Logfile of random's system information tool 1.08 (written by random/random)
Run by Mirek at 2011-01-21 14:37:16
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 94 GB (72%) free of 130 GB
Total RAM: 1023 MB (35% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:37:44, on 21.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17093)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\arservice.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS.0\system32\FsUsbExService.Exe
C:\WINDOWS.0\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\IoctlSvc.exe
C:\WINDOWS.0\System32\PAStiSvc.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Program Files\Vista Components\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Total Commander\TOTALCMD.EXE
C:\Program Files\Lunascape\Lunascape6\Luna.exe
D:\Stahnute\RSIT.exe
C:\Program Files\trend micro\Mirek.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer - Microsoft Windows XP 2009 Ultra Edition
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Components\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TNOD UP] "C:\Program Files\TNod User & Password Finder\TNODUP.exe" /i
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: JDownloader.lnk = C:\Program Files\JDownloader\JDownloader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.0\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.0\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS.0\system32\FsUsbExService.Exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS.0\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS.0\System32\PAStiSvc.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
--
End of file - 7355 bytes
======Scheduled tasks folder======
C:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-507921405-842925246-1006Core.job
C:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-507921405-842925246-1006UA.job
C:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-507921405-842925246-1008Core.job
C:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-507921405-842925246-1008UA.job
C:\WINDOWS.0\tasks\MP Scheduled Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-23 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-10-23 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DrvIcon"=C:\Program Files\Vista Components\Vista Drive Icon\DrvIcon.exe [2007-07-04 45056]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"nwiz"=nwiz.exe /install []
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-11-08 2219184]
"TNOD UP"=C:\Program Files\TNod User & Password Finder\TNODUP.exe [2010-04-01 1811968]
"NvCplDaemon"=C:\WINDOWS.0\system32\NvCpl.dll [2004-09-30 4603904]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS.0\system32\ctfmon.exe [2008-10-19 66560]
""= []
"ccleaner"=C:\Program Files\CCleaner\CCleaner.exe [2010-11-24 2155832]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4StoryPrePatch]
C:\Program Files\Gameforge4D\4Story\PrePatch.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-12-10 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Mirek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-10-23 136176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2010-09-02 672632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2010-08-24 247144]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~1\Office10\OSA.EXE [2001-02-13 83360]
C:\Documents and Settings\Mirek\Nabídka Start\Programy\Po spuštění
JDownloader.lnk - C:\Program Files\JDownloader\JDownloader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS.0\system32\WgaLogon.dll [2008-09-24 267304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\wpdshserviceobj.dll [2008-09-23 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS.0\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS.0\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2011-01-21 14:37:19 ----D---- C:\Program Files\trend micro
2011-01-21 14:37:16 ----D---- C:\rsit
2011-01-21 14:23:30 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\CA
2011-01-20 13:57:13 ----D---- C:\TomTom
2011-01-20 07:48:15 ----A---- C:\WINDOWS.0\CSTRACE.txt
2011-01-20 07:47:35 ----A---- C:\WINDOWS.0\system32\viofil.dll
2011-01-20 07:47:35 ----A---- C:\WINDOWS.0\system32\vgamfil.dll
2011-01-20 07:47:35 ----A---- C:\WINDOWS.0\system32\srchout.dll
2011-01-20 07:47:35 ----A---- C:\WINDOWS.0\system32\srchin.dll
2011-01-20 07:47:35 ----A---- C:\WINDOWS.0\system32\snetfil.dll
2011-01-20 07:47:35 ----A---- C:\WINDOWS.0\system32\picsfil.dll
2011-01-20 07:47:35 ----A---- C:\WINDOWS.0\system32\lgwfil.dll
2011-01-20 07:47:35 ----A---- C:\WINDOWS.0\system32\imgfil.dll
2011-01-20 07:47:35 ----A---- C:\WINDOWS.0\system32\iawfil.dll
2011-01-20 07:47:35 ----A---- C:\WINDOWS.0\system32\chtfil.dll
2011-01-20 07:47:35 ----A---- C:\WINDOWS.0\system32\hatfil.dll
2011-01-20 07:47:35 ----A---- C:\WINDOWS.0\system32\gdwfil.dll
2011-01-20 07:47:35 ----A---- C:\WINDOWS.0\system32\gblfil.dll
2011-01-20 07:47:35 ----A---- C:\WINDOWS.0\system32\cultfil.dll
2011-01-20 07:47:35 ----A---- C:\WINDOWS.0\system32\adwfil.dll
2011-01-20 07:47:35 ----A---- C:\WINDOWS.0\bsnlst.dll
2011-01-20 07:47:31 ----A---- C:\WINDOWS.0\system32\Sporder.dll
2011-01-20 07:47:31 ----A---- C:\WINDOWS.0\system32\mslspc.exe
2011-01-20 07:47:31 ----A---- C:\WINDOWS.0\system32\lspcs.dll
2011-01-20 07:47:31 ----A---- C:\WINDOWS.0\sqlite3.dll
2011-01-20 07:47:31 ----A---- C:\WINDOWS.0\Cyb2k.exe
2011-01-20 07:47:30 ----D---- C:\WINDOWS.0\NISDocs
2011-01-20 07:47:24 ----D---- C:\WINDOWS.0\system32\Logs
2011-01-13 18:20:46 ----D---- C:\Program Files\Adobe
2011-01-12 08:42:18 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2419632$
2011-01-10 19:05:16 ----D---- C:\Program Files\TuneUp Utilities 2011
2011-01-10 18:43:47 ----SHD---- C:\Config.Msi
2011-01-03 18:32:50 ----A---- C:\WINDOWS.0\system32\uxtuneup.dll
2011-01-03 18:28:57 ----A---- C:\WINDOWS.0\system32\TURegOpt.exe
2011-01-03 18:27:44 ----SHD---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2010-12-22 17:18:11 ----D---- C:\ProgramData
2010-12-22 17:18:11 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Electronic Arts
2010-12-22 17:17:04 ----D---- C:\Program Files\Electronic Arts
2010-12-22 17:15:46 ----D---- C:\Documents and Settings\Mirek\Data aplikací\Leadertech
2010-12-22 17:03:26 ----D---- C:\Program Files\EA Sports
======List of files/folders modified in the last 1 months======
2011-01-21 14:37:20 ----D---- C:\WINDOWS.0\Temp
2011-01-21 14:37:19 ----RD---- C:\Program Files
2011-01-21 14:37:08 ----D---- C:\WINDOWS.0\Prefetch
2011-01-21 14:23:30 ----SD---- C:\WINDOWS.0\Downloaded Program Files
2011-01-21 14:23:28 ----D---- C:\WINDOWS.0
2011-01-21 14:16:54 ----A---- C:\WINDOWS.0\WINCMD.INI
2011-01-21 14:07:28 ----D---- C:\WINDOWS.0\system32\CatRoot2
2011-01-21 14:07:24 ----SD---- C:\WINDOWS.0\Tasks
2011-01-21 14:06:33 ----D---- C:\WINDOWS.0\system32\inetsrv
2011-01-21 14:03:36 ----N---- C:\WINDOWS.0\SchedLgU.Txt
2011-01-21 13:50:11 ----D---- C:\Documents and Settings\Mirek\Data aplikací\ICQ
2011-01-21 07:58:27 ----SH---- C:\boot.ini
2011-01-21 07:58:27 ----A---- C:\WINDOWS.0\win.ini
2011-01-21 07:58:27 ----A---- C:\WINDOWS.0\system.ini
2011-01-21 07:14:57 ----D---- C:\Program Files\JDownloader
2011-01-21 05:30:31 ----D---- C:\WINDOWS.0\Registration
2011-01-20 20:14:55 ----A---- C:\WINDOWS.0\NeroDigital.ini
2011-01-20 17:00:01 ----D---- C:\Documents and Settings\Mirek\Data aplikací\Skype
2011-01-20 16:33:49 ----D---- C:\Documents and Settings\Mirek\Data aplikací\skypePM
2011-01-20 16:17:12 ----A---- C:\WINDOWS.0\msicpl.ini
2011-01-20 10:31:00 ----A---- C:\fftrlog.txt
2011-01-20 10:30:07 ----D---- C:\Program Files\Recepty doma
2011-01-20 07:47:35 ----D---- C:\WINDOWS.0\system32
2011-01-15 13:32:28 ----HD---- C:\WINDOWS.0\inf
2011-01-15 13:31:42 ----A---- C:\WINDOWS.0\ModemLog_SAMSUNG USB Mobile Modem.txt
2011-01-13 18:23:26 ----SHD---- C:\WINDOWS.0\Installer
