Zdravim
myslim, ze skenovaci soft neni pozadovany, ale z komplikovanych duvodu nemam jiny. Log nepochazi z PC, na ktery mam ted pristup.
Je tu podezreni na Spyware, Keylogger nebo neco podobneho.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:30:53, on 26.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSI\TV@Anywhere Plus\TVR\Scheduled.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Documents and Settings\Administrator\Plocha\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\aaa.HOME-263714380A.000\Dokumenty\Stažené soubory\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - (no file)
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\MSI\TV@Anywhere Plus\TVR\Scheduled.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [90992332] C:\Documents and Settings\All Users\Data aplikací\90992332\90992332.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [tessij] C:\WINDOWS\system32\pydoufojas.exe
O4 - HKLM\..\Run: [AutoStart] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7700188.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\RunServices: [tessij] C:\WINDOWS\system32\pydoufojas.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ImageMixer 3 SE Camera Monitor for SD.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (qsax Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8942.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9928825140
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=26688
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.53 85.255.112.224
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Služba Google Update (gupdate1c9aae062f2bd6d) (gupdate1c9aae062f2bd6d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Documents and Settings\Administrator\Plocha\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: bcveServ (yzsaeymw3is) - Unknown owner - C:\WINDOWS\system32\fojarov.exe (file missing)
--
End of file - 11356 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logu
Zdravim a pekny den preji 
Nachazi se PC v Americe 
Tyhle IP adresy znate 208.67.220.220,208.67.222.222 je ze San Francisca ale tahle je z Ukrainy 85.255.112.224
Haveti je tam vice nez dost 
Nachazi se PC v Americe Tyhle IP adresy znate
208.67.220.220,208.67.222.222 je ze San Francisca ale tahle je z Ukrainy 85.255.112.224 Haveti je tam vice nez dost "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu
PC se nachází v Praze, výše uvedené IP neznám.
Předpokládám, že je to tedy příznak nějakého Spyware.
Dáte mi prosím tip jak se toho zbavit, popř. mám-li majitelům PC doporučit (nejspíš nebudou schopni vypořádat se s tím sami) PC nepoužívat, než dorazí "odborník" (tedy já
)
Předem děkuju.
Předpokládám, že je to tedy příznak nějakého Spyware.
Dáte mi prosím tip jak se toho zbavit, popř. mám-li majitelům PC doporučit (nejspíš nebudou schopni vypořádat se s tím sami) PC nepoužívat, než dorazí "odborník" (tedy já
)Předem děkuju.
Re: Prosím o kontrolu logu
Spustte HJT a provedeme fixnuti polozek
- HJT najdete zde C:\Documents and Settings\aaa.HOME-263714380A.000\Dokumenty\Stažené soubory\hijackthis.exe
- Otevre se Vam okno, kliknete na Do a system scan only
- V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
- R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.53 85.255.112.224
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 - Kliknete na Fix checked (vlevo dole)
- HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo
Je mozne ze po fixnuti tech IP adres a restartu nepujde internet - pokud neni nastaveno ziskavani IP adresy automaticky, bude treba nastavit dle smlouvy s providerem
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEKEithne píše: Klepněte na Start -> Ovládací Panely -> Sítová připojení -> Připojení k místní síti a pravým tlačítkem na Vlastnosti. Vyhledejte položku Protokol sítě Internet (TCP/IP) a poklepejte na ni. Tady musíte po zaškrtnutí políček Použít následující adresu IP a Použít následující adresy serverů DNS vyplnit dva údaje, a to, IP adresu a adresu DNS serveru.
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu
Diky za pomoc, zitra jdu PC cistit. Mel bych jeste jeden dotaz. Mohl byste rict, ze tuto havet nekdo pouzil jako keylogger, cimz myslim, ze jeden clen domacnosti spehuje dalsi ?
Re: Prosím o kontrolu logu
Takto tezko rici co presne ta havet dela, ale necham si ji pak poslat a podrobime ji zkoumani..."Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu
trosku opozdene prikaldam log
ComboFix 11-01-15.01 - aaa 11.01.2005 11:32:34.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.672 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\aaa.HOME-263714380A.000\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Data aplikací\PnkBstrK.sys
C:\Documents and Settings\Administrator\oashdihasidhasuidhiasdhiashdiuasdhasd
C:\Documents and Settings\Administrator\secupdat.dat
C:\Program Files\INSTALL.LOG
C:\WINDOWS\dbxesellerate.exe
C:\WINDOWS\system\winspool.drv
C:\WINDOWS\system32\secupdat.dat
C:\WINDOWS\system32\spool\prtprocs\w32x86\2B.tmp
C:\WINDOWS\system32\spool\prtprocs\w32x86\2C.tmp
C:\WINDOWS\system32\stera.job
Nakažená kopie C:\WINDOWS\system32\msgsvc.dll byla nalezena a vyléčena.
Obnovena kopie z - C:\WINDOWS\ServicePackFiles\i386\msgsvc.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_KSI32SK
((((((((((((((((((((((((( Soubory vytvořené od 2004-12-11 do 2005-01-11 )))))))))))))))))))))))))))))))
.
2009-10-28 14:40:55 . 2009-10-28 14:40:55 1644 ----a-w- C:\zalreg_28102009.reg
2009-10-23 21:39:30 . 2010-04-03 08:00:39 -------- d-----w- C:\install
2009-01-17 08:52:14 . 2010-03-15 17:20:54 -------- d-----w- C:\totalcmd
2007-02-14 12:02:15 . 2007-02-14 12:02:15 -------- d-----w- C:\ATI
2007-02-14 11:19:46 . 2007-03-15 19:03:28 -------- d-----r- C:\$VAULT$.AVG
2007-02-14 10:27:21 . 2007-02-14 12:02:28 -------- d-----w- C:\_install
2006-12-11 22:19:22 . 2010-06-21 16:22:19 -------- d-----w- C:\audiograbber
2006-11-03 10:57:52 . 2006-11-03 10:57:52 -------- d-----w- C:\CanonMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-06 00:23:38 . 2004-08-17 13:49:22 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2010-11-06 00:23:37 . 2004-08-17 13:49:30 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2010-11-06 00:23:37 . 2004-08-17 13:49:10 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2010-11-03 12:25:54 . 2004-08-17 13:44:08 385024 ----a-w- C:\WINDOWS\system32\html.iec
2010-11-02 15:17:02 . 2001-10-25 14:00:00 40960 ----a-w- C:\WINDOWS\system32\drivers\ndproxy.sys
2010-10-28 13:09:00 . 2004-08-17 13:48:06 290048 ----a-w- C:\WINDOWS\system32\atmfd.dll
2010-10-26 13:58:35 . 2004-08-17 13:44:44 1853312 ----a-w- C:\WINDOWS\system32\win32k.sys
2010-09-18 10:23:38 . 2004-08-17 13:49:12 974848 ----a-w- C:\WINDOWS\system32\mfc42u.dll
2010-09-18 06:53:37 . 2004-08-17 13:49:12 974848 ----a-w- C:\WINDOWS\system32\mfc42.dll
2010-09-18 06:53:37 . 2001-10-25 14:00:00 954368 ----a-w- C:\WINDOWS\system32\mfc40.dll
2010-09-18 06:53:37 . 2001-10-25 14:00:00 953856 ----a-w- C:\WINDOWS\system32\mfc40u.dll
2010-08-27 08:03:42 . 2004-08-17 13:49:20 119808 ----a-w- C:\WINDOWS\system32\t2embed.dll
2010-08-27 05:54:10 . 2004-08-17 13:49:20 99840 ----a-w- C:\WINDOWS\system32\srvsvc.dll
2010-08-26 13:39:50 . 2004-08-03 21:14:46 357248 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2010-08-23 16:12:35 . 2004-08-17 13:49:04 617472 ----a-w- C:\WINDOWS\system32\comctl32.dll
2010-08-17 13:17:06 . 2004-08-17 13:49:28 58880 ----a-w- C:\WINDOWS\system32\spoolsv.exe
2010-08-16 08:45:05 . 2004-08-17 13:49:18 590848 ----a-w- C:\WINDOWS\system32\rpcrt4.dll
