52:26 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-12-08 22:52:26 ----A---- C:\WINDOWS\SWSC.exe
2010-12-08 22:52:26 ----A---- C:\WINDOWS\SWREG.exe
2010-12-08 22:52:26 ----A---- C:\WINDOWS\sed.exe
2010-12-08 22:52:26 ----A---- C:\WINDOWS\PEV.exe
2010-12-08 22:52:26 ----A---- C:\WINDOWS\NIRCMD.exe
2010-12-08 22:52:26 ----A---- C:\WINDOWS\MBR.exe
2010-12-08 22:52:26 ----A---- C:\WINDOWS\grep.exe
2010-12-08 22:52:20 ----D---- C:\WINDOWS\ERDNT
2010-12-08 22:51:37 ----D---- C:\Qoobox
2010-12-08 21:39:34 ----D---- C:\Program Files\CCleaner
2010-12-08 19:39:22 ----D---- C:\Program Files\Trend Micro
2010-12-08 09:07:46 ----D---- C:\WINDOWS\system32\appmgmt
2010-12-08 08:56:49 ----D---- C:\WINDOWS\system32\NtmsData
2010-12-08 08:55:46 ----D---- C:\Documents and Settings\cadpc\Application Data\Avira
2010-12-07 20:13:34 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2010-12-07 20:13:29 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2010-12-07 20:13:29 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2010-12-07 20:13:29 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2010-12-07 20:13:29 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2010-12-07 20:13:29 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2010-12-07 20:13:28 ----D---- C:\Program Files\Avira
2010-12-07 09:39:01 ----D---- C:\Program Files\PDFCreator
2010-12-07 09:39:01 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL
2010-11-24 11:11:50 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2010-11-24 11:10:05 ----D---- C:\Program Files\ATI Stream
2010-11-24 11:07:26 ----D---- C:\ATI
2010-11-23 11:05:48 ----D---- C:\Documents and Settings\cadpc\Application Data\OpenOffice.org
2010-11-23 10:14:52 ----D---- C:\Program Files\OpenOffice.org 3
2010-11-19 13:07:16 ----D---- C:\Program Files\iPod
2010-11-19 13:07:14 ----D---- C:\Program Files\iTunes

======List of files/folders modified in the last 1 months======

2010-12-14 09:06:58 ----D---- C:\WINDOWS\Prefetch
2010-12-14 09:03:14 ----D---- C:\WINDOWS\Temp
2010-12-14 09:03:03 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-14 09:02:55 ----SD---- C:\WINDOWS\Tasks
2010-12-14 09:02:47 ----D---- C:\Program Files\Common Files\Akamai
2010-12-14 09:02:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-14 08:20:24 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2010-12-13 12:20:33 ----D---- C:\WINDOWS
2010-12-13 11:24:35 ----D---- C:\Documents and Settings\cadpc\Application Data\Skype
2010-12-13 11:23:27 ----SHD---- C:\WINDOWS\Installer
2010-12-13 11:23:25 ----RD---- C:\Program Files\Skype
2010-12-13 11:23:25 ----D---- C:\Program Files\Common Files
2010-12-13 11:23:13 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-12-13 11:20:16 ----D---- C:\Documents and Settings\cadpc\Application Data\Adobe
2010-12-13 11:10:46 ----D---- C:\WINDOWS\system32\config
2010-12-13 11:09:11 ----D---- C:\Documents and Settings\cadpc\Application Data\uTorrent
2010-12-13 10:52:44 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-12-13 10:52:24 ----D---- C:\WINDOWS\system32\drivers
2010-12-13 10:52:24 ----D---- C:\WINDOWS\system32
2010-12-13 10:52:23 ----HD---- C:\WINDOWS\inf
2010-12-13 10:52:22 ----D---- C:\WINDOWS\WinSxS
2010-12-13 10:52:22 ----D---- C:\Program Files\Common Files\Adobe
2010-12-13 10:52:22 ----D---- C:\Program Files\Adobe
2010-12-13 10:41:15 ----D---- C:\Documents and Settings\cadpc\Application Data\skypePM
2010-12-13 09:55:49 ----RD---- C:\Program Files
2010-12-13 09:53:08 ----D---- C:\Program Files\uTorrent
2010-12-09 10:19:20 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-09 10:18:44 ----D---- C:\Temp
2010-12-08 23:00:31 ----A---- C:\WINDOWS\system.ini
2010-12-08 22:59:04 ----D---- C:\WINDOWS\AppPatch
2010-12-08 22:55:43 ----RASH---- C:\boot.ini
2010-12-08 22:13:22 ----SHD---- C:\System Volume Information
2010-12-08 21:52:43 ----D---- C:\WINDOWS\Registration
2010-12-08 21:41:16 ----D---- C:\Documents and Settings\cadpc\Application Data\Winamp
2010-12-08 21:41:06 ----D---- C:\WINDOWS\Debug
2010-12-08 19:53:30 ----D---- C:\Program Files\pdfforge Toolbar
2010-12-08 08:56:49 ----D---- C:\WINDOWS\repair
2010-12-07 10:49:05 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-12-01 09:29:33 ----D---- C:\Documents and Settings\cadpc\Application Data\Autodesk
2010-11-24 15:21:43 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-11-24 14:29:51 ----A---- C:\WINDOWS\CD_Start.INI
2010-11-24 13:56:07 ----A---- C:\WINDOWS\SLEX99.INI
2010-11-24 11:10:03 ----D---- C:\Program Files\ATI
2010-11-24 11:09:44 ----D---- C:\Program Files\ATI Technologies
2010-11-24 11:08:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-24 11:08:38 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-11-24 11:08:35 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-11-23 10:15:39 ----RSD---- C:\WINDOWS\assembly
2010-11-23 10:15:03 ----RSD---- C:\WINDOWS\Fonts
2010-11-23 10:14:10 ----D---- C:\Program Files\OpenOffice.org 2.4
2010-11-19 13:07:16 ----D---- C:\Program Files\Common Files\Apple
2010-11-19 13:00:07 ----D---- C:\Program Files\Safari
2010-11-19 08:33:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-18 09:42:30 ----D---- C:\Documents and Settings\cadpc\Application Data\OpenOffice.org2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-17 44944]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-12-10 135096]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-14 46652]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2007-07-27 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-12-07 61960]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2006-11-22 327168]
R3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2006-11-22 100096]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-10-27 5524480]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2009-10-07 25752]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-07-27 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CA561;MANLI CAM BIG EYES; C:\WINDOWS\System32\Drivers\SPCA561.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\cadpc\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2009-10-07 23832]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2009-10-07 114712]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2009-10-07 266008]
S3 LVUVC;QuickCam for Notebooks Pro(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2009-10-07 6756632]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x86\Sandra.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-12-10 267944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-10-27 614400]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-06 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2010-03-19 73728]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-10-28 593920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-08 135664]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-12-09 82584]
S3 Autodesk Network Licensing Service;Autodesk Network Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [2006-08-11 902760]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-09-16 1045256]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-11-17 820008]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [2009-08-24 93336]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 wxpSvc;webcamXP Service; C:\Program Files\wLite\wService.exe [2010-03-22 4935168]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 14 pro 2010 18:05