2011-01-13 18:21:11 ----D---- C:\Program Files\Common Files\Adobe
2011-01-13 18:21:08 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Adobe
2011-01-12 09:52:35 ----D---- C:\WINDOWS.0\Debug
2011-01-12 08:42:45 ----A---- C:\WINDOWS.0\system32\MRT.exe
2011-01-12 08:42:29 ----RSHDC---- C:\WINDOWS.0\system32\dllcache
2011-01-12 08:33:53 ----HD---- C:\WINDOWS.0\$hf_mig$
2011-01-10 18:50:36 ----D---- C:\Documents and Settings
2011-01-07 05:27:50 ----D---- C:\WINDOWS.0\repair
2011-01-07 05:24:33 ----D---- C:\WINDOWS.0\system32\NtmsData
2011-01-06 09:57:20 ----D---- C:\Program Files\Microsoft Silverlight
2011-01-06 07:56:31 ----D---- C:\WINDOWS.0\system32\CatRoot
2011-01-06 07:55:14 ----D---- C:\WINDOWS.0\system32\cs-cz
2011-01-03 18:33:27 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\TuneUp Software
2011-01-03 18:28:30 ----D---- C:\Documents and Settings\Mirek\Data aplikací\TuneUp Software
2011-01-03 17:46:20 ----D---- C:\WINDOWS.0\system32\drivers
2010-12-22 17:04:09 ----D---- C:\WINDOWS.0\system32\DirectX
2010-12-22 17:03:49 ----RSD---- C:\WINDOWS.0\assembly
2010-12-22 16:52:25 ----D---- C:\Documents and Settings\Mirek\Data aplikací\Winamp
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 a347bus;a347bus; C:\WINDOWS.0\system32\DRIVERS\a347bus.sys [2004-04-30 160640]
R0 a347scsi;a347scsi; C:\WINDOWS.0\System32\Drivers\a347scsi.sys [2004-04-30 5248]
R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS.0\system32\DRIVERS\nv_agp.sys [2003-03-19 18688]
R0 PxHelp20;PxHelp20; C:\WINDOWS.0\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS.0\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 DumaNT;NVIDIA Stereo Helper Service; C:\WINDOWS.0\system32\DRIVERS\dumant.sys [2002-11-18 399700]
R1 ehdrv;ehdrv; C:\WINDOWS.0\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdi;epfwtdi; C:\WINDOWS.0\system32\DRIVERS\epfwtdi.sys [2010-08-03 55256]
R1 nvport;NVIDIA PORT IO Control Driver; \??\C:\WINDOWS.0\system32\Drivers\nvport.sys []
R1 PQNTDrv;PQNTDrv; C:\WINDOWS.0\system32\drivers\PQNTDrv.sys [2001-08-10 3252]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS.0\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 eamon;eamon; C:\WINDOWS.0\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 epfw;epfw; C:\WINDOWS.0\system32\DRIVERS\epfw.sys [2010-07-29 134512]
R3 aracpi;aracpi; C:\WINDOWS.0\system32\DRIVERS\aracpi.sys [2008-11-05 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS.0\system32\DRIVERS\arhidfltr.sys [2008-11-05 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS.0\system32\DRIVERS\arkbcfltr.sys [2008-11-05 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS.0\system32\DRIVERS\armoucfltr.sys [2008-11-05 4992]
R3 ARPolicy;ARPolicy; C:\WINDOWS.0\system32\DRIVERS\arpolicy.sys [2008-11-05 10112]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS.0\system32\DRIVERS\Epfwndis.sys [2010-07-29 32608]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS.0\system32\FsUsbExDisk.SYS []
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS.0\system32\DRIVERS\L8042Kbd.sys [2006-07-19 13568]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS.0\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys [2004-09-30 2743840]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS.0\system32\drivers\nvax.sys [2003-10-24 38784]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS.0\system32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS.0\system32\drivers\nvapu.sys [2003-10-24 311936]
R3 PAC207;VideoCAM GE111; C:\WINDOWS.0\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
R3 pfc;Padus ASPI Shell; C:\WINDOWS.0\system32\drivers\pfc.sys [2006-03-29 9856]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS.0\system32\DRIVERS\teamviewervpn.sys [2010-11-30 25088]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys []
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS.0\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS.0\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS.0\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS.0\system32\drivers\EagleXNt.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 MHNDRV;Ovladač platformy MHN; C:\WINDOWS.0\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS.0\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS.0\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS.0\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS.0\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS.0\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS.0\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS.0\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS.0\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 streamip;BDA IPSink; C:\WINDOWS.0\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS.0\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbser;USB Modem Driver; C:\WINDOWS.0\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS.0\system32\DRIVERS\usbser_lowerfltj.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS.0\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S3 WimFltr;WimFltr; C:\WINDOWS.0\system32\DRIVERS\wimfltr.sys [2008-01-18 131000]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS.0\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS.0\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ARSVC;ARSVC; C:\WINDOWS.0\arservice.exe [2008-11-05 58880]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-11-08 810144]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS.0\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS.0\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS.0\system32\nvsvc32.exe [2004-09-30 127043]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS.0\system32\IoctlSvc.exe [2006-12-19 81920]
R2 STI Simulator;STI Simulator; C:\WINDOWS.0\System32\PAStiSvc.exe [2005-01-14 53248]
R2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-14 2250616]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
R2 W3SVC;Publikování na webu; C:\WINDOWS.0\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336]
S2 McrdSvc;Media Center Extender Service; C:\WINDOWS.0\ehome\mcrdsvc.exe [2005-08-05 99328]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS.0\eHome\ehRecvr.exe [2008-10-10 238592]
S3 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS.0\eHome\ehSched.exe [2005-08-05 103424]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-11-08 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-10-23 153376]
S3 MHN;MHN; C:\WINDOWS.0\System32\svchost.exe [2008-04-14 14336]
S3 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S3 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS.0\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Padá PC. Prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119400
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Padá PC. Prosím o kontrolu
Nic nebezpečného není vidět. Dává PC nějakou hlášku před pádem? PC se vypne, či spadne do modré obrazovky?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Padá PC. Prosím o kontrolu
Problém s PC jsem vyřešil ale padá IE i Chrome, neustále se restartuje, a nelze se připojit ani k internetu, musel jsem instalovat Lunascpe abych mohl na internet.
-
Rudy
- Site Admin
- Příspěvky: 119400
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Padá PC. Prosím o kontrolu
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Padá PC. Prosím o kontrolu
Až v nouzovém režimu:
ComboFix 11-01-22.01 - Mirek 22.01.2011 19:37:01.3.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.768 [GMT 0:00]
Spuštěný z: c:\documents and settings\Mirek\Plocha\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows.0\sqlite3.dll
c:\windows.0\system32\Cache
c:\windows.0\regedit.exe . . . je infikován!!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-22 do 2011-01-22 )))))))))))))))))))))))))))))))
.