2010-07-27 06:30:31 . 2004-08-17 13:49:18 8466432 ----a-w- C:\WINDOWS\system32\shell32.dll
2010-07-16 12:00:53 . 2004-08-17 13:49:16 1287680 ----a-w- C:\WINDOWS\system32\ole32.dll
2010-06-30 12:33:04 . 2004-08-17 13:49:18 149504 ----a-w- C:\WINDOWS\system32\schannel.dll
2010-06-18 17:47:41 . 2004-08-17 13:49:22 293376 ----a-w- C:\WINDOWS\system32\winsrv.dll
2010-06-17 14:03:52 . 2004-08-17 13:49:10 80384 ----a-w- C:\WINDOWS\system32\iccvid.dll
2010-06-15 16:18:19 . 2001-10-25 14:00:00 143422 ----a-w- C:\WINDOWS\system32\l3codecx.ax
2010-06-14 14:31:20 . 2006-02-14 12:54:27 744448 ----a-w- C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43:17 . 2004-08-17 13:49:14 1172480 ----a-w- C:\WINDOWS\system32\msxml3.dll
2010-04-28 18:15:40 . 2004-08-17 13:45:38 2192128 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe
2010-04-28 05:45:38 . 2004-08-17 15:45:30 2068992 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe
2010-04-16 15:38:42 . 2004-08-17 13:49:20 406016 ----a-w- C:\WINDOWS\system32\usp10.dll
2010-03-29 22:52:26 . 2004-08-17 13:49:30 262416 ----a-w- C:\WINDOWS\system32\mpg4ds32.ax
2010-03-10 06:17:40 . 2004-08-17 13:49:20 420352 ----a-w- C:\WINDOWS\system32\vbscript.dll
2010-03-05 14:42:09 . 2004-08-17 13:49:04 65536 ----a-w- C:\WINDOWS\system32\asycfilt.dll
2010-02-24 13:11:07 . 2004-08-03 21:15:18 455680 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2010-02-12 04:35:01 . 2004-08-17 13:49:02 100864 ----a-w- C:\WINDOWS\system32\6to4svc.dll
2010-02-11 12:02:15 . 2004-08-03 21:07:46 226880 ----a-w- C:\WINDOWS\system32\drivers\tcpip6.sys
2010-02-05 18:27:40 . 2004-08-17 13:49:16 1294336 ----a-w- C:\WINDOWS\system32\quartz.dll
2010-01-29 14:45:28 . 2004-08-17 13:48:20 307260 ----a-w- C:\WINDOWS\system32\l3codeca.acm
2010-01-13 14:02:00 . 2004-08-17 13:49:04 86016 ----a-w- C:\WINDOWS\system32\cabview.dll
2009-12-24 07:04:50 . 2004-08-17 13:49:22 177664 ----a-w- C:\WINDOWS\system32\wintrust.dll
2009-12-14 07:10:03 . 2004-08-17 13:49:06 33280 ----a-w- C:\WINDOWS\system32\csrsrv.dll
2009-12-08 09:25:31 . 2004-08-17 13:49:18 474112 ----a-w- C:\WINDOWS\system32\shlwapi.dll
2009-11-27 17:14:09 . 2004-08-17 15:49:14 17920 ----a-w- C:\WINDOWS\system32\msyuv.dll
2009-11-27 16:09:43 . 2001-10-25 14:00:00 28672 ----a-w- C:\WINDOWS\system32\msvidc32.dll
2009-11-27 16:09:43 . 2001-10-24 12:25:04 8704 ----a-w- C:\WINDOWS\system32\tsbyuv.dll
2009-11-27 16:09:42 . 2004-08-17 15:49:10 48128 ----a-w- C:\WINDOWS\system32\iyuv_32.dll
2009-11-27 16:09:42 . 2004-08-17 13:49:14 11264 ----a-w- C:\WINDOWS\system32\msrle32.dll
2009-11-27 16:09:42 . 2004-08-17 13:49:04 84992 ----a-w- C:\WINDOWS\system32\avifil32.dll
2009-11-21 16:03:06 . 2004-08-17 13:49:02 471552 ----a-w- C:\WINDOWS\apppatch\aclayers.dll
2009-10-21 05:40:39 . 2004-08-17 13:49:20 75776 ----a-w- C:\WINDOWS\system32\strmfilt.dll
2009-10-21 05:40:39 . 2004-08-17 13:49:08 25088 ----a-w- C:\WINDOWS\system32\httpapi.dll
2009-10-20 16:20:16 . 2004-08-03 21:00:14 265728 ----a-w- C:\WINDOWS\system32\drivers\http.sys
2009-10-15 16:32:57 . 2001-10-25 14:00:00 81920 ----a-w- C:\WINDOWS\system32\fontsub.dll
2009-10-13 10:34:22 . 2004-08-17 13:49:16 271360 ----a-w- C:\WINDOWS\system32\oakley.dll
2009-10-12 13:40:19 . 2004-08-17 13:49:18 150016 ----a-w- C:\WINDOWS\system32\rastls.dll
2009-10-12 13:40:19 . 2004-08-17 13:49:16 79872 ----a-w- C:\WINDOWS\system32\raschap.dll
2009-09-11 14:19:35 . 2004-08-17 13:49:14 136192 ----a-w- C:\WINDOWS\system32\msv1_0.dll
2009-09-04 21:05:18 . 2004-08-17 13:49:12 58880 ----a-w- C:\WINDOWS\system32\msasn1.dll
2009-09-01 14:47:52 . 2004-08-17 13:48:22 282654 ----a-w- C:\WINDOWS\system32\msaud32.acm
2009-08-26 08:02:12 . 2004-08-17 13:49:20 247326 ----a-w- C:\WINDOWS\system32\strmdll.dll
2009-08-25 09:19:42 . 2004-08-17 13:49:22 354816 ----a-w- C:\WINDOWS\system32\winhttp.dll
2009-08-06 17:24:04 . 2004-08-17 13:49:04 96480 ----a-w- C:\WINDOWS\system32\cdm.dll
2009-08-05 09:01:14 . 2004-08-17 13:49:14 205312 ----a-w- C:\WINDOWS\system32\mswebdvd.dll
2009-07-17 19:04:02 . 2004-08-17 13:49:04 58880 ----a-w- C:\WINDOWS\system32\atl.dll
2009-07-17 16:17:56 . 2004-08-17 13:49:16 1437696 ----a-w- C:\WINDOWS\system32\query.dll
2009-07-13 08:08:14 . 2004-08-17 13:49:22 286720 ----a-w- C:\WINDOWS\system32\wmpdxm.dll
2009-06-25 08:27:37 . 2004-08-17 13:49:20 54272 ----a-w- C:\WINDOWS\system32\wdigest.dll
2009-06-25 08:27:37 . 2004-08-17 13:49:18 56832 ----a-w- C:\WINDOWS\system32\secur32.dll
2009-06-25 08:27:37 . 2004-08-17 13:49:12 729088 ----a-w- C:\WINDOWS\system32\lsasrv.dll
2009-06-25 08:27:37 . 2004-08-17 13:49:10 301568 ----a-w- C:\WINDOWS\system32\kerberos.dll
2009-06-24 11:18:41 . 2004-08-03 20:59:48 92928 ----a-w- C:\WINDOWS\system32\drivers\ksecdd.sys
2009-06-15 10:45:30 . 2004-08-17 13:49:28 78336 ----a-w- C:\WINDOWS\system32\telnet.exe
2009-06-15 10:45:29 . 2004-08-17 13:49:28 81408 ----a-w- C:\WINDOWS\system32\tlntsess.exe
2009-06-10 06:16:20 . 2004-08-17 13:49:22 132096 ----a-w- C:\WINDOWS\system32\wkssvc.dll
2009-05-07 15:33:45 . 2004-08-17 13:49:10 346624 ----a-w- C:\WINDOWS\system32\localspl.dll
2009-03-08 03:33:40 . 2004-08-17 13:49:04 18944 ----a-w- C:\WINDOWS\system32\corpol.dll
2009-03-08 03:32:56 . 2004-08-17 13:49:02 72704 ----a-w- C:\WINDOWS\system32\admparse.dll
2009-03-08 03:32:50 . 2004-08-17 13:49:10 71680 ----a-w- C:\WINDOWS\system32\iesetup.dll
2009-03-08 03:31:38 . 2004-08-17 13:49:10 34816 ----a-w- C:\WINDOWS\system32\imgutil.dll
2009-03-08 03:31:18 . 2004-08-17 13:48:24 48128 ----a-w- C:\WINDOWS\system32\mshtmler.dll
2009-03-08 03:31:02 . 2004-08-17 13:49:26 45568 ----a-w- C:\WINDOWS\system32\mshta.exe
2009-03-08 03:31:02 . 2004-08-03 20:19:56 1638912 ----a-w- C:\WINDOWS\system32\mshtml.tlb
2009-03-08 03:30:56 . 2004-08-03 20:59:30 66560 ----a-w- C:\WINDOWS\system32\tdc.ocx
2009-03-08 03:22:38 . 2001-10-25 14:00:00 156160 ----a-w- C:\WINDOWS\system32\msls31.dll
2009-03-06 14:23:43 . 2004-08-17 13:49:16 284160 ----a-w- C:\WINDOWS\system32\pdh.dll
2009-02-09 11:25:57 . 2004-08-17 13:49:28 111104 ----a-w- C:\WINDOWS\system32\services.exe
2009-02-09 10:56:06 . 2004-08-17 13:49:18 401408 ----a-w- C:\WINDOWS\system32\rpcss.dll
2009-02-09 10:56:05 . 2004-08-17 13:49:02 684032 ----a-w- C:\WINDOWS\system32\advapi32.dll
2009-02-09 10:56:05 . 2004-08-17 13:48:58 709632 ----a-w- C:\WINDOWS\system32\ntdll.dll
2009-02-06 10:39:08 . 2001-10-25 14:00:00 35328 ----a-w- C:\WINDOWS\system32\sc.exe
2008-10-23 12:42:52 . 2004-08-17 13:49:08 286720 ----a-w- C:\WINDOWS\system32\gdi32.dll
2008-08-14 10:04:36 . 2004-08-03 21:14:16 138496 ----a-w- C:\WINDOWS\system32\drivers\afd.sys
2008-07-07 20:29:06 . 2004-08-17 13:49:08 253952 ----a-w- C:\WINDOWS\system32\es.dll
2008-06-24 16:44:28 . 2004-08-17 13:49:12 74240 ----a-w- C:\WINDOWS\system32\mscms.dll
2008-06-20 17:49:25 . 2004-08-17 13:49:14 247296 ----a-w- C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51:12 . 2009-07-12 10:15:44 361600 ----a-w- C:\WINDOWS\system32\drivers\tcpip.copy
2008-06-20 11:51:12 . 2004-08-03 21:14:42 361600 ----a-w- C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-12 14:24:04 . 2004-08-17 13:49:14 66560 ----a-w- C:\WINDOWS\system32\mtxclu.dll
2008-05-19 04:33:20 . 2004-08-17 13:49:14 4445184 ----a-w- C:\WINDOWS\system32\msi.dll
2008-05-19 04:33:20 . 2004-08-17 13:49:14 332800 ----a-w- C:\WINDOWS\system32\msihnd.dll
2008-05-19 04:33:20 . 2004-08-17 13:49:14 18944 ----a-w- C:\WINDOWS\system32\msisip.dll