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

j.a · #3 Příspěvek od **j.a** » 14 pro 2010 21:04

o niektorych som vedel a su v PC dlhsie, nesposobovali vsak pad systemu. napr tcommander.exe som nikdy nespustal bol sucastov baliku, bsplayer som pouzival od pociatku instalacie, tak isto swishmax3 a plugin v baliku tcomander. Nepovazoval som ich za nebezpecne. Ostatne som neevidoval. Odporucate zmazat vsetky bez vyhrad? Necham si urcite poradit, dakujem za typ na aplikaciu a ochotu.

c:\program files\00t\bsplayer pro\bsplayer.exe (Malware.Packer.Gen) -> No action taken.
c:\program files\00t\portable adobe collection by greenonx\Appz\AutoPlay\Docs\adobe illustrator cs3\tcommander.exe (Trojan.Agent) -> No action taken.
c:\program files\00t\swish max3\patch\swishmax3.exe (Hoax.BadJoke) -> No action taken.
c:\program files\00t\total cma pack\plugins\wlx\17fileinfo\cadt.dll (Trojan.Constructor) -> No action taken.
e:\0temp\torr\B\illustrate 5.4 (cracked)\Crack\xf-illustrate-kg.exe (Trojan.Downloader) -> No action taken.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5312

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14. 12. 2010 20:52:49
mbam-log-2010-12-14 (20-52-31).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 475403
Time elapsed: 1 hour(s), 27 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\00T\MOZILLA FIREFOX\EXTENSIONS\{B922D405-6D13-4A2B-AE89-08A030DA4402}\COMPONENTS\PDFFORGETOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: PDFFORGETOOLBARFF.DLL -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\cadpc\application data\thinstall\adobe dreamweaver cs3\1000000600002i\svchost.exe (Rootkit.Dropper) -> No action taken.
c:\program files\00t\bsplayer pro\bsplayer.exe (Malware.Packer.Gen) -> No action taken.
c:\program files\00t\mozilla firefox\extensions\{b922d405-6d13-4a2b-ae89-08a030da4402}\components\pdfforgetoolbarff.dll (Adware.WidgiToolbar) -> No action taken.
c:\program files\00t\portable adobe collection by greenonx\Appz\AutoPlay\Docs\adobe illustrator cs3\tcommander.exe (Trojan.Agent) -> No action taken.
c:\program files\00t\swish max3\patch\swishmax3.exe (Hoax.BadJoke) -> No action taken.
c:\program files\00t\total cma pack\plugins\wlx\17fileinfo\cadt.dll (Trojan.Constructor) -> No action taken.
c:\program files\pdfforge toolbar\widgihelper.exe (Adware.WidgiToolbar) -> No action taken.
c:\program files\trend micro\hijackthis\backups\backup-20101208-195255-709.dll (Adware.WidgiToolbar) -> No action taken.
c:\system volume information\_restore{4f2e97cf-5d2a-4002-b06f-8acf17400eeb}\RP811\A0208220.dll (Adware.WidgiToolbar) -> No action taken.
e:\0temp\torr\B\illustrate 5.4 (cracked)\Crack\xf-illustrate-kg.exe (Trojan.Downloader) -> No action taken.

#4 Příspěvek od **Rudy** » 14 pro 2010 22:00

Vše, co MBAM nalezl, smažte.

j.a · #5 Příspěvek od **j.a** » 15 pro 2010 10:25

zmazal som vsetko, dam vediet ak bude padat nadalej.... zatial dakujem za typ, cas, namahu a samozrejme za dobru radu.

j.a · #6 Příspěvek od **j.a** » 15 pro 2010 13:15

po istom case prace cca 2hod znovu system vytuhol. praca nie je mozna mys nereaguje a nie je mozne PC ovladat beznym sposobom. Je ale mozne sa pripojit na pocitac cez siet. po restarte pocitaca Avira nasla malware. ide o TR/trash.Gen a bol v subore c:\system volume information\restore{4f2E97CF-5D2A-4002-B06F-8ACF17400EEB}\RP819\A0215767.exe
Nieco ho znovu a znovu aktivuje. Pripajam este HiJackThis log ak by to mohlo pomoct

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:00:52, on 15. 12. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sme.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: webcamXP Service (wxpSvc) - Unknown owner - C:\Program Files\wLite\wService.exe

--
End of file - 7390 bytes

j.a · #7 Příspěvek od **j.a** » 15 pro 2010 13:22

pripajam este log z Anti-Malware ten ale podla ocakavania uz nic nenasiel..

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5312

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15. 12. 2010 13:19:51
mbam-log-2010-12-15 (13-19-51).txt

Scan type: Quick scan
Objects scanned: 183037
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 Příspěvek od **Rudy** » 15 pro 2010 17:47

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

j.a · #9 Příspěvek od **j.a** » 15 pro 2010 23:32

tu je combofix log

ComboFix 10-12-15.04 - cadpc . 12. 2010 23:14:27.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3327.2770 [GMT 1:00]
Running from: c:\documents and settings\cadpc\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-11-15 to 2010-12-15 )))))))))))))))))))))))))))))))
.