2011-01-21 15:42 . 2011-01-21 15:42 -------- d-----w- c:\program files\Panda Security
2011-01-21 14:37 . 2011-01-21 14:37 -------- d-----w- c:\program files\trend micro
2011-01-21 14:37 . 2011-01-21 14:37 -------- d-----w- C:\rsit
2011-01-21 14:23 . 2011-01-21 14:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\CA
2011-01-21 07:30 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\Microsoft\Windows Defender\Definition Updates\{DF50E972-46C4-4D84-8D28-AEF8325726AF}\mpengine.dll
2011-01-20 13:57 . 2011-01-20 13:59 -------- d-----w- C:\TomTom
2011-01-10 19:05 . 2011-01-10 19:08 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-01-03 18:32 . 2010-12-14 14:39 29504 ----a-w- c:\windows.0\system32\uxtuneup.dll
2011-01-03 18:28 . 2010-12-14 14:43 31552 ----a-w- c:\windows.0\system32\TURegOpt.exe
2011-01-03 18:27 . 2011-01-03 18:27 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 20:45 . 2007-10-25 17:26 5632 ----a-w- c:\windows.0\system32\drivers\StarOpen.sys
2010-11-30 16:07 . 2010-12-10 12:24 25088 ----a-w- c:\windows.0\system32\drivers\teamviewervpn.sys
2010-11-18 18:15 . 2010-10-23 09:26 81920 ----a-w- c:\windows.0\system32\isign32.dll
2010-11-10 04:33 . 2010-10-23 12:03 6273872 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-09 14:52 . 2008-04-14 07:51 249856 ----a-w- c:\windows.0\system32\odbc32.dll
2010-11-06 00:25 . 2008-10-16 19:33 832512 ----a-w- c:\windows.0\system32\wininet.dll
2010-11-06 00:25 . 2008-10-16 19:33 1830912 ----a-w- c:\windows.0\system32\inetcpl.cpl
2010-11-06 00:25 . 2008-09-22 15:46 78336 ----a-w- c:\windows.0\system32\ieencode.dll
2010-11-06 00:25 . 2008-09-22 15:46 17408 ----a-w- c:\windows.0\system32\corpol.dll
2010-11-03 12:25 . 2008-09-22 15:46 389120 ------w- c:\windows.0\system32\html.iec
2010-11-02 15:17 . 2008-04-13 23:27 40960 ----a-w- c:\windows.0\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2008-04-14 07:37 290048 ----a-w- c:\windows.0\system32\atmfd.dll
2010-10-26 14:04 . 2008-10-17 14:02 1862272 ----a-w- c:\windows.0\system32\win32k.sys
.
------- Sigcheck -------
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows.0\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows.0\system32\drivers\atapi.sys
[-] 2008-10-19 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows.0\system32\winlogon.exe
[-] 2008-10-19 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows.0\system32\user32.dll
[-] 2008-10-19 . DD7E25E20AEBD672DAE7E1D911C2D824 . 1589760 . . [6.00.2900.5512] . . c:\windows.0\explorer.exe
[-] 2008-11-05 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows.0\system32\sfcfiles.dll
[-] 2008-10-19 . 0AB43CE7EFFAD6B4914AE3C1B489AAA1 . 66560 . . [5.1.2600.5512] . . c:\windows.0\system32\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-11-24 2155832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvIcon"="c:\program files\Vista Components\Vista Drive Icon\DrvIcon.exe" [2007-07-04 45056]
"nwiz"="nwiz.exe" [2004-09-30 921600]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-08 2219184]
"TNOD UP"="c:\program files\TNod User & Password Finder\TNODUP.exe" [2010-04-01 1811968]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2004-09-30 4603904]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2008-10-19 66560]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
c:\documents and settings\Mirek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
JDownloader.lnk - c:\program files\JDownloader\JDownloader.exe [2010-7-14 214528]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users.WINDOWS.0\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\i:\0autocheck autochk /r \??\I:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS.0\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows.0\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-12-10 20:46 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ------w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-23 15:06 136176 -----tw- c:\documents and settings\Mirek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 14:06 1840424 ------w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 09:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 09:53 570664 ------w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-09-02 09:26 672632 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ------w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlwaysReady Power Message APP"=ARPWRMSG.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"C2K"=c:\windows.0\Cyb2k.exe
"ehTray"=c:\windows.0\ehome\ehtray.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows.0\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows.0\system32\NvCpl.dll,NvStartup
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
R0 a347bus;a347bus;c:\windows.0\system32\drivers\a347bus.sys [25.10.2010 4:52 160640]
R0 a347scsi;a347scsi;c:\windows.0\system32\drivers\a347scsi.sys [25.10.2010 4:52 5248]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 14:49 13592]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows.0\system32\drivers\teamviewervpn.sys [10.12.2010 12:24 25088]
S1 ehdrv;ehdrv;c:\windows.0\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [8.11.2010 9:50 810144]
S2 FsUsbExService;FsUsbExService;c:\windows.0\system32\FsUsbExService.Exe [8.12.2010 18:57 233472]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [10.12.2010 12:24 2250616]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [14.12.2010 14:41 1517376]
S3 EagleXNt;EagleXNt;\??\c:\windows.0\system32\drivers\EagleXNt.sys --> c:\windows.0\system32\drivers\EagleXNt.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows.0\system32\FsUsbExDisk.Sys [8.12.2010 18:57 36608]
S3 PAC207;VideoCAM GE111;c:\windows.0\system32\drivers\pfc027.sys [8.4.2005 9:46 162176]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows.0\system32\drivers\ss_bbus.sys [10.12.2010 20:33 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows.0\system32\drivers\ss_bmdfl.sys [10.12.2010 20:33 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows.0\system32\drivers\ss_bmdm.sys [10.12.2010 20:33 121856]
S3 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.8.2010 9:38 92008]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [29.11.2010 19:27 10064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2010-11-06 00:25 124928 ----a-w- c:\windows.0\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'
2011-01-22 c:\windows.0\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 14:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows.0\system32\lspcs.dll
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-4StoryPrePatch - c:\program files\Gameforge4D\4Story\PrePatch.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-22 19:45
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1456)
c:\windows.0\system32\SETUPAPI.dll
c:\windows.0\system32\COMRes.dll
c:\windows.0\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1712)
c:\windows.0\system32\SETUPAPI.dll
.
Celkový čas: 2011-01-22 19:47:43
ComboFix-quarantined-files.txt 2011-01-22 19:47
Před spuštěním: Volných bajtů: 104 580 816 896
Po spuštění: Volných bajtů: 105 634 959 360
- - End Of File - - B3169C645A0F7DA6268589DF4D40FB35
ComboFix 11-01-22.01 - Mirek 22.01.2011 19:37:01.3.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.768 [GMT 0:00]
Spuštěný z: c:\documents and settings\Mirek\Plocha\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows.0\sqlite3.dll
c:\windows.0\system32\Cache
c:\windows.0\regedit.exe . . . je infikován!!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-22 do 2011-01-22 )))))))))))))))))))))))))))))))
.