2008-05-18 23:57:42 . 2004-08-17 13:49:26 95744 ----a-w- C:\WINDOWS\system32\msiexec.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "C:\Program Files\uTorrentBar\tbuTor.dll" [2010-12-09 11:51:30 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51:30 3911776 ----a-w- C:\Program Files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51:30 3911776 ----a-w- C:\Program Files\uTorrentBar\tbuTor.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "C:\Program Files\uTorrentBar\tbuTor.dll" [2010-12-09 11:51:30 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "C:\Program Files\ConduitEngine\ConduitEngine.dll" [2010-12-09 11:51:30 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaOviSuite2"="C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-09-02 09:26:02 672632]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2010-09-02 13:15:04 13351304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 16:12:36 131072]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 00:50:34 33792]
"PVR Agent"="C:\Program Files\MSI\TV@Anywhere Plus\TVR\Scheduled.exe" [2005-04-29 16:00:58 748032]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42:40 32768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 20:05:00 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-12-15 18:49:15 136600]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50:42 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-11-10 22:08:18 417792]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2009-12-23 17:23:19 1070984]
"TkBellExe"="C:\program files\real\realplayer\update\realsched.exe" [2010-11-17 13:53:32 274608]
"avast5"="C:\Program Files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 08:47:34 3396624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:22:17 15360]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ImageMixer 3 SE Camera Monitor for SD.lnk - C:\Program Files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe [2009-12-20 253952]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0stera
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\WINDOWS\\system32\\WgaTray.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\ABC\\abc.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\ICQ7.2\\ICQ.exe"=
"C:\\Program Files\\ICQ7.2\\aolload.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [18.3.2006 16:44:01 691696]
R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [1.1.2013 10:28:07 294608]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [1.1.2013 10:28:08 17744]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [28.10.2009 19:36:30 246520]
R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\drivers\Cap713x.sys [14.2.2007 11:27:50 685824]
S2 emifzecb;emifzecb; [x]
S2 gupdate1c9aae062f2bd6d;Služba Google Update (gupdate1c9aae062f2bd6d);C:\Program Files\Google\Update\GoogleUpdate.exe [22.3.2009 12:21:45 133104]
S2 iiknqkvv;iiknqkvv; [x]
S2 misuuxje;misuuxje; [x]
S2 njudernq;njudernq; [x]
S2 nlvwqdfu;nlvwqdfu; [x]
S2 oiqmrtbz;oiqmrtbz; [x]
S2 yzsaeymw3is;bcveServ;C:\WINDOWS\system32\fojarov.exe --> C:\WINDOWS\system32\fojarov.exe [?]
S2 zlmuncig;zlmuncig; [x]
S3 axkbagqb;axkbagqb;\??\C:\WINDOWS\System32\Drivers\axkbagqb.sys --> C:\WINDOWS\System32\Drivers\axkbagqb.sys [?]
S3 cghndbfn;cghndbfn;\??\C:\WINDOWS\System32\Drivers\cghndbfn.sys --> C:\WINDOWS\System32\Drivers\cghndbfn.sys [?]
S3 clmnnhhr;clmnnhhr;\??\C:\WINDOWS\System32\Drivers\clmnnhhr.sys --> C:\WINDOWS\System32\Drivers\clmnnhhr.sys [?]
S3 cqdevcvp;cqdevcvp;\??\C:\WINDOWS\System32\Drivers\cqdevcvp.sys --> C:\WINDOWS\System32\Drivers\cqdevcvp.sys [?]
S3 fbyflzyt;fbyflzyt;\??\C:\WINDOWS\System32\Drivers\fbyflzyt.sys --> C:\WINDOWS\System32\Drivers\fbyflzyt.sys [?]
S3 fstqavoe;fstqavoe;\??\C:\WINDOWS\System32\Drivers\fstqavoe.sys --> C:\WINDOWS\System32\Drivers\fstqavoe.sys [?]
S3 hlngligu;hlngligu;\??\C:\WINDOWS\System32\Drivers\hlngligu.sys --> C:\WINDOWS\System32\Drivers\hlngligu.sys [?]
S3 lvqdxvuc;lvqdxvuc;\??\C:\WINDOWS\System32\Drivers\lvqdxvuc.sys --> C:\WINDOWS\System32\Drivers\lvqdxvuc.sys [?]
S3 mmytnvwh;mmytnvwh;\??\C:\WINDOWS\System32\Drivers\mmytnvwh.sys --> C:\WINDOWS\System32\Drivers\mmytnvwh.sys [?]
S3 nhicktno;nhicktno;\??\C:\WINDOWS\System32\Drivers\nhicktno.sys --> C:\WINDOWS\System32\Drivers\nhicktno.sys [?]
S3 npmakexo;npmakexo;\??\C:\WINDOWS\System32\Drivers\npmakexo.sys --> C:\WINDOWS\System32\Drivers\npmakexo.sys [?]
S3 oalgnlgr;oalgnlgr;\??\C:\WINDOWS\System32\Drivers\oalgnlgr.sys --> C:\WINDOWS\System32\Drivers\oalgnlgr.sys [?]
S3 olqnbruw;olqnbruw;\??\C:\WINDOWS\System32\Drivers\olqnbruw.sys --> C:\WINDOWS\System32\Drivers\olqnbruw.sys [?]
S3 oppzpbyh;oppzpbyh;\??\C:\WINDOWS\System32\Drivers\oppzpbyh.sys --> C:\WINDOWS\System32\Drivers\oppzpbyh.sys [?]
S3 peeinjsy;peeinjsy;\??\C:\WINDOWS\System32\Drivers\peeinjsy.sys --> C:\WINDOWS\System32\Drivers\peeinjsy.sys [?]
S3 ujbysnht;ujbysnht;\??\C:\WINDOWS\System32\Drivers\ujbysnht.sys --> C:\WINDOWS\System32\Drivers\ujbysnht.sys [?]
S3 vaxscsi;vaxscsi;C:\WINDOWS\system32\drivers\vaxscsi.sys [2.1.2010 19:04:58 223128]
.
Obsah adresáře 'Naplánované úlohy'
2010-12-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34:12 . 2008-07-30 11:34:12]
2005-01-11 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-22 11:21:45 . 2009-03-22 11:21:41]
2011-01-03 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-22 11:21:45 . 2009-03-22 11:21:41]
2005-01-11 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-813497703-682003330-1004.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33:50 . 2010-11-05 10:33:50]
2005-01-11 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-813497703-682003330-500.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33:50 . 2010-11-05 10:33:50]
2005-01-11 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-813497703-682003330-1004.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33:50 . 2010-11-05 10:33:50]
2010-12-30 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-813497703-682003330-500.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33:50 . 2010-11-05 10:33:50]
2005-01-07 C:\WINDOWS\Tasks\{748E369E-A13B-41E6-9C81-CDE9FDECCFD3}_HOME-263714380A_Administrator.job
- C:\WINDOWS\system32\mobsync.exe [2004-08-17 13:49:26 . 2008-04-14 03:22:31]
2005-01-07 C:\WINDOWS\Tasks\{B1331913-A647-495C-9CE1-BAAB9D0AADE3}_HOME-263714380A_Administrator.job
- C:\WINDOWS\system32\mobsync.exe [2004-08-17 13:49:26 . 2008-04-14 03:22:31]
2005-01-10 C:\WINDOWS\Tasks\{F0D56A87-3F60-459F-9333-35CC0CF02483}_HOME-263714380A_Administrator.job
- C:\WINDOWS\system32\mobsync.exe [2004-08-17 13:49:26 . 2008-04-14 03:22:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
uInternet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
IE: E&xportovat do aplikace Microsoft Office Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - C:\Documents and Settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-tessij - C:\WINDOWS\system32\pydoufojas.exe
HKLM-Run-AutoStart - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7700188.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
ComboFix 11-01-15.01 - aaa 11.01.2005 11:32:34.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.672 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\aaa.HOME-263714380A.000\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Data aplikací\PnkBstrK.sys
C:\Documents and Settings\Administrator\oashdihasidhasuidhiasdhiashdiuasdhasd
C:\Documents and Settings\Administrator\secupdat.dat
C:\Program Files\INSTALL.LOG
C:\WINDOWS\dbxesellerate.exe
C:\WINDOWS\system\winspool.drv
C:\WINDOWS\system32\secupdat.dat
C:\WINDOWS\system32\spool\prtprocs\w32x86\2B.tmp
C:\WINDOWS\system32\spool\prtprocs\w32x86\2C.tmp
C:\WINDOWS\system32\stera.job
Nakažená kopie C:\WINDOWS\system32\msgsvc.dll byla nalezena a vyléčena.