2010-12-15 10:18 . 2010-12-15 10:18 -------- d-----w- c:\documents and settings\Administrator.PCCAD\Application Data\Malwarebytes
2010-12-15 05:20 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 05:19 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-14 18:13 . 2010-12-14 18:13 -------- d-----w- c:\documents and settings\cadpc\Application Data\Malwarebytes
2010-12-14 18:12 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-14 18:12 . 2010-12-14 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-14 18:12 . 2010-12-14 18:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-14 18:12 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 08:07 . 2010-12-14 19:52 -------- d-----w- C:\rsit
2010-12-13 10:23 . 2010-12-13 10:23 -------- d-----w- c:\program files\Common Files\Skype
2010-12-13 08:55 . 2010-12-13 09:08 -------- d-----w- c:\program files\SourceTec
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-13 07:23 . 2010-12-13 07:23 -------- d-----w- c:\program files\QuickTime
2010-12-09 09:19 . 2010-12-09 09:17 23584 ----a-w- c:\temp\ZalohRegWinSock\ERDNT.EXE
2010-12-08 20:39 . 2010-12-08 20:39 -------- d-----w- c:\program files\CCleaner
2010-12-08 18:39 . 2010-12-08 18:39 388096 ----a-r- c:\documents and settings\cadpc\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-08 18:39 . 2010-12-08 18:39 -------- d-----w- c:\program files\Trend Micro
2010-12-08 07:56 . 2010-12-14 12:07 -------- d-----w- c:\windows\system32\NtmsData
2010-12-08 07:55 . 2010-12-08 07:55 -------- d-----w- c:\documents and settings\cadpc\Application Data\Avira
2010-12-07 19:23 . 2010-12-07 19:23 -------- d-----w- c:\documents and settings\Administrator.PCCAD\Application Data\Avira
2010-12-07 19:13 . 2010-12-10 09:20 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-07 19:13 . 2010-12-07 19:19 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-07 19:13 . 2010-12-07 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-12-07 19:13 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-12-07 19:13 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-12-07 19:13 . 2010-12-07 19:13 -------- d-----w- c:\program files\Avira
2010-12-07 09:49 . 2010-12-07 09:49 -------- d-----w- c:\documents and settings\Administrator.PCCAD\Local Settings\Application Data\Opera
2010-12-07 08:39 . 2010-12-07 08:39 -------- d-----w- c:\program files\PDFCreator
2010-12-07 08:39 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-24 10:11 . 2010-11-24 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-11-24 10:10 . 2010-11-24 10:10 -------- d-----w- c:\program files\ATI Stream
2010-11-24 10:07 . 2010-11-24 10:07 -------- d-----w- C:\ATI
2010-11-23 10:05 . 2010-11-23 10:05 -------- d-----w- c:\documents and settings\cadpc\Application Data\OpenOffice.org
2010-11-23 09:14 . 2010-11-23 09:14 -------- d-----w- c:\program files\OpenOffice.org 3
2010-11-19 12:07 . 2010-11-19 12:07 -------- d-----w- c:\program files\iPod
2010-11-19 12:07 . 2010-11-19 12:07 -------- d-----w- c:\program files\iTunes
2010-11-18 18:12 . 2010-11-18 18:12 81920 -c----w- c:\windows\system32\dllcache\isign32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2008-01-17 14:37 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2007-07-27 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2007-07-27 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2007-07-27 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-27 03:55 . 2007-06-06 14:52 5524480 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-10-27 03:17 . 2007-06-06 14:21 16330752 ----a-w- c:\windows\system32\atioglxx.dll
2010-10-27 03:10 . 2010-06-28 11:46 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-10-27 03:10 . 2010-06-28 11:46 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-10-27 03:09 . 2010-06-28 11:46 4489216 ----a-w- c:\windows\system32\aticaldd.dll
2010-10-27 03:02 . 2008-01-17 14:46 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-10-27 02:51 . 2007-06-06 14:35 3958784 ----a-w- c:\windows\system32\ati3duag.dll
2010-10-27 02:50 . 2008-01-17 14:46 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-10-27 02:49 . 2007-06-06 14:52 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-10-27 02:48 . 2007-06-06 14:30 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-10-27 02:36 . 2007-06-06 14:25 2671744 ----a-w- c:\windows\system32\ativvaxx.dll
2010-10-27 02:30 . 2007-06-06 14:45 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2010-10-27 02:30 . 2007-06-06 14:45 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-10-27 02:30 . 2007-06-06 14:45 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-10-27 02:30 . 2007-06-06 14:45 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-10-27 02:30 . 2007-06-06 14:45 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-10-27 02:28 . 2007-06-06 14:43 614400 ----a-w- c:\windows\system32\ati2evxx.exe
2010-10-27 02:27 . 2007-06-06 14:42 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-10-27 02:26 . 2010-06-28 11:46 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-10-27 02:22 . 2007-06-06 14:11 651264 ----a-w- c:\windows\system32\atikvmag.dll
2010-10-27 02:20 . 2010-06-28 11:46 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-10-27 02:20 . 2008-10-29 01:25 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-10-27 02:20 . 2008-10-29 01:19 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2010-10-27 02:20 . 2007-06-06 14:10 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-10-27 02:19 . 2007-06-06 14:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-10-27 02:14 . 2007-06-06 14:04 704512 ----a-w- c:\windows\system32\ati2cqag.dll
2010-10-26 13:25 . 2007-07-27 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-09-18 10:23 . 2007-07-27 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2007-07-27 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2007-07-27 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2007-07-27 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-08_22.00.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 00:19 . 2007-11-07 00:19 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90kor.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19 47104 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90jpn.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90ita.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19 41984 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90cht.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19 41472 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90chs.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19 60416 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90fra.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esp.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esn.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90enu.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19 60928 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90deu.dll
+ 2007-11-06 21:51 . 2007-11-06 21:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll
+ 2007-11-06 21:51 . 2007-11-06 21:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll
+ 2010-12-15 10:31 . 2010-12-15 10:31 16384 c:\windows\Temp\Perflib_Perfdata_808.dat
+ 2010-12-15 13:31 . 2010-12-15 13:31 16384 c:\windows\Temp\Perflib_Perfdata_5ec.dat