2011-01-21 15:42 . 2011-01-21 15:42 -------- d-----w- c:\program files\Panda Security
2011-01-21 14:37 . 2011-01-21 14:37 -------- d-----w- c:\program files\trend micro
2011-01-21 14:37 . 2011-01-21 14:37 -------- d-----w- C:\rsit
2011-01-21 14:23 . 2011-01-21 14:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\CA
2011-01-21 07:30 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\Microsoft\Windows Defender\Definition Updates\{DF50E972-46C4-4D84-8D28-AEF8325726AF}\mpengine.dll
2011-01-20 13:57 . 2011-01-20 13:59 -------- d-----w- C:\TomTom
2011-01-10 19:05 . 2011-01-10 19:08 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-01-03 18:32 . 2010-12-14 14:39 29504 ----a-w- c:\windows.0\system32\uxtuneup.dll
2011-01-03 18:28 . 2010-12-14 14:43 31552 ----a-w- c:\windows.0\system32\TURegOpt.exe
2011-01-03 18:27 . 2011-01-03 18:27 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 20:45 . 2007-10-25 17:26 5632 ----a-w- c:\windows.0\system32\drivers\StarOpen.sys
2010-11-30 16:07 . 2010-12-10 12:24 25088 ----a-w- c:\windows.0\system32\drivers\teamviewervpn.sys
2010-11-18 18:15 . 2010-10-23 09:26 81920 ----a-w- c:\windows.0\system32\isign32.dll
2010-11-10 04:33 . 2010-10-23 12:03 6273872 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-09 14:52 . 2008-04-14 07:51 249856 ----a-w- c:\windows.0\system32\odbc32.dll
2010-11-06 00:25 . 2008-10-16 19:33 832512 ----a-w- c:\windows.0\system32\wininet.dll
2010-11-06 00:25 . 2008-10-16 19:33 1830912 ----a-w- c:\windows.0\system32\inetcpl.cpl
2010-11-06 00:25 . 2008-09-22 15:46 78336 ----a-w- c:\windows.0\system32\ieencode.dll
2010-11-06 00:25 . 2008-09-22 15:46 17408 ----a-w- c:\windows.0\system32\corpol.dll
2010-11-03 12:25 . 2008-09-22 15:46 389120 ------w- c:\windows.0\system32\html.iec
2010-11-02 15:17 . 2008-04-13 23:27 40960 ----a-w- c:\windows.0\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2008-04-14 07:37 290048 ----a-w- c:\windows.0\system32\atmfd.dll
2010-10-26 14:04 . 2008-10-17 14:02 1862272 ----a-w- c:\windows.0\system32\win32k.sys
.
------- Sigcheck -------
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows.0\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows.0\system32\drivers\atapi.sys
[-] 2008-10-19 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows.0\system32\winlogon.exe
[-] 2008-10-19 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows.0\system32\user32.dll
[-] 2008-10-19 . DD7E25E20AEBD672DAE7E1D911C2D824 . 1589760 . . [6.00.2900.5512] . . c:\windows.0\explorer.exe
[-] 2008-11-05 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows.0\system32\sfcfiles.dll
[-] 2008-10-19 . 0AB43CE7EFFAD6B4914AE3C1B489AAA1 . 66560 . . [5.1.2600.5512] . . c:\windows.0\system32\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-11-24 2155832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvIcon"="c:\program files\Vista Components\Vista Drive Icon\DrvIcon.exe" [2007-07-04 45056]
"nwiz"="nwiz.exe" [2004-09-30 921600]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-08 2219184]
"TNOD UP"="c:\program files\TNod User & Password Finder\TNODUP.exe" [2010-04-01 1811968]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2004-09-30 4603904]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2008-10-19 66560]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
c:\documents and settings\Mirek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
JDownloader.lnk - c:\program files\JDownloader\JDownloader.exe [2010-7-14 214528]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users.WINDOWS.0\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\i:\0autocheck autochk /r \??\I:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS.0\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows.0\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-12-10 20:46 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ------w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-23 15:06 136176 -----tw- c:\documents and settings\Mirek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 14:06 1840424 ------w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 09:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 09:53 570664 ------w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-09-02 09:26 672632 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ------w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlwaysReady Power Message APP"=ARPWRMSG.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"C2K"=c:\windows.0\Cyb2k.exe
"ehTray"=c:\windows.0\ehome\ehtray.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows.0\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows.0\system32\NvCpl.dll,NvStartup
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
R0 a347bus;a347bus;c:\windows.0\system32\drivers\a347bus.sys [25.10.2010 4:52 160640]
R0 a347scsi;a347scsi;c:\windows.0\system32\drivers\a347scsi.sys [25.10.2010 4:52 5248]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 14:49 13592]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows.0\system32\drivers\teamviewervpn.sys [10.12.2010 12:24 25088]
S1 ehdrv;ehdrv;c:\windows.0\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [8.11.2010 9:50 810144]
S2 FsUsbExService;FsUsbExService;c:\windows.0\system32\FsUsbExService.Exe [8.12.2010 18:57 233472]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [10.12.2010 12:24 2250616]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [14.12.2010 14:41 1517376]
S3 EagleXNt;EagleXNt;\??\c:\windows.0\system32\drivers\EagleXNt.sys --> c:\windows.0\system32\drivers\EagleXNt.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows.0\system32\FsUsbExDisk.Sys [8.12.2010 18:57 36608]
S3 PAC207;VideoCAM GE111;c:\windows.0\system32\drivers\pfc027.sys [8.4.2005 9:46 162176]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows.0\system32\drivers\ss_bbus.sys [10.12.2010 20:33 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows.0\system32\drivers\ss_bmdfl.sys [10.12.2010 20:33 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows.0\system32\drivers\ss_bmdm.sys [10.12.2010 20:33 121856]
S3 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.8.2010 9:38 92008]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [29.11.2010 19:27 10064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2010-11-06 00:25 124928 ----a-w- c:\windows.0\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'
2011-01-22 c:\windows.0\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 14:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows.0\system32\lspcs.dll
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-4StoryPrePatch - c:\program files\Gameforge4D\4Story\PrePatch.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-22 19:45
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1456)
c:\windows.0\system32\SETUPAPI.dll
c:\windows.0\system32\COMRes.dll
c:\windows.0\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1712)
c:\windows.0\system32\SETUPAPI.dll
.
Celkový čas: 2011-01-22 19:47:43
ComboFix-quarantined-files.txt 2011-01-22 19:47
Před spuštěním: Volných bajtů: 104 580 816 896
Po spuštění: Volných bajtů: 105 634 959 360
- - End Of File - - B3169C645A0F7DA6268589DF4D40FB35
-
Rudy
- Site Admin
- Příspěvky: 119400
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Padá PC. Prosím o kontrolu
1. Tento soubor: c:\windows.0\regedit.exe otestujte online na www.virustotal.com . Výsledek oznamte.
2. Otevřte poznámkový blok a zkopírujte do něj:
2. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Restore::
c:\windows.0\system32\drivers\atapi.sys
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Padá PC. Prosím o kontrolu
Antivirus Version Last Update Result
Additional information
Show all
MD5 : eec3aaa4eac857e9af4f2e87ad4599cd
SHA1 : 974ffedabdc079a37fd0e4725e1c044a4df88518
SHA256: ebce693a22184318c42392f6009d58c3ccc549ab65aeefb7f12afb2e80300d48
File size : 277504 bytes
First seen: 2011-01-22 19:04:24
Last seen : 2011-01-22 19:04:24
VT Community
Additional information
Show all
MD5 : eec3aaa4eac857e9af4f2e87ad4599cd
SHA1 : 974ffedabdc079a37fd0e4725e1c044a4df88518
SHA256: ebce693a22184318c42392f6009d58c3ccc549ab65aeefb7f12afb2e80300d48
File size : 277504 bytes
First seen: 2011-01-22 19:04:24
Last seen : 2011-01-22 19:04:24
VT Community
Re: Padá PC. Prosím o kontrolu
Nový log:
ComboFix 11-01-22.01 - Mirek 22.01.2011 20:23:16.5.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.684 [GMT 0:00]
Spuštěný z: c:\documents and settings\Mirek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mirek\Plocha\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows.0\regedit.exe . . . je infikován!!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-22 do 2011-01-22 )))))))))))))))))))))))))))))))
.