Obnovena kopie z - C:\WINDOWS\ServicePackFiles\i386\msgsvc.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_KSI32SK
((((((((((((((((((((((((( Soubory vytvořené od 2004-12-11 do 2005-01-11 )))))))))))))))))))))))))))))))
.
2009-10-28 14:40:55 . 2009-10-28 14:40:55 1644 ----a-w- C:\zalreg_28102009.reg
2009-10-23 21:39:30 . 2010-04-03 08:00:39 -------- d-----w- C:\install
2009-01-17 08:52:14 . 2010-03-15 17:20:54 -------- d-----w- C:\totalcmd
2007-02-14 12:02:15 . 2007-02-14 12:02:15 -------- d-----w- C:\ATI
2007-02-14 11:19:46 . 2007-03-15 19:03:28 -------- d-----r- C:\$VAULT$.AVG
2007-02-14 10:27:21 . 2007-02-14 12:02:28 -------- d-----w- C:\_install
2006-12-11 22:19:22 . 2010-06-21 16:22:19 -------- d-----w- C:\audiograbber
2006-11-03 10:57:52 . 2006-11-03 10:57:52 -------- d-----w- C:\CanonMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-06 00:23:38 . 2004-08-17 13:49:22 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2010-11-06 00:23:37 . 2004-08-17 13:49:30 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2010-11-06 00:23:37 . 2004-08-17 13:49:10 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2010-11-03 12:25:54 . 2004-08-17 13:44:08 385024 ----a-w- C:\WINDOWS\system32\html.iec
2010-11-02 15:17:02 . 2001-10-25 14:00:00 40960 ----a-w- C:\WINDOWS\system32\drivers\ndproxy.sys
2010-10-28 13:09:00 . 2004-08-17 13:48:06 290048 ----a-w- C:\WINDOWS\system32\atmfd.dll
2010-10-26 13:58:35 . 2004-08-17 13:44:44 1853312 ----a-w- C:\WINDOWS\system32\win32k.sys
2010-09-18 10:23:38 . 2004-08-17 13:49:12 974848 ----a-w- C:\WINDOWS\system32\mfc42u.dll
2010-09-18 06:53:37 . 2004-08-17 13:49:12 974848 ----a-w- C:\WINDOWS\system32\mfc42.dll
2010-09-18 06:53:37 . 2001-10-25 14:00:00 954368 ----a-w- C:\WINDOWS\system32\mfc40.dll
2010-09-18 06:53:37 . 2001-10-25 14:00:00 953856 ----a-w- C:\WINDOWS\system32\mfc40u.dll
2010-08-27 08:03:42 . 2004-08-17 13:49:20 119808 ----a-w- C:\WINDOWS\system32\t2embed.dll
2010-08-27 05:54:10 . 2004-08-17 13:49:20 99840 ----a-w- C:\WINDOWS\system32\srvsvc.dll
2010-08-26 13:39:50 . 2004-08-03 21:14:46 357248 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2010-08-23 16:12:35 . 2004-08-17 13:49:04 617472 ----a-w- C:\WINDOWS\system32\comctl32.dll
2010-08-17 13:17:06 . 2004-08-17 13:49:28 58880 ----a-w- C:\WINDOWS\system32\spoolsv.exe
2010-08-16 08:45:05 . 2004-08-17 13:49:18 590848 ----a-w- C:\WINDOWS\system32\rpcrt4.dll
2010-07-27 06:30:31 . 2004-08-17 13:49:18 8466432 ----a-w- C:\WINDOWS\system32\shell32.dll
2010-07-16 12:00:53 . 2004-08-17 13:49:16 1287680 ----a-w- C:\WINDOWS\system32\ole32.dll
2010-06-30 12:33:04 . 2004-08-17 13:49:18 149504 ----a-w- C:\WINDOWS\system32\schannel.dll
2010-06-18 17:47:41 . 2004-08-17 13:49:22 293376 ----a-w- C:\WINDOWS\system32\winsrv.dll
2010-06-17 14:03:52 . 2004-08-17 13:49:10 80384 ----a-w- C:\WINDOWS\system32\iccvid.dll
2010-06-15 16:18:19 . 2001-10-25 14:00:00 143422 ----a-w- C:\WINDOWS\system32\l3codecx.ax
2010-06-14 14:31:20 . 2006-02-14 12:54:27 744448 ----a-w- C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43:17 . 2004-08-17 13:49:14 1172480 ----a-w- C:\WINDOWS\system32\msxml3.dll
2010-04-28 18:15:40 . 2004-08-17 13:45:38 2192128 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe
2010-04-28 05:45:38 . 2004-08-17 15:45:30 2068992 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe
2010-04-16 15:38:42 . 2004-08-17 13:49:20 406016 ----a-w- C:\WINDOWS\system32\usp10.dll
2010-03-29 22:52:26 . 2004-08-17 13:49:30 262416 ----a-w- C:\WINDOWS\system32\mpg4ds32.ax
2010-03-10 06:17:40 . 2004-08-17 13:49:20 420352 ----a-w- C:\WINDOWS\system32\vbscript.dll
2010-03-05 14:42:09 . 2004-08-17 13:49:04 65536 ----a-w- C:\WINDOWS\system32\asycfilt.dll
2010-02-24 13:11:07 . 2004-08-03 21:15:18 455680 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2010-02-12 04:35:01 . 2004-08-17 13:49:02 100864 ----a-w- C:\WINDOWS\system32\6to4svc.dll
2010-02-11 12:02:15 . 2004-08-03 21:07:46 226880 ----a-w- C:\WINDOWS\system32\drivers\tcpip6.sys
2010-02-05 18:27:40 . 2004-08-17 13:49:16 1294336 ----a-w- C:\WINDOWS\system32\quartz.dll
2010-01-29 14:45:28 . 2004-08-17 13:48:20 307260 ----a-w- C:\WINDOWS\system32\l3codeca.acm
2010-01-13 14:02:00 . 2004-08-17 13:49:04 86016 ----a-w- C:\WINDOWS\system32\cabview.dll
2009-12-24 07:04:50 . 2004-08-17 13:49:22 177664 ----a-w- C:\WINDOWS\system32\wintrust.dll
2009-12-14 07:10:03 . 2004-08-17 13:49:06 33280 ----a-w- C:\WINDOWS\system32\csrsrv.dll
2009-12-08 09:25:31 . 2004-08-17 13:49:18 474112 ----a-w- C:\WINDOWS\system32\shlwapi.dll
2009-11-27 17:14:09 . 2004-08-17 15:49:14 17920 ----a-w- C:\WINDOWS\system32\msyuv.dll
2009-11-27 16:09:43 . 2001-10-25 14:00:00 28672 ----a-w- C:\WINDOWS\system32\msvidc32.dll
2009-11-27 16:09:43 . 2001-10-24 12:25:04 8704 ----a-w- C:\WINDOWS\system32\tsbyuv.dll
2009-11-27 16:09:42 . 2004-08-17 15:49:10 48128 ----a-w- C:\WINDOWS\system32\iyuv_32.dll
2009-11-27 16:09:42 . 2004-08-17 13:49:14 11264 ----a-w- C:\WINDOWS\system32\msrle32.dll
2009-11-27 16:09:42 . 2004-08-17 13:49:04 84992 ----a-w- C:\WINDOWS\system32\avifil32.dll
2009-11-21 16:03:06 . 2004-08-17 13:49:02 471552 ----a-w- C:\WINDOWS\apppatch\aclayers.dll
2009-10-21 05:40:39 . 2004-08-17 13:49:20 75776 ----a-w- C:\WINDOWS\system32\strmfilt.dll
2009-10-21 05:40:39 . 2004-08-17 13:49:08 25088 ----a-w- C:\WINDOWS\system32\httpapi.dll
2009-10-20 16:20:16 . 2004-08-03 21:00:14 265728 ----a-w- C:\WINDOWS\system32\drivers\http.sys
2009-10-15 16:32:57 . 2001-10-25 14:00:00 81920 ----a-w- C:\WINDOWS\system32\fontsub.dll
2009-10-13 10:34:22 . 2004-08-17 13:49:16 271360 ----a-w- C:\WINDOWS\system32\oakley.dll
2009-10-12 13:40:19 . 2004-08-17 13:49:18 150016 ----a-w- C:\WINDOWS\system32\rastls.dll
2009-10-12 13:40:19 . 2004-08-17 13:49:16 79872 ----a-w- C:\WINDOWS\system32\raschap.dll
2009-09-11 14:19:35 . 2004-08-17 13:49:14 136192 ----a-w- C:\WINDOWS\system32\msv1_0.dll
2009-09-04 21:05:18 . 2004-08-17 13:49:12 58880 ----a-w- C:\WINDOWS\system32\msasn1.dll
2009-09-01 14:47:52 . 2004-08-17 13:48:22 282654 ----a-w- C:\WINDOWS\system32\msaud32.acm
2009-08-26 08:02:12 . 2004-08-17 13:49:20 247326 ----a-w- C:\WINDOWS\system32\strmdll.dll
2009-08-25 09:19:42 . 2004-08-17 13:49:22 354816 ----a-w- C:\WINDOWS\system32\winhttp.dll
2009-08-06 17:24:04 . 2004-08-17 13:49:04 96480 ----a-w- C:\WINDOWS\system32\cdm.dll
2009-08-05 09:01:14 . 2004-08-17 13:49:14 205312 ----a-w- C:\WINDOWS\system32\mswebdvd.dll
2009-07-17 19:04:02 . 2004-08-17 13:49:04 58880 ----a-w- C:\WINDOWS\system32\atl.dll
2009-07-17 16:17:56 . 2004-08-17 13:49:16 1437696 ----a-w- C:\WINDOWS\system32\query.dll
2009-07-13 08:08:14 . 2004-08-17 13:49:22 286720 ----a-w- C:\WINDOWS\system32\wmpdxm.dll