- 2007-11-13 11:31 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
+ 2007-11-13 11:31 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2009-05-11 10:42 . 2009-05-11 10:42 59888 c:\windows\system32\pxwma.dll
+ 2009-04-17 11:28 . 2009-04-17 11:28 68080 c:\windows\system32\pxinsa64.exe
+ 2009-04-17 11:28 . 2009-04-17 11:28 68080 c:\windows\system32\pxcpya64.exe
+ 2007-07-27 12:00 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll
- 2007-07-27 12:00 . 2010-09-10 05:58 66560 c:\windows\system32\mshtmled.dll
- 2007-08-13 17:54 . 2010-09-10 05:58 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 17:54 . 2010-11-06 00:26 55296 c:\windows\system32\msfeedsbs.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15 80720 c:\windows\system32\mfcm100u.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15 80208 c:\windows\system32\mfcm100.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15 60752 c:\windows\system32\mfc100rus.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15 43344 c:\windows\system32\mfc100kor.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15 43856 c:\windows\system32\mfc100jpn.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15 62288 c:\windows\system32\mfc100ita.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15 36176 c:\windows\system32\mfc100cht.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15 36176 c:\windows\system32\mfc100chs.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15 64336 c:\windows\system32\mfc100fra.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15 63824 c:\windows\system32\mfc100esn.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15 55120 c:\windows\system32\mfc100enu.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15 64336 c:\windows\system32\mfc100deu.dll
- 2007-07-27 12:00 . 2010-09-10 05:58 25600 c:\windows\system32\jsproxy.dll
+ 2007-07-27 12:00 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll
+ 2009-04-17 11:28 . 2009-04-17 11:28 68080 c:\windows\system32\drvins64.exe
+ 2009-04-17 02:00 . 2009-04-17 02:00 44944 c:\windows\system32\drivers\pxhelp20.sys
+ 2009-06-11 17:34 . 2010-11-06 00:26 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-11 17:34 . 2010-09-10 05:58 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2007-07-27 12:00 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-07-27 12:00 . 2010-09-10 05:58 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-01-22 08:10 . 2010-11-06 00:26 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-01-22 08:10 . 2010-09-10 05:58 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-07-27 12:00 . 2010-11-06 00:26 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2007-07-27 12:00 . 2010-09-10 05:58 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2007-07-27 12:00 . 2010-09-10 05:58 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-07-27 12:00 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-12-13 09:52 . 2010-12-13 09:52 37807 c:\windows\Installer\{EDD235BB-9FB4-4604-85ED-1B14A256F4E0}\RunLightroom313212_C2C2101F05384548B5AF39E0D3B3CB50.exe
+ 2010-12-13 09:52 . 2010-12-13 09:52 37807 c:\windows\Installer\{EDD235BB-9FB4-4604-85ED-1B14A256F4E0}\NewShortcut4_C2C2101F05384548B5AF39E0D3B3CB50.exe
+ 2010-12-13 09:52 . 2010-12-13 09:52 37807 c:\windows\Installer\{EDD235BB-9FB4-4604-85ED-1B14A256F4E0}\ARPPRODUCTICON.exe
- 2008-02-18 10:21 . 2010-11-10 02:04 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-02-18 10:21 . 2010-12-15 08:48 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-02-18 10:21 . 2010-11-10 02:04 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-02-18 10:21 . 2010-12-15 08:48 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-02-18 10:21 . 2010-11-10 02:04 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-02-18 10:21 . 2010-12-15 08:48 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-02-18 10:21 . 2010-11-10 02:04 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-02-18 10:21 . 2010-12-15 08:48 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-02-18 10:21 . 2010-11-10 02:04 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-02-18 10:21 . 2010-12-15 08:48 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-02-18 10:21 . 2010-12-15 08:48 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-02-18 10:21 . 2010-11-10 02:04 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-12-15 08:47 . 2010-09-10 05:58 12800 c:\windows\ie8updates\KB2416400-IE8\xpshims.dll
+ 2010-12-15 08:47 . 2010-09-10 05:58 66560 c:\windows\ie8updates\KB2416400-IE8\mshtmled.dll
+ 2010-12-15 08:47 . 2010-09-10 05:58 55296 c:\windows\ie8updates\KB2416400-IE8\msfeedsbs.dll
+ 2010-12-15 08:47 . 2010-09-10 05:58 43520 c:\windows\ie8updates\KB2416400-IE8\licmgr10.dll
+ 2010-12-15 08:47 . 2010-09-10 05:58 25600 c:\windows\ie8updates\KB2416400-IE8\jsproxy.dll
+ 2008-03-12 02:00 . 2008-03-12 02:00 9200 c:\windows\system32\drivers\cdralw2k.sys
+ 2008-03-12 02:00 . 2008-03-12 02:00 9072 c:\windows\system32\drivers\cdr4_xp.sys
- 2008-02-18 10:21 . 2010-11-10 02:04 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-02-18 10:21 . 2010-12-15 08:48 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-03-24 00:01 . 2009-03-24 00:01 100848 c:\windows\system32\vxblock.dll
+ 2009-05-11 10:42 . 2009-05-11 10:42 440816 c:\windows\system32\PxWave.dll
+ 2009-05-11 10:42 . 2009-05-11 10:42 219632 c:\windows\system32\PxMas.dll
+ 2009-04-17 11:28 . 2009-04-17 11:28 125424 c:\windows\system32\pxinsi64.exe
+ 2009-04-09 00:02 . 2009-04-09 00:02 559600 c:\windows\system32\pxdrv.dll
+ 2009-04-17 11:28 . 2009-04-17 11:28 123888 c:\windows\system32\pxcpyi64.exe
+ 2009-05-11 10:42 . 2009-05-11 10:42 678384 c:\windows\system32\Px.dll
+ 2007-07-27 12:00 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll
- 2007-07-27 12:00 . 2010-09-10 05:58 206848 c:\windows\system32\occache.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15 770384 c:\windows\system32\msvcr100.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15 421200 c:\windows\system32\msvcp100.dll
+ 2007-07-27 12:00 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll
- 2007-07-27 12:00 . 2010-09-10 05:58 611840 c:\windows\system32\mstime.dll
+ 2007-08-13 17:54 . 2010-11-06 00:26 602112 c:\windows\system32\msfeeds.dll
- 2007-08-13 17:54 . 2010-09-10 05:58 602112 c:\windows\system32\msfeeds.dll
+ 2007-07-27 12:00 . 2010-11-06 00:26 184320 c:\windows\system32\iepeers.dll
- 2007-07-27 12:00 . 2010-09-10 05:58 184320 c:\windows\system32\iepeers.dll
+ 2007-07-27 12:00 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll
- 2007-07-27 12:00 . 2010-09-10 05:58 387584 c:\windows\system32\iedkcs32.dll
+ 2007-07-27 12:00 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe
+ 2008-01-17 15:22 . 2010-12-15 08:49 300440 c:\windows\system32\FNTCACHE.DAT
- 2008-01-17 15:22 . 2010-11-23 09:55 300440 c:\windows\system32\FNTCACHE.DAT
- 2007-07-27 12:00 . 2010-09-10 05:58 916480 c:\windows\system32\dllcache\wininet.dll
+ 2007-07-27 12:00 . 2010-11-06 00:26 916480 c:\windows\system32\dllcache\wininet.dll
- 2007-07-27 12:00 . 2010-09-10 05:58 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-07-27 12:00 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll
- 2007-07-27 12:00 . 2010-09-10 05:58 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-07-27 12:00 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll
- 2008-01-22 08:10 . 2010-09-10 05:58 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-01-22 08:10 . 2010-11-06 00:26 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2009-06-11 17:34 . 2010-09-10 05:58 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-11 17:34 . 2010-11-06 00:26 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2007-07-27 12:00 . 2010-09-10 05:58 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-07-27 12:00 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-11 13:39 . 2010-11-06 00:26 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-11 13:39 . 2010-09-10 05:58 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2007-07-27 12:00 . 2010-09-10 05:58 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-07-27 12:00 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-07-27 12:00 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-04-20 05:30 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2010-11-12 10:24 . 2010-11-12 10:24 884224 c:\windows\Installer\11133d.msp
+ 2010-12-13 10:23 . 2010-12-13 10:23 371272 c:\windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe
+ 2008-02-18 10:21 . 2010-12-15 08:48 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-02-18 10:21 . 2010-11-10 02:04 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-02-18 10:21 . 2010-11-10 02:04 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-02-18 10:21 . 2010-12-15 08:48 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-02-18 10:21 . 2010-12-15 08:48 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-02-18 10:21 . 2010-11-10 02:04 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-02-18 10:21 . 2010-11-10 02:04 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-02-18 10:21 . 2010-12-15 08:48 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-02-18 10:21 . 2010-12-15 08:48 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-02-18 10:21 . 2010-11-10 02:04 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-02-18 10:21 . 2010-12-15 08:48 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-02-18 10:21 . 2010-11-10 02:04 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-12-15 08:47 . 2010-09-10 05:58 916480 c:\windows\ie8updates\KB2416400-IE8\wininet.dll
+ 2010-12-15 08:48 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2416400-IE8\spuninst\updspapi.dll
+ 2010-12-15 08:48 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2416400-IE8\spuninst\spuninst.exe
+ 2010-12-15 08:47 . 2010-09-10 05:58 206848 c:\windows\ie8updates\KB2416400-IE8\occache.dll
+ 2010-12-15 08:47 . 2010-09-10 05:58 611840 c:\windows\ie8updates\KB2416400-IE8\mstime.dll
+ 2010-12-15 08:47 . 2010-09-10 05:58 602112 c:\windows\ie8updates\KB2416400-IE8\msfeeds.dll
+ 2010-12-15 08:47 . 2010-09-10 05:58 247808 c:\windows\ie8updates\KB2416400-IE8\ieproxy.dll
+ 2010-12-15 08:47 . 2010-09-10 05:58 184320 c:\windows\ie8updates\KB2416400-IE8\iepeers.dll
+ 2010-12-15 08:47 . 2010-09-10 05:58 743424 c:\windows\ie8updates\KB2416400-IE8\iedvtool.dll
+ 2010-12-15 08:47 . 2010-09-10 05:58 387584 c:\windows\ie8updates\KB2416400-IE8\iedkcs32.dll
+ 2010-12-15 08:47 . 2010-08-26 12:22 173056 c:\windows\ie8updates\KB2416400-IE8\ie4uinit.exe
+ 2007-11-07 00:19 . 2007-11-07 00:19 1162744 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19 1156600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll
- 2007-07-27 12:00 . 2010-09-10 05:58 1210880 c:\windows\system32\urlmon.dll
+ 2007-07-27 12:00 . 2010-11-06 00:26 1210880 c:\windows\system32\urlmon.dll
+ 2009-05-11 10:42 . 2009-05-11 10:42 2083312 c:\windows\system32\PxSFS.DLL
+ 2007-07-27 12:00 . 2010-11-06 00:26 5959168 c:\windows\system32\mshtml.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15 4368720 c:\windows\system32\mfc100u.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15 4342088 c:\windows\system32\mfc100.dll
+ 2007-08-13 17:34 . 2010-11-06 00:26 1991680 c:\windows\system32\iertutil.dll
+ 2008-10-15 07:02 . 2010-10-26 13:25 1853312 c:\windows\system32\dllcache\win32k.sys
- 2007-07-27 12:00 . 2010-09-10 05:58 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2007-07-27 12:00 . 2010-11-06 00:26 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2007-07-27 12:00 . 2010-11-06 00:26 5959168 c:\windows\system32\dllcache\mshtml.dll
+ 2008-01-22 08:10 . 2010-11-06 00:26 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2010-12-13 10:23 . 2010-12-13 10:23 1580544 c:\windows\Installer\be69b.msi
+ 2010-12-13 09:52 . 2010-12-13 09:52 2656768 c:\windows\Installer\14b6e718.msi
+ 2010-12-13 07:23 . 2010-12-13 07:23 9472000 c:\windows\Installer\142dcfd0.msi
+ 2010-10-22 14:45 . 2010-10-22 14:45 8444928 c:\windows\Installer\111354.msp
+ 2010-12-06 14:02 . 2010-12-06 14:02 5518848 c:\windows\Installer\111324.msp
+ 2010-10-01 20:53 . 2010-10-01 20:53 4147712 c:\windows\Installer\11130e.msp
+ 2010-12-15 08:47 . 2010-09-10 05:58 1210880 c:\windows\ie8updates\KB2416400-IE8\urlmon.dll
+ 2010-12-15 08:47 . 2010-09-10 05:58 5957120 c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
+ 2010-12-15 08:47 . 2010-09-10 05:58 1986560 c:\windows\ie8updates\KB2416400-IE8\iertutil.dll
+ 2008-01-22 08:08 . 2010-12-15 08:42 37366216 c:\windows\system32\MRT.exe
+ 2007-08-13 17:54 . 2010-11-06 00:26 11080704 c:\windows\system32\ieframe.dll
+ 2008-01-22 08:10 . 2010-11-06 00:26 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2010-12-15 08:47 . 2010-09-10 05:58 11080192 c:\windows\ie8updates\KB2416400-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-28 2407632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-26 98304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\00t\\totalcmd702a\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"c:\\Program Files\\00t\\utorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\cadpc\\temp\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\00t\\TC 7.5 RC2\\TOTALCMD.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010c\\WNt500x86\\sandra.mui"=
"c:\\Program Files\\wLite\\wLite.exe"=
"c:\\Program Files\\wLite\\wService.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010c\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\00t\\Total CMA Pack\\TOTALCMD.EXE"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [27. 7. 2007 13:00 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7. 12. 2010 20:13 135336]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [18. 3. 2010 10:26 172328]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [17. 1. 2008 16:04 38656]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8. 1. 2010 8:38 135664]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [2. 2. 2010 11:24 93336]
S3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe [22. 3. 2010 20:38 4935168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 09:15 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-12-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-18 08:23]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 07:38]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 07:38]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-57989841-725345543-1003Core.job
- c:\documents and settings\cadpc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-11 21:53]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-57989841-725345543-1003UA.job
- c:\documents and settings\cadpc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-11 21:53]