2011-01-21 15:42 . 2011-01-21 15:42 -------- d-----w- c:\program files\Panda Security
2011-01-21 14:37 . 2011-01-21 14:37 -------- d-----w- c:\program files\trend micro
2011-01-21 14:37 . 2011-01-21 14:37 -------- d-----w- C:\rsit
2011-01-21 14:23 . 2011-01-21 14:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\CA
2011-01-21 07:30 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\Microsoft\Windows Defender\Definition Updates\{DF50E972-46C4-4D84-8D28-AEF8325726AF}\mpengine.dll
2011-01-20 13:57 . 2011-01-20 13:59 -------- d-----w- C:\TomTom
2011-01-10 19:05 . 2011-01-10 19:08 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-01-03 18:32 . 2010-12-14 14:39 29504 ----a-w- c:\windows.0\system32\uxtuneup.dll
2011-01-03 18:28 . 2010-12-14 14:43 31552 ----a-w- c:\windows.0\system32\TURegOpt.exe
2011-01-03 18:27 . 2011-01-03 18:27 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 20:45 . 2007-10-25 17:26 5632 ----a-w- c:\windows.0\system32\drivers\StarOpen.sys
2010-11-30 16:07 . 2010-12-10 12:24 25088 ----a-w- c:\windows.0\system32\drivers\teamviewervpn.sys
2010-11-18 18:15 . 2010-10-23 09:26 81920 ----a-w- c:\windows.0\system32\isign32.dll
2010-11-10 04:33 . 2010-10-23 12:03 6273872 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-09 14:52 . 2008-04-14 07:51 249856 ----a-w- c:\windows.0\system32\odbc32.dll
2010-11-06 00:25 . 2008-10-16 19:33 832512 ----a-w- c:\windows.0\system32\wininet.dll
2010-11-06 00:25 . 2008-10-16 19:33 1830912 ----a-w- c:\windows.0\system32\inetcpl.cpl
2010-11-06 00:25 . 2008-09-22 15:46 78336 ----a-w- c:\windows.0\system32\ieencode.dll
2010-11-06 00:25 . 2008-09-22 15:46 17408 ----a-w- c:\windows.0\system32\corpol.dll
2010-11-03 12:25 . 2008-09-22 15:46 389120 ------w- c:\windows.0\system32\html.iec
2010-11-02 15:17 . 2008-04-13 23:27 40960 ----a-w- c:\windows.0\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2008-04-14 07:37 290048 ----a-w- c:\windows.0\system32\atmfd.dll
2010-10-26 14:04 . 2008-10-17 14:02 1862272 ----a-w- c:\windows.0\system32\win32k.sys
.
------- Sigcheck -------
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows.0\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows.0\system32\drivers\atapi.sys
[-] 2008-10-19 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows.0\system32\winlogon.exe
[-] 2008-10-19 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows.0\system32\user32.dll
[-] 2008-10-19 . DD7E25E20AEBD672DAE7E1D911C2D824 . 1589760 . . [6.00.2900.5512] . . c:\windows.0\explorer.exe
[-] 2008-11-05 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows.0\system32\sfcfiles.dll
[-] 2008-10-19 . 0AB43CE7EFFAD6B4914AE3C1B489AAA1 . 66560 . . [5.1.2600.5512] . . c:\windows.0\system32\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-11-24 2155832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvIcon"="c:\program files\Vista Components\Vista Drive Icon\DrvIcon.exe" [2007-07-04 45056]
"nwiz"="nwiz.exe" [2004-09-30 921600]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-08 2219184]
"TNOD UP"="c:\program files\TNod User & Password Finder\TNODUP.exe" [2010-04-01 1811968]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2004-09-30 4603904]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2008-10-19 66560]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
c:\documents and settings\Mirek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
JDownloader.lnk - c:\program files\JDownloader\JDownloader.exe [2010-7-14 214528]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users.WINDOWS.0\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\i:\0autocheck autochk /r \??\I:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS.0\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows.0\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-12-10 20:46 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ------w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-23 15:06 136176 -----tw- c:\documents and settings\Mirek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 14:06 1840424 ------w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 09:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 09:53 570664 ------w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-09-02 09:26 672632 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ------w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlwaysReady Power Message APP"=ARPWRMSG.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"C2K"=c:\windows.0\Cyb2k.exe
"ehTray"=c:\windows.0\ehome\ehtray.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows.0\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows.0\system32\NvCpl.dll,NvStartup
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
R0 a347bus;a347bus;c:\windows.0\system32\drivers\a347bus.sys [25.10.2010 4:52 160640]
R0 a347scsi;a347scsi;c:\windows.0\system32\drivers\a347scsi.sys [25.10.2010 4:52 5248]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 14:49 13592]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows.0\system32\drivers\teamviewervpn.sys [10.12.2010 12:24 25088]
S1 ehdrv;ehdrv;c:\windows.0\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [8.11.2010 9:50 810144]
S2 FsUsbExService;FsUsbExService;c:\windows.0\system32\FsUsbExService.Exe [8.12.2010 18:57 233472]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [10.12.2010 12:24 2250616]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [14.12.2010 14:41 1517376]
S3 EagleXNt;EagleXNt;\??\c:\windows.0\system32\drivers\EagleXNt.sys --> c:\windows.0\system32\drivers\EagleXNt.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows.0\system32\FsUsbExDisk.Sys [8.12.2010 18:57 36608]
S3 PAC207;VideoCAM GE111;c:\windows.0\system32\drivers\pfc027.sys [8.4.2005 9:46 162176]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows.0\system32\drivers\ss_bbus.sys [10.12.2010 20:33 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows.0\system32\drivers\ss_bmdfl.sys [10.12.2010 20:33 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows.0\system32\drivers\ss_bmdm.sys [10.12.2010 20:33 121856]
S3 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.8.2010 9:38 92008]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [29.11.2010 19:27 10064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2010-11-06 00:25 124928 ----a-w- c:\windows.0\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'
2011-01-22 c:\windows.0\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 14:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows.0\system32\lspcs.dll
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-22 20:30
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1456)
c:\windows.0\system32\SETUPAPI.dll
c:\windows.0\system32\COMRes.dll
c:\windows.0\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1712)
c:\windows.0\system32\SETUPAPI.dll
- - - - - - - > 'explorer.exe'(492)
c:\windows.0\system32\SHDOCVW.dll
c:\windows.0\system32\COMRes.dll
c:\windows.0\System32\cscui.dll
.
Celkový čas: 2011-01-22 20:32:16
ComboFix-quarantined-files.txt 2011-01-22 20:32
ComboFix2.txt 2011-01-22 20:20
ComboFix3.txt 2011-01-22 19:47
Před spuštěním: Volných bajtů: 105 684 566 016
Po spuštění: Volných bajtů: 105 671 311 360
- - End Of File - - 69E8772FB462C696B948FB4C8598AFC2
ComboFix 11-01-22.01 - Mirek 22.01.2011 20:23:16.5.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.684 [GMT 0:00]
Spuštěný z: c:\documents and settings\Mirek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mirek\Plocha\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows.0\regedit.exe . . . je infikován!!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-22 do 2011-01-22 )))))))))))))))))))))))))))))))
.