2009-06-25 08:27:37 . 2004-08-17 13:49:20 54272 ----a-w- C:\WINDOWS\system32\wdigest.dll
2009-06-25 08:27:37 . 2004-08-17 13:49:18 56832 ----a-w- C:\WINDOWS\system32\secur32.dll
2009-06-25 08:27:37 . 2004-08-17 13:49:12 729088 ----a-w- C:\WINDOWS\system32\lsasrv.dll
2009-06-25 08:27:37 . 2004-08-17 13:49:10 301568 ----a-w- C:\WINDOWS\system32\kerberos.dll
2009-06-24 11:18:41 . 2004-08-03 20:59:48 92928 ----a-w- C:\WINDOWS\system32\drivers\ksecdd.sys
2009-06-15 10:45:30 . 2004-08-17 13:49:28 78336 ----a-w- C:\WINDOWS\system32\telnet.exe
2009-06-15 10:45:29 . 2004-08-17 13:49:28 81408 ----a-w- C:\WINDOWS\system32\tlntsess.exe
2009-06-10 06:16:20 . 2004-08-17 13:49:22 132096 ----a-w- C:\WINDOWS\system32\wkssvc.dll
2009-05-07 15:33:45 . 2004-08-17 13:49:10 346624 ----a-w- C:\WINDOWS\system32\localspl.dll
2009-03-08 03:33:40 . 2004-08-17 13:49:04 18944 ----a-w- C:\WINDOWS\system32\corpol.dll
2009-03-08 03:32:56 . 2004-08-17 13:49:02 72704 ----a-w- C:\WINDOWS\system32\admparse.dll
2009-03-08 03:32:50 . 2004-08-17 13:49:10 71680 ----a-w- C:\WINDOWS\system32\iesetup.dll
2009-03-08 03:31:38 . 2004-08-17 13:49:10 34816 ----a-w- C:\WINDOWS\system32\imgutil.dll
2009-03-08 03:31:18 . 2004-08-17 13:48:24 48128 ----a-w- C:\WINDOWS\system32\mshtmler.dll
2009-03-08 03:31:02 . 2004-08-17 13:49:26 45568 ----a-w- C:\WINDOWS\system32\mshta.exe
2009-03-08 03:31:02 . 2004-08-03 20:19:56 1638912 ----a-w- C:\WINDOWS\system32\mshtml.tlb
2009-03-08 03:30:56 . 2004-08-03 20:59:30 66560 ----a-w- C:\WINDOWS\system32\tdc.ocx
2009-03-08 03:22:38 . 2001-10-25 14:00:00 156160 ----a-w- C:\WINDOWS\system32\msls31.dll
2009-03-06 14:23:43 . 2004-08-17 13:49:16 284160 ----a-w- C:\WINDOWS\system32\pdh.dll
2009-02-09 11:25:57 . 2004-08-17 13:49:28 111104 ----a-w- C:\WINDOWS\system32\services.exe
2009-02-09 10:56:06 . 2004-08-17 13:49:18 401408 ----a-w- C:\WINDOWS\system32\rpcss.dll
2009-02-09 10:56:05 . 2004-08-17 13:49:02 684032 ----a-w- C:\WINDOWS\system32\advapi32.dll
2009-02-09 10:56:05 . 2004-08-17 13:48:58 709632 ----a-w- C:\WINDOWS\system32\ntdll.dll
2009-02-06 10:39:08 . 2001-10-25 14:00:00 35328 ----a-w- C:\WINDOWS\system32\sc.exe
2008-10-23 12:42:52 . 2004-08-17 13:49:08 286720 ----a-w- C:\WINDOWS\system32\gdi32.dll
2008-08-14 10:04:36 . 2004-08-03 21:14:16 138496 ----a-w- C:\WINDOWS\system32\drivers\afd.sys
2008-07-07 20:29:06 . 2004-08-17 13:49:08 253952 ----a-w- C:\WINDOWS\system32\es.dll
2008-06-24 16:44:28 . 2004-08-17 13:49:12 74240 ----a-w- C:\WINDOWS\system32\mscms.dll
2008-06-20 17:49:25 . 2004-08-17 13:49:14 247296 ----a-w- C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51:12 . 2009-07-12 10:15:44 361600 ----a-w- C:\WINDOWS\system32\drivers\tcpip.copy
2008-06-20 11:51:12 . 2004-08-03 21:14:42 361600 ----a-w- C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-12 14:24:04 . 2004-08-17 13:49:14 66560 ----a-w- C:\WINDOWS\system32\mtxclu.dll
2008-05-19 04:33:20 . 2004-08-17 13:49:14 4445184 ----a-w- C:\WINDOWS\system32\msi.dll
2008-05-19 04:33:20 . 2004-08-17 13:49:14 332800 ----a-w- C:\WINDOWS\system32\msihnd.dll
2008-05-19 04:33:20 . 2004-08-17 13:49:14 18944 ----a-w- C:\WINDOWS\system32\msisip.dll
2008-05-18 23:57:42 . 2004-08-17 13:49:26 95744 ----a-w- C:\WINDOWS\system32\msiexec.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "C:\Program Files\uTorrentBar\tbuTor.dll" [2010-12-09 11:51:30 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51:30 3911776 ----a-w- C:\Program Files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51:30 3911776 ----a-w- C:\Program Files\uTorrentBar\tbuTor.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "C:\Program Files\uTorrentBar\tbuTor.dll" [2010-12-09 11:51:30 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "C:\Program Files\ConduitEngine\ConduitEngine.dll" [2010-12-09 11:51:30 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaOviSuite2"="C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-09-02 09:26:02 672632]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2010-09-02 13:15:04 13351304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 16:12:36 131072]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 00:50:34 33792]
"PVR Agent"="C:\Program Files\MSI\TV@Anywhere Plus\TVR\Scheduled.exe" [2005-04-29 16:00:58 748032]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42:40 32768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 20:05:00 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-12-15 18:49:15 136600]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50:42 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-11-10 22:08:18 417792]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2009-12-23 17:23:19 1070984]
"TkBellExe"="C:\program files\real\realplayer\update\realsched.exe" [2010-11-17 13:53:32 274608]
"avast5"="C:\Program Files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 08:47:34 3396624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:22:17 15360]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ImageMixer 3 SE Camera Monitor for SD.lnk - C:\Program Files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe [2009-12-20 253952]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0stera
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\WINDOWS\\system32\\WgaTray.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\ABC\\abc.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\ICQ7.2\\ICQ.exe"=
"C:\\Program Files\\ICQ7.2\\aolload.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [18.3.2006 16:44:01 691696]
R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [1.1.2013 10:28:07 294608]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [1.1.2013 10:28:08 17744]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [28.10.2009 19:36:30 246520]
R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\drivers\Cap713x.sys [14.2.2007 11:27:50 685824]
S2 emifzecb;emifzecb; [x]
S2 gupdate1c9aae062f2bd6d;Služba Google Update (gupdate1c9aae062f2bd6d);C:\Program Files\Google\Update\GoogleUpdate.exe [22.3.2009 12:21:45 133104]
S2 iiknqkvv;iiknqkvv; [x]
S2 misuuxje;misuuxje; [x]
S2 njudernq;njudernq; [x]
S2 nlvwqdfu;nlvwqdfu; [x]
S2 oiqmrtbz;oiqmrtbz; [x]
S2 yzsaeymw3is;bcveServ;C:\WINDOWS\system32\fojarov.exe --> C:\WINDOWS\system32\fojarov.exe [?]
S2 zlmuncig;zlmuncig; [x]
S3 axkbagqb;axkbagqb;\??\C:\WINDOWS\System32\Drivers\axkbagqb.sys --> C:\WINDOWS\System32\Drivers\axkbagqb.sys [?]
S3 cghndbfn;cghndbfn;\??\C:\WINDOWS\System32\Drivers\cghndbfn.sys --> C:\WINDOWS\System32\Drivers\cghndbfn.sys [?]
S3 clmnnhhr;clmnnhhr;\??\C:\WINDOWS\System32\Drivers\clmnnhhr.sys --> C:\WINDOWS\System32\Drivers\clmnnhhr.sys [?]
S3 cqdevcvp;cqdevcvp;\??\C:\WINDOWS\System32\Drivers\cqdevcvp.sys --> C:\WINDOWS\System32\Drivers\cqdevcvp.sys [?]