2010-12-15 c:\windows\Tasks\User_Feed_Synchronization-{2B6D4A61-9859-4C88-819B-DA8E000613C7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sme.sk/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\cadpc\Application Data\Mozilla\Firefox\Profiles\30utvsie.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\00t\Mozilla Firefox3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-15 23:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wxpSvc]
"ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(3388)
c:\windows\system32\WININET.dll
c:\windows\system32\AcSignIcon.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-15 23:23:18
ComboFix-quarantined-files.txt 2010-12-15 22:23
ComboFix2.txt 2010-12-08 22:09

Pre-Run: 115 234 205 696 bytes free
Post-Run: 115 644 129 280 bytes free

- - End Of File - - E5861E97EFDDBDE4CA46152AC9D8A7E6

#10 Příspěvek od **Rudy** » 16 pro 2010 20:00

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Driver::
Akamai

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.

Obrázek

j.a · #11 Příspěvek od **j.a** » 17 pro 2010 10:39

nasledny lopg po vasej rade

ComboFix 10-12-16.02 - cadpc . 12. 2010 10:24:26.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3327.2762 [GMT 1:00]
Running from: c:\documents and settings\cadpc\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\cadpc\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AKAMAI
-------\Service_Akamai

((((((((((((((((((((((((( Files Created from 2010-11-17 to 2010-12-17 )))))))))))))))))))))))))))))))
.

2010-12-15 10:18 . 2010-12-15 10:18 -------- d-----w- c:\documents and settings\Administrator.PCCAD\Application Data\Malwarebytes
2010-12-15 05:20 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 05:19 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-14 18:13 . 2010-12-14 18:13 -------- d-----w- c:\documents and settings\cadpc\Application Data\Malwarebytes
2010-12-14 18:12 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-14 18:12 . 2010-12-14 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-14 18:12 . 2010-12-14 18:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-14 18:12 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 08:07 . 2010-12-14 19:52 -------- d-----w- C:\rsit
2010-12-13 10:23 . 2010-12-13 10:23 -------- d-----w- c:\program files\Common Files\Skype
2010-12-13 08:55 . 2010-12-13 09:08 -------- d-----w- c:\program files\SourceTec
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-13 07:23 . 2010-12-13 07:23 -------- d-----w- c:\program files\QuickTime
2010-12-09 09:19 . 2010-12-09 09:17 23584 ----a-w- c:\temp\ZalohRegWinSock\ERDNT.EXE
2010-12-08 20:39 . 2010-12-08 20:39 -------- d-----w- c:\program files\CCleaner
2010-12-08 18:39 . 2010-12-08 18:39 388096 ----a-r- c:\documents and settings\cadpc\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-08 18:39 . 2010-12-08 18:39 -------- d-----w- c:\program files\Trend Micro
2010-12-08 07:56 . 2010-12-14 12:07 -------- d-----w- c:\windows\system32\NtmsData
2010-12-08 07:55 . 2010-12-08 07:55 -------- d-----w- c:\documents and settings\cadpc\Application Data\Avira
2010-12-07 19:23 . 2010-12-07 19:23 -------- d-----w- c:\documents and settings\Administrator.PCCAD\Application Data\Avira
2010-12-07 19:13 . 2010-12-10 09:20 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-07 19:13 . 2010-12-07 19:19 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-07 19:13 . 2010-12-07 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-12-07 19:13 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-12-07 19:13 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-12-07 19:13 . 2010-12-07 19:13 -------- d-----w- c:\program files\Avira
2010-12-07 09:49 . 2010-12-07 09:49 -------- d-----w- c:\documents and settings\Administrator.PCCAD\Local Settings\Application Data\Opera
2010-12-07 08:39 . 2010-12-07 08:39 -------- d-----w- c:\program files\PDFCreator
2010-12-07 08:39 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-24 10:11 . 2010-11-24 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-11-24 10:10 . 2010-11-24 10:10 -------- d-----w- c:\program files\ATI Stream
2010-11-24 10:07 . 2010-11-24 10:07 -------- d-----w- C:\ATI
2010-11-23 10:05 . 2010-11-23 10:05 -------- d-----w- c:\documents and settings\cadpc\Application Data\OpenOffice.org
2010-11-23 09:14 . 2010-11-23 09:14 -------- d-----w- c:\program files\OpenOffice.org 3
2010-11-19 12:07 . 2010-11-19 12:07 -------- d-----w- c:\program files\iPod
2010-11-19 12:07 . 2010-11-19 12:07 -------- d-----w- c:\program files\iTunes
2010-11-18 18:12 . 2010-11-18 18:12 81920 -c----w- c:\windows\system32\dllcache\isign32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2008-01-17 14:37 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2007-07-27 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2007-07-27 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2007-07-27 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-27 03:55 . 2007-06-06 14:52 5524480 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-10-27 03:17 . 2007-06-06 14:21 16330752 ----a-w- c:\windows\system32\atioglxx.dll
2010-10-27 03:10 . 2010-06-28 11:46 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-10-27 03:10 . 2010-06-28 11:46 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-10-27 03:09 . 2010-06-28 11:46 4489216 ----a-w- c:\windows\system32\aticaldd.dll
2010-10-27 03:02 . 2008-01-17 14:46 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-10-27 02:51 . 2007-06-06 14:35 3958784 ----a-w- c:\windows\system32\ati3duag.dll
2010-10-27 02:50 . 2008-01-17 14:46 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-10-27 02:49 . 2007-06-06 14:52 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-10-27 02:48 . 2007-06-06 14:30 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-10-27 02:36 . 2007-06-06 14:25 2671744 ----a-w- c:\windows\system32\ativvaxx.dll
2010-10-27 02:30 . 2007-06-06 14:45 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2010-10-27 02:30 . 2007-06-06 14:45 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-10-27 02:30 . 2007-06-06 14:45 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-10-27 02:30 . 2007-06-06 14:45 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-10-27 02:30 . 2007-06-06 14:45 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-10-27 02:28 . 2007-06-06 14:43 614400 ----a-w- c:\windows\system32\ati2evxx.exe
2010-10-27 02:27 . 2007-06-06 14:42 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-10-27 02:26 . 2010-06-28 11:46 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-10-27 02:22 . 2007-06-06 14:11 651264 ----a-w- c:\windows\system32\atikvmag.dll
2010-10-27 02:20 . 2010-06-28 11:46 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-10-27 02:20 . 2008-10-29 01:25 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-10-27 02:20 . 2008-10-29 01:19 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2010-10-27 02:20 . 2007-06-06 14:10 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-10-27 02:19 . 2007-06-06 14:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-10-27 02:14 . 2007-06-06 14:04 704512 ----a-w- c:\windows\system32\ati2cqag.dll
2010-10-26 13:25 . 2007-07-27 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-09-18 10:23 . 2007-07-27 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-12-15_22.21.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-17 09:30 . 2010-12-17 09:30 16384 c:\windows\Temp\Perflib_Perfdata_748.dat
+ 2010-12-17 09:30 . 2009-10-07 00:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2010-12-16 14:45 . 2010-12-16 14:45 2587136 c:\windows\Installer\5026dd.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-28 2407632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-26 98304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\00t\\totalcmd702a\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"c:\\Program Files\\00t\\utorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\cadpc\\temp\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\00t\\TC 7.5 RC2\\TOTALCMD.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010c\\WNt500x86\\sandra.mui"=
"c:\\Program Files\\wLite\\wLite.exe"=
"c:\\Program Files\\wLite\\wService.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010c\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\00t\\Total CMA Pack\\TOTALCMD.EXE"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7. 12. 2010 20:13 135336]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [18. 3. 2010 10:26 172328]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [17. 1. 2008 16:04 38656]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8. 1. 2010 8:38 135664]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [2. 2. 2010 11:24 93336]
S3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe [22. 3. 2010 20:38 4935168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 09:15 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-12-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-18 08:23]