2011-01-21 15:42 . 2011-01-21 15:42 -------- d-----w- c:\program files\Panda Security
2011-01-21 14:37 . 2011-01-21 14:37 -------- d-----w- c:\program files\trend micro
2011-01-21 14:37 . 2011-01-21 14:37 -------- d-----w- C:\rsit
2011-01-21 14:23 . 2011-01-21 14:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\CA
2011-01-21 07:30 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\Microsoft\Windows Defender\Definition Updates\{DF50E972-46C4-4D84-8D28-AEF8325726AF}\mpengine.dll
2011-01-20 13:57 . 2011-01-20 13:59 -------- d-----w- C:\TomTom
2011-01-10 19:05 . 2011-01-10 19:08 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-01-03 18:32 . 2010-12-14 14:39 29504 ----a-w- c:\windows.0\system32\uxtuneup.dll
2011-01-03 18:28 . 2010-12-14 14:43 31552 ----a-w- c:\windows.0\system32\TURegOpt.exe
2011-01-03 18:27 . 2011-01-03 18:27 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 20:45 . 2007-10-25 17:26 5632 ----a-w- c:\windows.0\system32\drivers\StarOpen.sys
2010-11-30 16:07 . 2010-12-10 12:24 25088 ----a-w- c:\windows.0\system32\drivers\teamviewervpn.sys
2010-11-18 18:15 . 2010-10-23 09:26 81920 ----a-w- c:\windows.0\system32\isign32.dll
2010-11-10 04:33 . 2010-10-23 12:03 6273872 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-09 14:52 . 2008-04-14 07:51 249856 ----a-w- c:\windows.0\system32\odbc32.dll
2010-11-06 00:25 . 2008-10-16 19:33 832512 ----a-w- c:\windows.0\system32\wininet.dll
2010-11-06 00:25 . 2008-10-16 19:33 1830912 ----a-w- c:\windows.0\system32\inetcpl.cpl
2010-11-06 00:25 . 2008-09-22 15:46 78336 ----a-w- c:\windows.0\system32\ieencode.dll
2010-11-06 00:25 . 2008-09-22 15:46 17408 ----a-w- c:\windows.0\system32\corpol.dll
2010-11-03 12:25 . 2008-09-22 15:46 389120 ------w- c:\windows.0\system32\html.iec
2010-11-02 15:17 . 2008-04-13 23:27 40960 ----a-w- c:\windows.0\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2008-04-14 07:37 290048 ----a-w- c:\windows.0\system32\atmfd.dll
2010-10-26 14:04 . 2008-10-17 14:02 1862272 ----a-w- c:\windows.0\system32\win32k.sys
.
------- Sigcheck -------
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows.0\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows.0\system32\drivers\atapi.sys
[-] 2008-10-19 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows.0\system32\winlogon.exe
[-] 2008-10-19 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows.0\system32\user32.dll
[-] 2008-10-19 . DD7E25E20AEBD672DAE7E1D911C2D824 . 1589760 . . [6.00.2900.5512] . . c:\windows.0\explorer.exe
[-] 2008-11-05 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows.0\system32\sfcfiles.dll
[-] 2008-10-19 . 0AB43CE7EFFAD6B4914AE3C1B489AAA1 . 66560 . . [5.1.2600.5512] . . c:\windows.0\system32\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-11-24 2155832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvIcon"="c:\program files\Vista Components\Vista Drive Icon\DrvIcon.exe" [2007-07-04 45056]
"nwiz"="nwiz.exe" [2004-09-30 921600]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-08 2219184]
"TNOD UP"="c:\program files\TNod User & Password Finder\TNODUP.exe" [2010-04-01 1811968]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2004-09-30 4603904]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2008-10-19 66560]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
c:\documents and settings\Mirek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
JDownloader.lnk - c:\program files\JDownloader\JDownloader.exe [2010-7-14 214528]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users.WINDOWS.0\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\i:\0autocheck autochk /r \??\I:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS.0\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows.0\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-12-10 20:46 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ------w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-23 15:06 136176 -----tw- c:\documents and settings\Mirek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 14:06 1840424 ------w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 09:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 09:53 570664 ------w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-09-02 09:26 672632 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ------w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlwaysReady Power Message APP"=ARPWRMSG.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"C2K"=c:\windows.0\Cyb2k.exe
"ehTray"=c:\windows.0\ehome\ehtray.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows.0\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows.0\system32\NvCpl.dll,NvStartup
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
R0 a347bus;a347bus;c:\windows.0\system32\drivers\a347bus.sys [25.10.2010 4:52 160640]
R0 a347scsi;a347scsi;c:\windows.0\system32\drivers\a347scsi.sys [25.10.2010 4:52 5248]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 14:49 13592]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows.0\system32\drivers\teamviewervpn.sys [10.12.2010 12:24 25088]
S1 ehdrv;ehdrv;c:\windows.0\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [8.11.2010 9:50 810144]
S2 FsUsbExService;FsUsbExService;c:\windows.0\system32\FsUsbExService.Exe [8.12.2010 18:57 233472]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [10.12.2010 12:24 2250616]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [14.12.2010 14:41 1517376]
S3 EagleXNt;EagleXNt;\??\c:\windows.0\system32\drivers\EagleXNt.sys --> c:\windows.0\system32\drivers\EagleXNt.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows.0\system32\FsUsbExDisk.Sys [8.12.2010 18:57 36608]
S3 PAC207;VideoCAM GE111;c:\windows.0\system32\drivers\pfc027.sys [8.4.2005 9:46 162176]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows.0\system32\drivers\ss_bbus.sys [10.12.2010 20:33 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows.0\system32\drivers\ss_bmdfl.sys [10.12.2010 20:33 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows.0\system32\drivers\ss_bmdm.sys [10.12.2010 20:33 121856]
S3 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.8.2010 9:38 92008]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [29.11.2010 19:27 10064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2010-11-06 00:25 124928 ----a-w- c:\windows.0\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'
2011-01-22 c:\windows.0\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 14:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows.0\system32\lspcs.dll
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-22 20:30
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1456)
c:\windows.0\system32\SETUPAPI.dll
c:\windows.0\system32\COMRes.dll
c:\windows.0\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1712)
c:\windows.0\system32\SETUPAPI.dll
- - - - - - - > 'explorer.exe'(492)
c:\windows.0\system32\SHDOCVW.dll
c:\windows.0\system32\COMRes.dll
c:\windows.0\System32\cscui.dll
.
Celkový čas: 2011-01-22 20:32:16
ComboFix-quarantined-files.txt 2011-01-22 20:32
ComboFix2.txt 2011-01-22 20:20
ComboFix3.txt 2011-01-22 19:47
Před spuštěním: Volných bajtů: 105 684 566 016
Po spuštění: Volných bajtů: 105 671 311 360
- - End Of File - - 69E8772FB462C696B948FB4C8598AFC2
-
Rudy
- Site Admin
- Příspěvky: 119400
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Padá PC. Prosím o kontrolu
Poprosím ještě jednou tímto skriptem:
FCopy::
c:\windows.0\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys | c:\windows.0\system32\drivers\atapi.sys
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Padá PC. Prosím o kontrolu
ComboFix 11-01-22.01 - Mirek 22.01.2011 20:57:06.6.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.673 [GMT 0:00]
Spuštěný z: c:\documents and settings\Mirek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mirek\Plocha\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows.0\regedit.exe . . . je infikován!!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-22 do 2011-01-22 )))))))))))))))))))))))))))))))
.
2011-01-21 15:42 . 2011-01-21 15:42 -------- d-----w- c:\program files\Panda Security
2011-01-21 14:37 . 2011-01-21 14:37 -------- d-----w- c:\program files\trend micro
2011-01-21 14:37 . 2011-01-21 14:37 -------- d-----w- C:\rsit
2011-01-21 14:23 . 2011-01-21 14:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\CA
2011-01-21 07:30 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\Microsoft\Windows Defender\Definition Updates\{DF50E972-46C4-4D84-8D28-AEF8325726AF}\mpengine.dll
2011-01-20 13:57 . 2011-01-20 13:59 -------- d-----w- C:\TomTom
2011-01-10 19:05 . 2011-01-10 19:08 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-01-03 18:32 . 2010-12-14 14:39 29504 ----a-w- c:\windows.0\system32\uxtuneup.dll
2011-01-03 18:28 . 2010-12-14 14:43 31552 ----a-w- c:\windows.0\system32\TURegOpt.exe
2011-01-03 18:27 . 2011-01-03 18:27 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 20:45 . 2007-10-25 17:26 5632 ----a-w- c:\windows.0\system32\drivers\StarOpen.sys
2010-11-30 16:07 . 2010-12-10 12:24 25088 ----a-w- c:\windows.0\system32\drivers\teamviewervpn.sys
2010-11-18 18:15 . 2010-10-23 09:26 81920 ----a-w- c:\windows.0\system32\isign32.dll
2010-11-10 04:33 . 2010-10-23 12:03 6273872 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-09 14:52 . 2008-04-14 07:51 249856 ----a-w- c:\windows.0\system32\odbc32.dll
2010-11-06 00:25 . 2008-10-16 19:33 832512 ----a-w- c:\windows.0\system32\wininet.dll
2010-11-06 00:25 . 2008-10-16 19:33 1830912 ----a-w- c:\windows.0\system32\inetcpl.cpl
2010-11-06 00:25 . 2008-09-22 15:46 78336 ----a-w- c:\windows.0\system32\ieencode.dll
2010-11-06 00:25 . 2008-09-22 15:46 17408 ----a-w- c:\windows.0\system32\corpol.dll
2010-11-03 12:25 . 2008-09-22 15:46 389120 ------w- c:\windows.0\system32\html.iec
2010-11-02 15:17 . 2008-04-13 23:27 40960 ----a-w- c:\windows.0\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2008-04-14 07:37 290048 ----a-w- c:\windows.0\system32\atmfd.dll
2010-10-26 14:04 . 2008-10-17 14:02 1862272 ----a-w- c:\windows.0\system32\win32k.sys
.
