Při kontrole PC pomocí Spybot search n destroy mi program hlásil, že je blokován přístup k souboru C:\WINDOWS\system32\drivers\etc\hosts. Díky tomu nešly odstranit některé malwary.
Na stejný problém mě upozornil i RSIT, když jsem jej spouštěl. Prosím tedy o radu a kontrolu logu.
Logfile of random's system information tool 1.08 (written by random/random)
Run by uzivatel at 2011-02-04 06:38:10
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 13 GB (33%) free of 41 GB
Total RAM: 3326 MB (81% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:41:08, on 4.2.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\Installer\MSI1C.tmp
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\uzivatel\Plocha\Programy\RSIT.exe
C:\Program Files\trend micro\uzivatel.exe
C:\WINDOWS\system32\notepad.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Enterra Icon Keeper] "C:\Program Files\Enterra\Icon Keeper\IcnKeepr.exe" ssp /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [UpdateReminder] C:\Program Files\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://pc:3000/activex/RACtrl.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: SolidConverterPDFv4ReadSpool (SCPDFV4ReadSpool) - Solid Documents, LLC - C:\WINDOWS\Installer\MSI1C.tmp
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 10475 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-22 61888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29 321120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-15 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-15 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.3.dll [2010-10-07 1164568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29 321120]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Enterra Icon Keeper"=C:\Program Files\Enterra\Icon Keeper\IcnKeepr.exe [2006-08-18 57344]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"FinePrint Dispatcher v5"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe [2007-02-24 507904]
"Norton Ghost 14.0"=C:\Program Files\Norton Ghost\Agent\VProTray.exe [2008-01-19 2245984]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2007-03-29 624248]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2010-11-13 949376]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-11-02 19580520]
"WinFast Schedule"=C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2004-06-23 163840]
"UpdateReminder"=C:\Program Files\Eset\UpdateReminder.exe [2010-12-01 434176]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-12-02 77824]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2010-10-07 488728]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-07-29 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RAinit]
C:\WINDOWS\system32\RAinit.dll [2005-04-18 10496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2011-02-04 06:28:55 ----D---- C:\Program Files\trend micro
2011-02-04 06:28:54 ----D---- C:\rsit
2011-02-03 16:18:47 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-02-03 16:18:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-02-03 15:09:48 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\Digiarty
2011-02-03 14:32:05 ----D---- C:\Program Files\Digiarty
2011-02-03 14:29:31 ----D---- C:\Program Files\DVD To AVI Converter4.0
2011-01-31 19:51:20 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\proDAD
2011-01-31 19:51:19 ----D---- C:\Program Files\proDAD
2011-01-31 19:51:15 ----D---- C:\Program Files\LooksBuilderSE
2011-01-31 19:50:27 ----D---- C:\Program Files\Boris FX, Inc
2011-01-31 17:26:49 ----A---- C:\WINDOWS\system32\drivers\MarvinBus.sys
2011-01-31 17:26:41 ----D---- C:\Program Files\Common Files\Pinnacle
2011-01-31 17:26:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Ultimate
2011-01-31 17:22:35 ----D---- C:\Program Files\Common Files\Yahoo!
2011-01-31 17:22:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Studio 12
2011-01-31 17:22:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Plus
2011-01-31 05:13:30 ----A---- C:\WINDOWS\system32\pncrt.dll
2011-01-31 05:12:38 ----D---- C:\Program Files\directx
2011-01-31 05:10:11 ----A---- C:\WINDOWS\uninst.exe
2011-01-30 16:25:18 ----A---- C:\WINDOWS\system32\drivers\msdv.sys
2011-01-30 16:25:14 ----A---- C:\WINDOWS\system32\drivers\avc.sys
2011-01-30 16:25:11 ----A---- C:\WINDOWS\system32\drivers\61883.sys
2011-01-28 15:01:25 ----A---- C:\WINDOWS\unvise32.exe
2011-01-28 15:00:14 ----A---- C:\WINDOWS\system32\msvcr70.dll
2011-01-28 15:00:14 ----A---- C:\WINDOWS\system32\MSVCP70.DLL
2011-01-28 15:00:14 ----A---- C:\WINDOWS\system32\MSVCI70.DLL
2011-01-28 15:00:13 ----A---- C:\WINDOWS\system32\MFC70U.DLL
2011-01-28 15:00:13 ----A---- C:\WINDOWS\system32\MFC70.DLL
2011-01-28 15:00:13 ----A---- C:\WINDOWS\system32\ATL70.DLL
2011-01-28 14:59:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
2011-01-28 14:59:06 ----D---- C:\Program Files\Pinnacle
2011-01-28 14:59:01 ----N---- C:\WINDOWS\system32\drivers\Pclepci.sys
2011-01-26 15:56:20 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\Unity
2011-01-25 15:47:04 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\AidemMedia
2011-01-25 15:45:30 ----A---- C:\WINDOWS\cdstart.ini
2011-01-25 15:44:25 ----D---- C:\Program Files\AidemMedia
2011-01-16 18:29:23 ----HD---- C:\WINDOWS\PIF
2011-01-15 05:49:45 ----RASHD---- C:\Autorun.inf
2011-01-15 05:43:29 ----D---- C:\UsbFix
2011-01-06 15:47:05 ----D---- C:\Program Files\Ford Racing 3
======List of files/folders modified in the last 1 months======
2011-02-04 06:38:13 ----D---- C:\WINDOWS\Temp
2011-02-04 06:37:43 ----D---- C:\WINDOWS\Prefetch
2011-02-04 06:37:18 ----D---- C:\WINDOWS\Registration
2011-02-04 06:37:12 ----D---- C:\WINDOWS
2011-02-04 06:35:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-04 06:28:55 ----RD---- C:\Program Files