2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 07:38]

2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 07:38]

2010-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-57989841-725345543-1003Core.job
- c:\documents and settings\cadpc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-11 21:53]

2010-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-57989841-725345543-1003UA.job
- c:\documents and settings\cadpc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-11 21:53]

2010-12-17 c:\windows\Tasks\User_Feed_Synchronization-{2B6D4A61-9859-4C88-819B-DA8E000613C7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sme.sk/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\cadpc\Application Data\Mozilla\Firefox\Profiles\30utvsie.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\00t\Mozilla Firefox3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-17 10:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wxpSvc]
"ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(5412)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\AcSignIcon.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2010-12-17 10:35:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-17 09:35
ComboFix2.txt 2010-12-15 22:23
ComboFix3.txt 2010-12-08 22:09

Pre-Run: 124 818 386 944 bytes free
Post-Run: 124 677 816 320 bytes free

- - End Of File - - 3173FE471FF5C760B96B82F71D894594

j.a · #12 Příspěvek od **j.a** » 17 pro 2010 12:52

po pol dnovej prace sa problem s zamrzanim PC neobjevil. Pripadne problemi urcite spomeniem.

Ak by ste mali chut a cas, prosim aby ste v skratke popisali co urobil skript ktory som vkladal do ComboFix-u

Dakujem za fundovanu radu

#13 Příspěvek od **Rudy** » 17 pro 2010 21:46

Na příkaz ze skriptu CF smazal ovladač, který automaticky připojoval vaše PC k serveru Akamai. Tento server obecně nepatří k bezpečným, proto jej maži. Ohledně spomalení ještě můžete PC pročistit CCleanerem: http://www.viry.cz/forum/viewtopic.php?f=46&t=7478 .

j.a · #14 Příspěvek od **j.a** » 21 pro 2010 11:28

zial, po zatazeni systemu sa problem vratil s rovnakym symptomom- nahle vytuhnutie. Ako som spomenul akakolvek snaha ovladat pc je nemozna, internetove radio pustene na pozadi hra dalej, je mozne pristupit na pocitac cez siet, funguje sietova tlac cez zmrznuty PC, protokoly teda funguju ale periferie (mys, klavesnica) su nepouzitelne, teda i priama praca s PC. Riesenie je iba tvrdy reset. Myslite, ze ma vyznam hladat pricinu alebo sa mam pustit do reinstalu windows?

j.a · #15 Příspěvek od **j.a** » 21 pro 2010 15:23

pripajam este cerstvy log z combofixu, pred tym som dal urobit scan vami odporucanym Malverbites a i scan Windows zloziek Avira. Ani jeden nic nenasiel.

ComboFix 10-12-20.03 - cadpc . 12. 2010 15:13:55.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3327.2776 [GMT 1:00]
Running from: c:\documents and settings\cadpc\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-11-21 to 2010-12-21 )))))))))))))))))))))))))))))))
.