------- Sigcheck -------
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows.0\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows.0\system32\drivers\atapi.sys
[-] 2008-10-19 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows.0\system32\winlogon.exe
[-] 2008-10-19 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows.0\system32\user32.dll
[-] 2008-10-19 . DD7E25E20AEBD672DAE7E1D911C2D824 . 1589760 . . [6.00.2900.5512] . . c:\windows.0\explorer.exe
[-] 2008-11-05 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows.0\system32\sfcfiles.dll
[-] 2008-10-19 . 0AB43CE7EFFAD6B4914AE3C1B489AAA1 . 66560 . . [5.1.2600.5512] . . c:\windows.0\system32\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-11-24 2155832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvIcon"="c:\program files\Vista Components\Vista Drive Icon\DrvIcon.exe" [2007-07-04 45056]
"nwiz"="nwiz.exe" [2004-09-30 921600]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-08 2219184]
"TNOD UP"="c:\program files\TNod User & Password Finder\TNODUP.exe" [2010-04-01 1811968]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2004-09-30 4603904]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2008-10-19 66560]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
c:\documents and settings\Mirek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
JDownloader.lnk - c:\program files\JDownloader\JDownloader.exe [2010-7-14 214528]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users.WINDOWS.0\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\i:\0autocheck autochk /r \??\I:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS.0\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows.0\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-12-10 20:46 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ------w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-23 15:06 136176 -----tw- c:\documents and settings\Mirek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 14:06 1840424 ------w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 09:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 09:53 570664 ------w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-09-02 09:26 672632 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ------w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlwaysReady Power Message APP"=ARPWRMSG.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"C2K"=c:\windows.0\Cyb2k.exe
"ehTray"=c:\windows.0\ehome\ehtray.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows.0\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows.0\system32\NvCpl.dll,NvStartup
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
R0 a347bus;a347bus;c:\windows.0\system32\drivers\a347bus.sys [25.10.2010 4:52 160640]
R0 a347scsi;a347scsi;c:\windows.0\system32\drivers\a347scsi.sys [25.10.2010 4:52 5248]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 14:49 13592]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows.0\system32\drivers\teamviewervpn.sys [10.12.2010 12:24 25088]
S1 ehdrv;ehdrv;c:\windows.0\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [8.11.2010 9:50 810144]
S2 FsUsbExService;FsUsbExService;c:\windows.0\system32\FsUsbExService.Exe [8.12.2010 18:57 233472]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [10.12.2010 12:24 2250616]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [14.12.2010 14:41 1517376]
S3 EagleXNt;EagleXNt;\??\c:\windows.0\system32\drivers\EagleXNt.sys --> c:\windows.0\system32\drivers\EagleXNt.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows.0\system32\FsUsbExDisk.Sys [8.12.2010 18:57 36608]
S3 PAC207;VideoCAM GE111;c:\windows.0\system32\drivers\pfc027.sys [8.4.2005 9:46 162176]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows.0\system32\drivers\ss_bbus.sys [10.12.2010 20:33 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows.0\system32\drivers\ss_bmdfl.sys [10.12.2010 20:33 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows.0\system32\drivers\ss_bmdm.sys [10.12.2010 20:33 121856]
S3 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.8.2010 9:38 92008]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [29.11.2010 19:27 10064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2010-11-06 00:25 124928 ----a-w- c:\windows.0\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'
2011-01-22 c:\windows.0\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 14:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows.0\system32\lspcs.dll
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-22 21:03
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1456)
c:\windows.0\system32\SETUPAPI.dll
c:\windows.0\system32\COMRes.dll
c:\windows.0\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1712)
c:\windows.0\system32\SETUPAPI.dll
- - - - - - - > 'explorer.exe'(3244)
c:\windows.0\system32\SHDOCVW.dll
c:\windows.0\system32\COMRes.dll
c:\windows.0\System32\cscui.dll
c:\windows.0\system32\msi.dll
c:\windows.0\system32\SETUPAPI.dll
c:\windows.0\system32\NETSHELL.dll
c:\windows.0\system32\credui.dll
c:\windows.0\system32\MSVCP60.dll
.
Celkový čas: 2011-01-22 21:06:27
ComboFix-quarantined-files.txt 2011-01-22 21:06
ComboFix2.txt 2011-01-22 20:32
ComboFix3.txt 2011-01-22 20:20
ComboFix4.txt 2011-01-22 19:47
Před spuštěním: Volných bajtů: 105 679 908 864
Po spuštění: Volných bajtů: 105 666 654 208
- - End Of File - - CD2B7AB6A458A8A23DED3E424C7D2B9F
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.673 [GMT 0:00]
Spuštěný z: c:\documents and settings\Mirek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mirek\Plocha\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows.0\regedit.exe . . . je infikován!!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-22 do 2011-01-22 )))))))))))))))))))))))))))))))
.
2011-01-21 15:42 . 2011-01-21 15:42 -------- d-----w- c:\program files\Panda Security
2011-01-21 14:37 . 2011-01-21 14:37 -------- d-----w- c:\program files\trend micro
2011-01-21 14:37 . 2011-01-21 14:37 -------- d-----w- C:\rsit
2011-01-21 14:23 . 2011-01-21 14:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\CA
2011-01-21 07:30 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\Microsoft\Windows Defender\Definition Updates\{DF50E972-46C4-4D84-8D28-AEF8325726AF}\mpengine.dll
2011-01-20 13:57 . 2011-01-20 13:59 -------- d-----w- C:\TomTom
2011-01-10 19:05 . 2011-01-10 19:08 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-01-03 18:32 . 2010-12-14 14:39 29504 ----a-w- c:\windows.0\system32\uxtuneup.dll
2011-01-03 18:28 . 2010-12-14 14:43 31552 ----a-w- c:\windows.0\system32\TURegOpt.exe
2011-01-03 18:27 . 2011-01-03 18:27 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 20:45 . 2007-10-25 17:26 5632 ----a-w- c:\windows.0\system32\drivers\StarOpen.sys
2010-11-30 16:07 . 2010-12-10 12:24 25088 ----a-w- c:\windows.0\system32\drivers\teamviewervpn.sys
2010-11-18 18:15 . 2010-10-23 09:26 81920 ----a-w- c:\windows.0\system32\isign32.dll
2010-11-10 04:33 . 2010-10-23 12:03 6273872 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-09 14:52 . 2008-04-14 07:51 249856 ----a-w- c:\windows.0\system32\odbc32.dll
2010-11-06 00:25 . 2008-10-16 19:33 832512 ----a-w- c:\windows.0\system32\wininet.dll
2010-11-06 00:25 . 2008-10-16 19:33 1830912 ----a-w- c:\windows.0\system32\inetcpl.cpl
2010-11-06 00:25 . 2008-09-22 15:46 78336 ----a-w- c:\windows.0\system32\ieencode.dll
2010-11-06 00:25 . 2008-09-22 15:46 17408 ----a-w- c:\windows.0\system32\corpol.dll
2010-11-03 12:25 . 2008-09-22 15:46 389120 ------w- c:\windows.0\system32\html.iec
2010-11-02 15:17 . 2008-04-13 23:27 40960 ----a-w- c:\windows.0\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2008-04-14 07:37 290048 ----a-w- c:\windows.0\system32\atmfd.dll
2010-10-26 14:04 . 2008-10-17 14:02 1862272 ----a-w- c:\windows.0\system32\win32k.sys
.