S3 fbyflzyt;fbyflzyt;\??\C:\WINDOWS\System32\Drivers\fbyflzyt.sys --> C:\WINDOWS\System32\Drivers\fbyflzyt.sys [?]
S3 fstqavoe;fstqavoe;\??\C:\WINDOWS\System32\Drivers\fstqavoe.sys --> C:\WINDOWS\System32\Drivers\fstqavoe.sys [?]
S3 hlngligu;hlngligu;\??\C:\WINDOWS\System32\Drivers\hlngligu.sys --> C:\WINDOWS\System32\Drivers\hlngligu.sys [?]
S3 lvqdxvuc;lvqdxvuc;\??\C:\WINDOWS\System32\Drivers\lvqdxvuc.sys --> C:\WINDOWS\System32\Drivers\lvqdxvuc.sys [?]
S3 mmytnvwh;mmytnvwh;\??\C:\WINDOWS\System32\Drivers\mmytnvwh.sys --> C:\WINDOWS\System32\Drivers\mmytnvwh.sys [?]
S3 nhicktno;nhicktno;\??\C:\WINDOWS\System32\Drivers\nhicktno.sys --> C:\WINDOWS\System32\Drivers\nhicktno.sys [?]
S3 npmakexo;npmakexo;\??\C:\WINDOWS\System32\Drivers\npmakexo.sys --> C:\WINDOWS\System32\Drivers\npmakexo.sys [?]
S3 oalgnlgr;oalgnlgr;\??\C:\WINDOWS\System32\Drivers\oalgnlgr.sys --> C:\WINDOWS\System32\Drivers\oalgnlgr.sys [?]
S3 olqnbruw;olqnbruw;\??\C:\WINDOWS\System32\Drivers\olqnbruw.sys --> C:\WINDOWS\System32\Drivers\olqnbruw.sys [?]
S3 oppzpbyh;oppzpbyh;\??\C:\WINDOWS\System32\Drivers\oppzpbyh.sys --> C:\WINDOWS\System32\Drivers\oppzpbyh.sys [?]
S3 peeinjsy;peeinjsy;\??\C:\WINDOWS\System32\Drivers\peeinjsy.sys --> C:\WINDOWS\System32\Drivers\peeinjsy.sys [?]
S3 ujbysnht;ujbysnht;\??\C:\WINDOWS\System32\Drivers\ujbysnht.sys --> C:\WINDOWS\System32\Drivers\ujbysnht.sys [?]
S3 vaxscsi;vaxscsi;C:\WINDOWS\system32\drivers\vaxscsi.sys [2.1.2010 19:04:58 223128]
.
Obsah adresáře 'Naplánované úlohy'
2010-12-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34:12 . 2008-07-30 11:34:12]
2005-01-11 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-22 11:21:45 . 2009-03-22 11:21:41]
2011-01-03 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-22 11:21:45 . 2009-03-22 11:21:41]
2005-01-11 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-813497703-682003330-1004.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33:50 . 2010-11-05 10:33:50]
2005-01-11 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-813497703-682003330-500.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33:50 . 2010-11-05 10:33:50]
2005-01-11 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-813497703-682003330-1004.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33:50 . 2010-11-05 10:33:50]
2010-12-30 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-813497703-682003330-500.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33:50 . 2010-11-05 10:33:50]
2005-01-07 C:\WINDOWS\Tasks\{748E369E-A13B-41E6-9C81-CDE9FDECCFD3}_HOME-263714380A_Administrator.job
- C:\WINDOWS\system32\mobsync.exe [2004-08-17 13:49:26 . 2008-04-14 03:22:31]
2005-01-07 C:\WINDOWS\Tasks\{B1331913-A647-495C-9CE1-BAAB9D0AADE3}_HOME-263714380A_Administrator.job
- C:\WINDOWS\system32\mobsync.exe [2004-08-17 13:49:26 . 2008-04-14 03:22:31]
2005-01-10 C:\WINDOWS\Tasks\{F0D56A87-3F60-459F-9333-35CC0CF02483}_HOME-263714380A_Administrator.job
- C:\WINDOWS\system32\mobsync.exe [2004-08-17 13:49:26 . 2008-04-14 03:22:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
uInternet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
IE: E&xportovat do aplikace Microsoft Office Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - C:\Documents and Settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-tessij - C:\WINDOWS\system32\pydoufojas.exe
HKLM-Run-AutoStart - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7700188.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
Re: Prosím o kontrolu logu
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Folder:: C:\Program Files\Trojan Remover C:\Program Files\uTorrentBar C:\Program Files\ICQ6Toolbar\ Registry:: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=- [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=- [-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaOviSuite2"=- "Skype"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"=- "RemoteControl"=- "SunJavaUpdateSched"=- "NeroFilterCheck"=- "QuickTime Task"=- "TrojanScanner"=- "TkBellExe"=- Driver:: ICQ Service gupdate1c9aae062f2bd6d emifzecb iiknqkvv misuuxje njudernq nlvwqdfu oiqmrtbz yzsaeymw3is zlmuncig axkbagqb cghndbfn clmnnhhr cqdevcvp fbyflzyt fstqavoe hlngligu lvqdxvuc mmytnvwh nhicktno npmakexo oalgnlgr olqnbruw oppzpbyh peeinjsy ujbysnht vaxscsi File:: C:\WINDOWS\system32\fojarov.exe C:\WINDOWS\System32\Drivers\axkbagqb.sys C:\WINDOWS\System32\Drivers\cghndbfn.sys C:\WINDOWS\System32\Drivers\clmnnhhr.sys C:\WINDOWS\System32\Drivers\cqdevcvp.sys C:\WINDOWS\System32\Drivers\fbyflzyt.sys C:\WINDOWS\System32\Drivers\fstqavoe.sys C:\WINDOWS\System32\Drivers\hlngligu.sys C:\WINDOWS\System32\Drivers\lvqdxvuc.sys C:\WINDOWS\System32\Drivers\mmytnvwh.sys C:\WINDOWS\System32\Drivers\nhicktno.sys C:\WINDOWS\System32\Drivers\npmakexo.sys C:\WINDOWS\System32\Drivers\oalgnlgr.sys C:\WINDOWS\System32\Drivers\olqnbruw.sys C:\WINDOWS\System32\Drivers\oppzpbyh.sys C:\WINDOWS\System32\Drivers\peeinjsy.sys C:\WINDOWS\System32\Drivers\ujbysnht.sys C:\WINDOWS\system32\drivers\vaxscsi.sys C:\WINDOWS\Tasks\AppleSoftwareUpdate.job C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-813497703-682003330-1004.job C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-813497703-682003330-500.job C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-813497703-682003330-1004.job C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-813497703-682003330-500.job C:\WINDOWS\Tasks\{748E369E-A13B-41E6-9C81-CDE9FDECCFD3}_HOME-263714380A_Administrator.job C:\WINDOWS\Tasks\{B1331913-A647-495C-9CE1-BAAB9D0AADE3}_HOME-263714380A_Administrator.job C:\WINDOWS\Tasks\{F0D56A87-3F60-459F-9333-35CC0CF02483}_HOME-263714380A_Administrator.job DDS:: uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2786678 Firefox:: FF - ProfilePath - C:\Documents and Settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT27866 ... hSource=13 FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu
ComboFix 11-02-26.01 - aaa 26.02.2011 13:33:05.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.436 [GMT 1:00]
Spuštěný z: c:\documents and settings\aaa.HOME-263714380A.000\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\aaa.HOME-263714380A.000\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\System32\Drivers\axkbagqb.sys"
"c:\windows\System32\Drivers\cghndbfn.sys"
"c:\windows\System32\Drivers\clmnnhhr.sys"
"c:\windows\System32\Drivers\cqdevcvp.sys"
"c:\windows\System32\Drivers\fbyflzyt.sys"
"c:\windows\System32\Drivers\fstqavoe.sys"
"c:\windows\System32\Drivers\hlngligu.sys"
"c:\windows\System32\Drivers\lvqdxvuc.sys"
"c:\windows\System32\Drivers\mmytnvwh.sys"
"c:\windows\System32\Drivers\nhicktno.sys"
"c:\windows\System32\Drivers\npmakexo.sys"
"c:\windows\System32\Drivers\oalgnlgr.sys"
"c:\windows\System32\Drivers\olqnbruw.sys"
"c:\windows\System32\Drivers\oppzpbyh.sys"
"c:\windows\System32\Drivers\peeinjsy.sys"
"c:\windows\System32\Drivers\ujbysnht.sys"
"c:\windows\system32\drivers\vaxscsi.sys"
"c:\windows\system32\fojarov.exe"
"c:\windows\Tasks\{748E369E-A13B-41E6-9C81-CDE9FDECCFD3}_HOME-263714380A_Administrator.job"
"c:\windows\Tasks\{B1331913-A647-495C-9CE1-BAAB9D0AADE3}_HOME-263714380A_Administrator.job"
"c:\windows\Tasks\{F0D56A87-3F60-459F-9333-35CC0CF02483}_HOME-263714380A_Administrator.job"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-813497703-682003330-1004.job"
"c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-813497703-682003330-500.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-813497703-682003330-1004.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-813497703-682003330-500.job"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\audiograbber\audiograbber.exe
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.idl
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.js
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.xpt
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.xpt
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\alertSettingsComponent.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\appContextMenu.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\engineContextMenu.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\engineSettings.json
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\fbAlert.js
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\getAppsContextMenu.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\postAppsContextMenu.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\toolbarContextMenu.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\unsharedAppsContextMenu.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome.manifest
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\install.rdf
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\lib\xpcom.js
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\manifest.mf
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.rsa
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.sf
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.gif
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.ico
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.PNG
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.src
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\setup.ini
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\version.txt
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\z.xml
c:\program files\ICQ6Toolbar\
c:\program files\ICQ6Toolbar\\config.xml
c:\program files\ICQ6Toolbar\\Icons.bmp