2010-12-21 13:19 . 2010-12-21 13:19 -------- d-----w- c:\program files\Ask.com
2010-12-15 10:18 . 2010-12-15 10:18 -------- d-----w- c:\documents and settings\Administrator.PCCAD\Application Data\Malwarebytes
2010-12-15 05:20 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 05:19 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-14 18:13 . 2010-12-14 18:13 -------- d-----w- c:\documents and settings\cadpc\Application Data\Malwarebytes
2010-12-14 18:12 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-14 18:12 . 2010-12-14 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-14 18:12 . 2010-12-14 18:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-14 18:12 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 08:07 . 2010-12-14 19:52 -------- d-----w- C:\rsit
2010-12-13 10:23 . 2010-12-13 10:23 -------- d-----w- c:\program files\Common Files\Skype
2010-12-13 08:55 . 2010-12-13 09:08 -------- d-----w- c:\program files\SourceTec
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-13 07:23 . 2010-12-13 07:23 -------- d-----w- c:\program files\QuickTime
2010-12-09 09:19 . 2010-12-09 09:17 23584 ----a-w- c:\temp\ZalohRegWinSock\ERDNT.EXE
2010-12-08 20:39 . 2010-12-08 20:39 -------- d-----w- c:\program files\CCleaner
2010-12-08 18:39 . 2010-12-08 18:39 388096 ----a-r- c:\documents and settings\cadpc\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-08 18:39 . 2010-12-08 18:39 -------- d-----w- c:\program files\Trend Micro
2010-12-08 07:56 . 2010-12-21 11:00 -------- d-----w- c:\windows\system32\NtmsData
2010-12-08 07:55 . 2010-12-08 07:55 -------- d-----w- c:\documents and settings\cadpc\Application Data\Avira
2010-12-07 19:23 . 2010-12-07 19:23 -------- d-----w- c:\documents and settings\Administrator.PCCAD\Application Data\Avira
2010-12-07 19:13 . 2010-12-21 09:17 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-07 19:13 . 2010-12-07 19:19 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-07 19:13 . 2010-12-07 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-12-07 19:13 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-12-07 19:13 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-12-07 19:13 . 2010-12-07 19:13 -------- d-----w- c:\program files\Avira
2010-12-07 09:49 . 2010-12-07 09:49 -------- d-----w- c:\documents and settings\Administrator.PCCAD\Local Settings\Application Data\Opera
2010-12-07 08:39 . 2010-12-07 08:39 -------- d-----w- c:\program files\PDFCreator
2010-12-07 08:39 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-24 10:11 . 2010-11-24 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-11-24 10:10 . 2010-11-24 10:10 -------- d-----w- c:\program files\ATI Stream
2010-11-24 10:07 . 2010-11-24 10:07 -------- d-----w- C:\ATI
2010-11-23 10:05 . 2010-11-23 10:05 -------- d-----w- c:\documents and settings\cadpc\Application Data\OpenOffice.org
2010-11-23 09:14 . 2010-11-23 09:14 -------- d-----w- c:\program files\OpenOffice.org 3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2008-01-17 14:37 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2007-07-27 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2007-07-27 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2007-07-27 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-27 03:55 . 2007-06-06 14:52 5524480 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-10-27 03:17 . 2007-06-06 14:21 16330752 ----a-w- c:\windows\system32\atioglxx.dll
2010-10-27 03:10 . 2010-06-28 11:46 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-10-27 03:10 . 2010-06-28 11:46 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-10-27 03:09 . 2010-06-28 11:46 4489216 ----a-w- c:\windows\system32\aticaldd.dll
2010-10-27 03:02 . 2008-01-17 14:46 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-10-27 02:51 . 2007-06-06 14:35 3958784 ----a-w- c:\windows\system32\ati3duag.dll
2010-10-27 02:50 . 2008-01-17 14:46 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-10-27 02:49 . 2007-06-06 14:52 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-10-27 02:48 . 2007-06-06 14:30 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-10-27 02:36 . 2007-06-06 14:25 2671744 ----a-w- c:\windows\system32\ativvaxx.dll
2010-10-27 02:30 . 2007-06-06 14:45 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2010-10-27 02:30 . 2007-06-06 14:45 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-10-27 02:30 . 2007-06-06 14:45 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-10-27 02:30 . 2007-06-06 14:45 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-10-27 02:30 . 2007-06-06 14:45 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-10-27 02:28 . 2007-06-06 14:43 614400 ----a-w- c:\windows\system32\ati2evxx.exe
2010-10-27 02:27 . 2007-06-06 14:42 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-10-27 02:26 . 2010-06-28 11:46 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-10-27 02:22 . 2007-06-06 14:11 651264 ----a-w- c:\windows\system32\atikvmag.dll
2010-10-27 02:20 . 2010-06-28 11:46 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-10-27 02:20 . 2008-10-29 01:25 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-10-27 02:20 . 2008-10-29 01:19 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2010-10-27 02:20 . 2007-06-06 14:10 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-10-27 02:19 . 2007-06-06 14:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-10-27 02:14 . 2007-06-06 14:04 704512 ----a-w- c:\windows\system32\ati2cqag.dll
2010-10-26 13:25 . 2007-07-27 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-12-15_22.21.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-21 13:32 . 2010-12-21 13:32 16384 c:\windows\Temp\Perflib_Perfdata_4d0.dat
+ 2010-12-21 13:19 . 2010-12-21 13:19 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2010-12-21 13:19 . 2010-12-21 13:19 2086912 c:\windows\Installer\a8189e.msi
+ 2010-12-16 14:45 . 2010-12-16 14:45 2587136 c:\windows\Installer\5026dd.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-28 2407632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-26 98304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\00t\\totalcmd702a\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"c:\\Program Files\\00t\\utorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\cadpc\\temp\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\00t\\TC 7.5 RC2\\TOTALCMD.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010c\\WNt500x86\\sandra.mui"=
"c:\\Program Files\\wLite\\wLite.exe"=
"c:\\Program Files\\wLite\\wService.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010c\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\00t\\Total CMA Pack\\TOTALCMD.EXE"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7. 12. 2010 20:13 135336]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [18. 3. 2010 10:26 172328]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [17. 1. 2008 16:04 38656]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8. 1. 2010 8:38 135664]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [2. 2. 2010 11:24 93336]
S3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe [22. 3. 2010 20:38 4935168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 09:15 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-18 08:23]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 07:38]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 07:38]

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-57989841-725345543-1003Core.job
- c:\documents and settings\cadpc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-11 21:53]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-57989841-725345543-1003UA.job
- c:\documents and settings\cadpc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-11 21:53]

2010-12-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]

2010-12-21 c:\windows\Tasks\User_Feed_Synchronization-{2B6D4A61-9859-4C88-819B-DA8E000613C7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sme.sk/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\cadpc\Application Data\Mozilla\Firefox\Profiles\30utvsie.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\00t\Mozilla Firefox3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-21 15:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wxpSvc]
"ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(3612)
c:\windows\system32\WININET.dll
c:\windows\system32\AcSignIcon.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-21 15:19:20
ComboFix-quarantined-files.txt 2010-12-21 14:19
ComboFix2.txt 2010-12-17 09:35
ComboFix3.txt 2010-12-15 22:23
ComboFix4.txt 2010-12-08 22:09

Pre-Run: 124 400 619 520 bytes free
Post-Run: 124 389 625 856 bytes free

- - End Of File - - 1F51E0A86480CC63A0D508525119687F

VIRY.CZ

Vytuhnutie systemu

Vytuhnutie systemu

Re: Vytuhnutie systemu

Re: Vytuhnutie systemu

Re: Vytuhnutie systemu

Re: Vytuhnutie systemu

Re: Vytuhnutie systemu

Re: Vytuhnutie systemu

Re: Vytuhnutie systemu

Re: Vytuhnutie systemu

Re: Vytuhnutie systemu

Re: Vytuhnutie systemu

Re: Vytuhnutie systemu

Re: Vytuhnutie systemu

Re: Vytuhnutie systemu

Re: Vytuhnutie systemu