------- Sigcheck -------
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows.0\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows.0\system32\drivers\atapi.sys
[-] 2008-10-19 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows.0\system32\winlogon.exe
[-] 2008-10-19 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows.0\system32\user32.dll
[-] 2008-10-19 . DD7E25E20AEBD672DAE7E1D911C2D824 . 1589760 . . [6.00.2900.5512] . . c:\windows.0\explorer.exe
[-] 2008-11-05 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows.0\system32\sfcfiles.dll
[-] 2008-10-19 . 0AB43CE7EFFAD6B4914AE3C1B489AAA1 . 66560 . . [5.1.2600.5512] . . c:\windows.0\system32\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-11-24 2155832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvIcon"="c:\program files\Vista Components\Vista Drive Icon\DrvIcon.exe" [2007-07-04 45056]
"nwiz"="nwiz.exe" [2004-09-30 921600]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-08 2219184]
"TNOD UP"="c:\program files\TNod User & Password Finder\TNODUP.exe" [2010-04-01 1811968]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2004-09-30 4603904]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2008-10-19 66560]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
c:\documents and settings\Mirek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
JDownloader.lnk - c:\program files\JDownloader\JDownloader.exe [2010-7-14 214528]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users.WINDOWS.0\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\i:\0autocheck autochk /r \??\I:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS.0\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows.0\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-12-10 20:46 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ------w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-23 15:06 136176 -----tw- c:\documents and settings\Mirek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 14:06 1840424 ------w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 09:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 09:53 570664 ------w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-09-02 09:26 672632 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ------w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlwaysReady Power Message APP"=ARPWRMSG.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"C2K"=c:\windows.0\Cyb2k.exe
"ehTray"=c:\windows.0\ehome\ehtray.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows.0\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows.0\system32\NvCpl.dll,NvStartup
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
R0 a347bus;a347bus;c:\windows.0\system32\drivers\a347bus.sys [25.10.2010 4:52 160640]
R0 a347scsi;a347scsi;c:\windows.0\system32\drivers\a347scsi.sys [25.10.2010 4:52 5248]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 14:49 13592]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows.0\system32\drivers\teamviewervpn.sys [10.12.2010 12:24 25088]
S1 ehdrv;ehdrv;c:\windows.0\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [8.11.2010 9:50 810144]
S2 FsUsbExService;FsUsbExService;c:\windows.0\system32\FsUsbExService.Exe [8.12.2010 18:57 233472]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [10.12.2010 12:24 2250616]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [14.12.2010 14:41 1517376]
S3 EagleXNt;EagleXNt;\??\c:\windows.0\system32\drivers\EagleXNt.sys --> c:\windows.0\system32\drivers\EagleXNt.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows.0\system32\FsUsbExDisk.Sys [8.12.2010 18:57 36608]
S3 PAC207;VideoCAM GE111;c:\windows.0\system32\drivers\pfc027.sys [8.4.2005 9:46 162176]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows.0\system32\drivers\ss_bbus.sys [10.12.2010 20:33 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows.0\system32\drivers\ss_bmdfl.sys [10.12.2010 20:33 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows.0\system32\drivers\ss_bmdm.sys [10.12.2010 20:33 121856]
S3 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.8.2010 9:38 92008]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [29.11.2010 19:27 10064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2010-11-06 00:25 124928 ----a-w- c:\windows.0\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'
2011-01-22 c:\windows.0\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 14:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows.0\system32\lspcs.dll
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-22 21:03
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1456)
c:\windows.0\system32\SETUPAPI.dll
c:\windows.0\system32\COMRes.dll
c:\windows.0\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1712)
c:\windows.0\system32\SETUPAPI.dll
- - - - - - - > 'explorer.exe'(3244)
c:\windows.0\system32\SHDOCVW.dll
c:\windows.0\system32\COMRes.dll
c:\windows.0\System32\cscui.dll
c:\windows.0\system32\msi.dll
c:\windows.0\system32\SETUPAPI.dll
c:\windows.0\system32\NETSHELL.dll
c:\windows.0\system32\credui.dll
c:\windows.0\system32\MSVCP60.dll
.
Celkový čas: 2011-01-22 21:06:27
ComboFix-quarantined-files.txt 2011-01-22 21:06
ComboFix2.txt 2011-01-22 20:32
ComboFix3.txt 2011-01-22 20:20
ComboFix4.txt 2011-01-22 19:47
Před spuštěním: Volných bajtů: 105 679 908 864
Po spuštění: Volných bajtů: 105 666 654 208
- - End Of File - - CD2B7AB6A458A8A23DED3E424C7D2B9F
-
Rudy
- Site Admin
- Příspěvky: 119400
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Padá PC. Prosím o kontrolu
Zase nic. Zkuste MBR: http://www2.gmer.net/mbr/mbr.exe . Utilita udělá krátký log. Ten sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Padá PC. Prosím o kontrolu
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP1614N rev.TM100-24 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Windows 5.1.2600 Disk: SAMSUNG_SP1614N rev.TM100-24 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Padá PC. Prosím o kontrolu
sorry za vlez 
XP prof. SP3 - regedit exe
MD5 : cb5a91928d94224e7e30ee277b45e8a3
SHA1 : c275744429f017d518138027c1a5bca3fb7b4043
SHA256: 96050a1db0567f64adc8273963a0709bed504b5b6581fdb5c8d6d45c016cded3
File size : 147968 bytes
First seen: 2009-03-11 18:01:38
Last seen : 2011-01-24 09:19:15
Zkus to znovu - dej požadovaný soubor -> Reanalyse a Rudymu sem pak zkopíruj obsah adresního řádku prohlížeče
To je nějaká ptákovinahasic150 píše:Antivirus Version Last Update Result
Additional information
Show all
MD5 : eec3aaa4eac857e9af4f2e87ad4599cd
SHA1 : 974ffedabdc079a37fd0e4725e1c044a4df88518
SHA256: ebce693a22184318c42392f6009d58c3ccc549ab65aeefb7f12afb2e80300d48
File size : 277504 bytes
First seen: 2011-01-22 19:04:24
Last seen : 2011-01-22 19:04:24
VT Community
XP prof. SP3 - regedit exe
MD5 : cb5a91928d94224e7e30ee277b45e8a3
SHA1 : c275744429f017d518138027c1a5bca3fb7b4043
SHA256: 96050a1db0567f64adc8273963a0709bed504b5b6581fdb5c8d6d45c016cded3
File size : 147968 bytes
First seen: 2009-03-11 18:01:38
Last seen : 2011-01-24 09:19:15
Zkus to znovu - dej požadovaný soubor -> Reanalyse a Rudymu sem pak zkopíruj obsah adresního řádku prohlížeče
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Padá PC. Prosím o kontrolu
ano to je správně, ale výsledek je podezřelý - nechám tě Rudymu s podezřením na zavirovaný regedit.exe 
http://www.google.cz/search?q=eec3aaa4e ... =firefox-a
http://www.google.cz/search?q=974ffedab ... =firefox-a
http://www.google.cz/search?q=eec3aaa4e ... =firefox-a
http://www.google.cz/search?q=974ffedab ... =firefox-a
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Přispějete na provoz fóra?