c:\program files\ICQ6Toolbar\\ICQ Service.exe
c:\program files\ICQ6Toolbar\\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\\ICQToolBar.dll
c:\program files\ICQ6Toolbar\\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\\logo_small.gif
c:\program files\ICQ6Toolbar\\ServiceStarter.exe
c:\program files\ICQ6Toolbar\\short.wav
c:\program files\ICQ6Toolbar\\Version.txt
c:\program files\Trojan Remover
c:\program files\Trojan Remover\rmt.dta
c:\program files\Trojan Remover\Rmvtrjan.exe
c:\program files\Trojan Remover\Sschk.exe
c:\program files\Trojan Remover\trjhelp.chm
c:\program files\Trojan Remover\Trjscan.exe
c:\program files\Trojan Remover\Trshlex.dll
c:\program files\Trojan Remover\trunins.exe
c:\program files\Trojan Remover\trupd.exe
c:\program files\Trojan Remover\unins000.dat
c:\program files\Trojan Remover\unins000.exe
c:\program files\Trojan Remover\unins000.msg
c:\program files\uTorrentBar
c:\program files\uTorrentBar\GottenAppsContextMenu.xml
c:\program files\uTorrentBar\INSTALL.LOG
c:\program files\uTorrentBar\OtherAppsContextMenu.xml
c:\program files\uTorrentBar\SharedAppsContextMenu.xml
c:\program files\uTorrentBar\tbuTor.dll
c:\program files\uTorrentBar\toolbar.cfg
c:\program files\uTorrentBar\ToolbarContextMenu.xml
c:\program files\uTorrentBar\UNWISE.EXE
c:\program files\uTorrentBar\uTorrentBarToolbarHelper.exe
c:\windows\system32\drivers\vaxscsi.sys
c:\windows\Tasks\{748E369E-A13B-41E6-9C81-CDE9FDECCFD3}_HOME-263714380A_Administrator.job
c:\windows\Tasks\{B1331913-A647-495C-9CE1-BAAB9D0AADE3}_HOME-263714380A_Administrator.job
c:\windows\Tasks\{F0D56A87-3F60-459F-9333-35CC0CF02483}_HOME-263714380A_Administrator.job
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-813497703-682003330-1004.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-813497703-682003330-500.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-813497703-682003330-1004.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-813497703-682003330-500.job
.
---- Předchozí spuštění -------
.
c:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
c:\documents and settings\Administrator\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Administrator\secupdat.dat
c:\program files\INSTALL.LOG
c:\windows\dbxesellerate.exe
c:\windows\system\winspool.drv
c:\windows\system32\secupdat.dat
c:\windows\system32\spool\prtprocs\w32x86\2B.tmp
c:\windows\system32\spool\prtprocs\w32x86\2C.tmp
c:\windows\system32\stera.job
-- Předchozí spuštění --
Nakažená kopie c:\windows\system32\msgsvc.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\msgsvc.dll
--------
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_KSI32SK
-------\Legacy_CGHNDBFN
-------\Legacy_CLMNNHHR
-------\Legacy_CQDEVCVP
-------\Legacy_EMIFZECB
-------\Legacy_GUPDATE1C9AAE062F2BD6D
-------\Legacy_ICQ_SERVICE
-------\Legacy_LVQDXVUC
-------\Legacy_MISUUXJE
-------\Legacy_NJUDERNQ
-------\Legacy_NLVWQDFU
-------\Legacy_OIQMRTBZ
-------\Legacy_PEEINJSY
-------\Legacy_YZSAEYMW3IS
-------\Service_axkbagqb
-------\Service_cghndbfn
-------\Service_clmnnhhr
-------\Service_cqdevcvp
-------\Service_emifzecb
-------\Service_fbyflzyt
-------\Service_fstqavoe
-------\Service_gupdate1c9aae062f2bd6d
-------\Service_hlngligu
-------\Service_ICQ Service
-------\Service_iiknqkvv
-------\Service_lvqdxvuc
-------\Service_misuuxje
-------\Service_mmytnvwh
-------\Service_nhicktno
-------\Service_njudernq
-------\Service_nlvwqdfu
-------\Service_npmakexo
-------\Service_oalgnlgr
-------\Service_oiqmrtbz
-------\Service_olqnbruw
-------\Service_oppzpbyh
-------\Service_peeinjsy
-------\Service_ujbysnht
-------\Service_vaxscsi
-------\Service_yzsaeymw3is
-------\Service_zlmuncig
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-26 do 2011-02-26 )))))))))))))))))))))))))))))))
.
2013-01-01 09:28 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-01 09:28 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-01 09:28 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-01-01 09:28 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-01 09:28 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2013-01-01 09:28 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2013-01-01 09:28 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2013-01-01 09:27 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2013-01-01 09:27 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-01 09:04 . 2013-01-01 09:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 14:56 . 2005-02-22 16:52 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-11-30 18:51 . 2010-11-30 18:51 0 ----a-w- c:\windows\system32\drivers\driscjch.sys
2010-11-30 13:26 . 2010-11-30 13:26 0 ----a-w- c:\windows\system32\drivers\isursbou.sys
2010-11-29 18:25 . 2010-11-29 18:25 0 ----a-w- c:\windows\system32\drivers\nabzrrok.sys
2010-11-28 22:10 . 2010-11-28 22:10 0 ----a-w- c:\windows\system32\drivers\tasbkmsc.sys
2010-11-28 20:10 . 2010-11-28 20:10 0 ----a-w- c:\windows\system32\drivers\hkdfxsci.sys
2010-11-04 14:06 . 2010-11-04 14:06 8397352 ----a-w- c:\program files\Firefox Setup 3.6.12.exe
2009-11-22 20:36 . 2009-11-22 20:36 32494896 ----a-w- c:\program files\QuickTimeInstaller.exe
2009-01-01 13:42 . 2009-01-01 13:42 774144 ----a-w- c:\program files\RngInterstitial.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"PVR Agent"="c:\program files\MSI\TV@Anywhere Plus\TVR\Scheduled.exe" [2005-04-29 748032]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 344064]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [BU]
"tessij"="c:\windows\system32\pydoufojas.exe" [BU]
"AutoStart"="c:\docume~1\ADMINI~1\LOCALS~1\Temp\7700188.exe" [BU]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ImageMixer 3 SE Camera Monitor for SD.lnk - c:\program files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe [2009-12-20 253952]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0stera
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\ABC\\abc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\Alcohol 120\\StarWind\\StarWindServiceAE.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.3.2006 16:44 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [22.2.2005 17:52 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.1.2013 10:28 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.1.2013 10:28 19544]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [14.2.2007 11:27 685824]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
FF - ProfilePath - c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
Toolbar-Locked - (no file)
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-Trojan Remover_is1 - c:\program files\Trojan Remover\unins000.exe
AddRemove-uTorrentBar Toolbar - c:\progra~1\UTORRE~1\UNWISE.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-26 13:45
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
C:\## aswSnx private storage
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1768)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Microsoft ActiveSync\WCESCOMM.EXE
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\documents and settings\Administrator\Plocha\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-02-26 13:49:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-26 12:49
Před spuštěním: Volných bajtů: 16 627 298 304
Po spuštění: Volných bajtů: 16 783 503 360
- - End Of File - - A9A9EAA898CDC3265B749752556C644F
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.436 [GMT 1:00]
Spuštěný z: c:\documents and settings\aaa.HOME-263714380A.000\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\aaa.HOME-263714380A.000\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\System32\Drivers\axkbagqb.sys"
"c:\windows\System32\Drivers\cghndbfn.sys"
"c:\windows\System32\Drivers\clmnnhhr.sys"
"c:\windows\System32\Drivers\cqdevcvp.sys"
"c:\windows\System32\Drivers\fbyflzyt.sys"
"c:\windows\System32\Drivers\fstqavoe.sys"
"c:\windows\System32\Drivers\hlngligu.sys"
"c:\windows\System32\Drivers\lvqdxvuc.sys"
"c:\windows\System32\Drivers\mmytnvwh.sys"
"c:\windows\System32\Drivers\nhicktno.sys"
"c:\windows\System32\Drivers\npmakexo.sys"
"c:\windows\System32\Drivers\oalgnlgr.sys"
"c:\windows\System32\Drivers\olqnbruw.sys"
"c:\windows\System32\Drivers\oppzpbyh.sys"
"c:\windows\System32\Drivers\peeinjsy.sys"
"c:\windows\System32\Drivers\ujbysnht.sys"
"c:\windows\system32\drivers\vaxscsi.sys"
"c:\windows\system32\fojarov.exe"
"c:\windows\Tasks\{748E369E-A13B-41E6-9C81-CDE9FDECCFD3}_HOME-263714380A_Administrator.job"
"c:\windows\Tasks\{B1331913-A647-495C-9CE1-BAAB9D0AADE3}_HOME-263714380A_Administrator.job"
"c:\windows\Tasks\{F0D56A87-3F60-459F-9333-35CC0CF02483}_HOME-263714380A_Administrator.job"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-813497703-682003330-1004.job"
"c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-813497703-682003330-500.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-813497703-682003330-1004.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-813497703-682003330-500.job"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\audiograbber\audiograbber.exe
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.idl
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.js
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.xpt
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.xpt
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\alertSettingsComponent.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\appContextMenu.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\engineContextMenu.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\engineSettings.json
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\fbAlert.js
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\getAppsContextMenu.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\postAppsContextMenu.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\toolbarContextMenu.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\unsharedAppsContextMenu.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome.manifest
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\install.rdf
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\lib\xpcom.js
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\manifest.mf
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.rsa
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.sf
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.gif
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.ico
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.PNG
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.src
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\setup.ini
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\version.txt
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\PriceGong\Data\z.xml
c:\program files\ICQ6Toolbar\
c:\program files\ICQ6Toolbar\\config.xml
c:\program files\ICQ6Toolbar\\Icons.bmp
c:\program files\ICQ6Toolbar\\ICQ Service.exe
c:\program files\ICQ6Toolbar\\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\\ICQToolBar.dll
c:\program files\ICQ6Toolbar\\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\\logo_small.gif
c:\program files\ICQ6Toolbar\\ServiceStarter.exe
c:\program files\ICQ6Toolbar\\short.wav
c:\program files\ICQ6Toolbar\\Version.txt
c:\program files\Trojan Remover
c:\program files\Trojan Remover\rmt.dta
c:\program files\Trojan Remover\Rmvtrjan.exe
c:\program files\Trojan Remover\Sschk.exe
c:\program files\Trojan Remover\trjhelp.chm
c:\program files\Trojan Remover\Trjscan.exe
c:\program files\Trojan Remover\Trshlex.dll
c:\program files\Trojan Remover\trunins.exe
c:\program files\Trojan Remover\trupd.exe
c:\program files\Trojan Remover\unins000.dat
c:\program files\Trojan Remover\unins000.exe
c:\program files\Trojan Remover\unins000.msg
c:\program files\uTorrentBar
c:\program files\uTorrentBar\GottenAppsContextMenu.xml
c:\program files\uTorrentBar\INSTALL.LOG
c:\program files\uTorrentBar\OtherAppsContextMenu.xml
c:\program files\uTorrentBar\SharedAppsContextMenu.xml
c:\program files\uTorrentBar\tbuTor.dll
c:\program files\uTorrentBar\toolbar.cfg
c:\program files\uTorrentBar\ToolbarContextMenu.xml
c:\program files\uTorrentBar\UNWISE.EXE
c:\program files\uTorrentBar\uTorrentBarToolbarHelper.exe
c:\windows\system32\drivers\vaxscsi.sys
c:\windows\Tasks\{748E369E-A13B-41E6-9C81-CDE9FDECCFD3}_HOME-263714380A_Administrator.job
c:\windows\Tasks\{B1331913-A647-495C-9CE1-BAAB9D0AADE3}_HOME-263714380A_Administrator.job
c:\windows\Tasks\{F0D56A87-3F60-459F-9333-35CC0CF02483}_HOME-263714380A_Administrator.job
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-813497703-682003330-1004.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-813497703-682003330-500.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-813497703-682003330-1004.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-813497703-682003330-500.job
.
---- Předchozí spuštění -------
.
c:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
c:\documents and settings\Administrator\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Administrator\secupdat.dat
c:\program files\INSTALL.LOG
c:\windows\dbxesellerate.exe
c:\windows\system\winspool.drv
c:\windows\system32\secupdat.dat
c:\windows\system32\spool\prtprocs\w32x86\2B.tmp
c:\windows\system32\spool\prtprocs\w32x86\2C.tmp
c:\windows\system32\stera.job
-- Předchozí spuštění --
Nakažená kopie c:\windows\system32\msgsvc.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\msgsvc.dll
--------
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_KSI32SK
-------\Legacy_CGHNDBFN
-------\Legacy_CLMNNHHR
-------\Legacy_CQDEVCVP
-------\Legacy_EMIFZECB
-------\Legacy_GUPDATE1C9AAE062F2BD6D
-------\Legacy_ICQ_SERVICE
-------\Legacy_LVQDXVUC
-------\Legacy_MISUUXJE
-------\Legacy_NJUDERNQ
-------\Legacy_NLVWQDFU
-------\Legacy_OIQMRTBZ
-------\Legacy_PEEINJSY
-------\Legacy_YZSAEYMW3IS
-------\Service_axkbagqb
-------\Service_cghndbfn
-------\Service_clmnnhhr
-------\Service_cqdevcvp
-------\Service_emifzecb
-------\Service_fbyflzyt
-------\Service_fstqavoe
-------\Service_gupdate1c9aae062f2bd6d
-------\Service_hlngligu
-------\Service_ICQ Service
-------\Service_iiknqkvv
-------\Service_lvqdxvuc
-------\Service_misuuxje
-------\Service_mmytnvwh
-------\Service_nhicktno
-------\Service_njudernq
-------\Service_nlvwqdfu
-------\Service_npmakexo
-------\Service_oalgnlgr
-------\Service_oiqmrtbz
-------\Service_olqnbruw
-------\Service_oppzpbyh
-------\Service_peeinjsy
-------\Service_ujbysnht
-------\Service_vaxscsi
-------\Service_yzsaeymw3is
-------\Service_zlmuncig
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-26 do 2011-02-26 )))))))))))))))))))))))))))))))
.
2013-01-01 09:28 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-01 09:28 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-01 09:28 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-01-01 09:28 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-01 09:28 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2013-01-01 09:28 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2013-01-01 09:28 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2013-01-01 09:27 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2013-01-01 09:27 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-01 09:04 . 2013-01-01 09:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 14:56 . 2005-02-22 16:52 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-11-30 18:51 . 2010-11-30 18:51 0 ----a-w- c:\windows\system32\drivers\driscjch.sys
2010-11-30 13:26 . 2010-11-30 13:26 0 ----a-w- c:\windows\system32\drivers\isursbou.sys
2010-11-29 18:25 . 2010-11-29 18:25 0 ----a-w- c:\windows\system32\drivers\nabzrrok.sys
2010-11-28 22:10 . 2010-11-28 22:10 0 ----a-w- c:\windows\system32\drivers\tasbkmsc.sys
2010-11-28 20:10 . 2010-11-28 20:10 0 ----a-w- c:\windows\system32\drivers\hkdfxsci.sys
2010-11-04 14:06 . 2010-11-04 14:06 8397352 ----a-w- c:\program files\Firefox Setup 3.6.12.exe
2009-11-22 20:36 . 2009-11-22 20:36 32494896 ----a-w- c:\program files\QuickTimeInstaller.exe
2009-01-01 13:42 . 2009-01-01 13:42 774144 ----a-w- c:\program files\RngInterstitial.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"PVR Agent"="c:\program files\MSI\TV@Anywhere Plus\TVR\Scheduled.exe" [2005-04-29 748032]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 344064]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [BU]
"tessij"="c:\windows\system32\pydoufojas.exe" [BU]
"AutoStart"="c:\docume~1\ADMINI~1\LOCALS~1\Temp\7700188.exe" [BU]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ImageMixer 3 SE Camera Monitor for SD.lnk - c:\program files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe [2009-12-20 253952]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0stera
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\ABC\\abc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\Alcohol 120\\StarWind\\StarWindServiceAE.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.3.2006 16:44 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [22.2.2005 17:52 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.1.2013 10:28 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.1.2013 10:28 19544]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [14.2.2007 11:27 685824]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
FF - ProfilePath - c:\documents and settings\aaa.HOME-263714380A.000\Data aplikací\Mozilla\Firefox\Profiles\6u20mnxe.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
Toolbar-Locked - (no file)
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-Trojan Remover_is1 - c:\program files\Trojan Remover\unins000.exe
AddRemove-uTorrentBar Toolbar - c:\progra~1\UTORRE~1\UNWISE.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-26 13:45
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
C:\## aswSnx private storage
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1768)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Microsoft ActiveSync\WCESCOMM.EXE
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\documents and settings\Administrator\Plocha\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-02-26 13:49:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-26 12:49
Před spuštěním: Volných bajtů: 16 627 298 304
Po spuštění: Volných bajtů: 16 783 503 360
- - End Of File - - A9A9EAA898CDC3265B749752556C644F
Re: Prosím o kontrolu logu
Neaplikoval jste nejaky crack ci neco podobneho - zas se Vam tam dostalo haveti hruza Dalsi skript pro ComboFix - postup stejny
Kód: Vybrat vše
KillAll::
File::
c:\windows\system32\drivers\driscjch.sys
c:\windows\system32\drivers\isursbou.sys
c:\windows\system32\drivers\nabzrrok.sys
c:\windows\system32\drivers\tasbkmsc.sys
c:\windows\system32\drivers\hkdfxsci.sys
c:\windows\system32\pydoufojas.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\7700188.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=-
"NBKeyScan"=-
"tessij"=-
"AutoStart"=-
Reboot::"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?