2011-02-04 06:27:21 ----D---- C:\Program Files\Mozilla Firefox
2011-02-04 06:27:08 ----A---- C:\WINDOWS\NeroDigital.ini
2011-02-04 06:27:07 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\Media Player Classic
2011-02-04 06:26:36 ----D---- C:\WINDOWS\system32\drivers\etc
2011-02-04 06:23:40 ----D---- C:\WINDOWS\system32
2011-02-04 06:20:19 ----D---- C:\WINDOWS\Help
2011-02-04 06:19:14 ----SHD---- C:\WINDOWS\Installer
2011-02-04 06:18:27 ----D---- C:\Program Files\Adobe
2011-02-04 06:18:27 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\Adobe
2011-02-04 05:54:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-02-03 22:25:04 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\Skype
2011-02-03 16:45:30 ----A---- C:\WINDOWS\WININIT.INI
2011-02-03 16:03:07 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\skypePM
2011-02-03 12:04:54 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-03 08:51:52 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\ICQ
2011-02-02 18:12:19 ----D---- C:\WINDOWS\system32\config
2011-02-02 18:12:11 ----D---- C:\WINDOWS\system32\wbem
2011-02-02 11:00:19 ----D---- C:\WINDOWS\repair
2011-01-31 19:50:26 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-31 17:26:54 ----SD---- C:\Documents and Settings\uzivatel\Data aplikací\Microsoft
2011-01-31 17:26:53 ----HD---- C:\WINDOWS\inf
2011-01-31 17:26:52 ----D---- C:\WINDOWS\system32\drivers
2011-01-31 17:26:49 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-01-31 17:26:41 ----D---- C:\Program Files\Common Files
2011-01-31 17:25:24 ----RSD---- C:\WINDOWS\Fonts
2011-01-31 05:12:42 ----D---- C:\WINDOWS\system32\CatRoot
2011-01-30 16:25:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-01-30 07:32:12 ----D---- C:\Program Files\Opera
2011-01-28 15:11:58 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-01-28 15:11:57 ----D---- C:\Program Files\Common Files\InstallShield
2011-01-23 07:37:32 ----D---- C:\WINDOWS\system32\Restore
2011-01-22 06:29:30 ----D---- C:\Program Files\ESET
2011-01-17 18:34:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-01-16 18:23:52 ----SHD---- C:\System Volume Information
2011-01-16 13:41:50 ----D---- C:\Program Files\Winamp
2011-01-15 05:46:12 ----SHD---- C:\RECYCLER
2011-01-05 14:49:57 ----A---- C:\WINDOWS\winamp.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-09-15 685816]
R0 symsnap;Symantec Volume Snap Shot Driver; C:\WINDOWS\system32\DRIVERS\symsnap.sys [2007-12-20 136416]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2010-11-13 15424]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2010-11-13 512096]
R2 v2imount;Symantec V2i Mount Driver; C:\WINDOWS\system32\DRIVERS\v2imount.sys [2008-01-19 38112]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.; C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-06-04 208467]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.; C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-06-24 9284]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.; C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-06-24 36261]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-07-30 4411392]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-07-02 89600]
R3 GEARAspiWDM;GearAspiWDM; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-01-19 15664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-11-02 6188648]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 ramirr;ramirr; C:\WINDOWS\system32\DRIVERS\ramirr.sys [2005-04-18 7424]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
R3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys []
S2 RAInfo;RemotelyAnywhere Kernel Information Provider; \??\C:\Program Files\RemotelyAnywhere\RaInfo.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 ai4z44du;ai4z44du; C:\WINDOWS\system32\drivers\ai4z44du.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-15 25280]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 VProEventMonitor;Symantec Event Monitor Driver; C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys [2008-01-19 15088]
S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2008-01-19 128104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-07-29 602112]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-15 153376]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2010-11-13 552064]
R2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2008-01-19 4388192]
R2 SCPDFV4ReadSpool;SolidConverterPDFv4ReadSpool; C:\WINDOWS\Installer\MSI1C.tmp [2009-09-15 189688]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider; C:\WINDOWS\system32\dllhost.exe [2004-08-17 5120]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-15 654848]
R3 SymSnapService;SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2007-12-20 1553896]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-14 779824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu
Děkuji.
Scan přes Combofix jsem provedl, zde je jeho log:
ComboFix 11-01-31.02 - uzivatel 05.02.2011 12:37:23.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3326.2596 [GMT 1:00]
Spuštěný z: c:\documents and settings\uzivatel\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ICQ6.5\ICQLRun.exe
c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin5.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
c:\program files\QuickTime\Plugins\npqtplugin2.dll
c:\program files\QuickTime\Plugins\npqtplugin3.dll
c:\program files\QuickTime\Plugins\npqtplugin4.dll
c:\program files\QuickTime\Plugins\npqtplugin5.dll
c:\program files\QuickTime\Plugins\npqtplugin6.dll
c:\windows\system32\Dvbpws.dll
c:\windows\system32\twunk_32.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-05 do 2011-02-05 )))))))))))))))))))))))))))))))
.
2011-02-04 05:28 . 2011-02-04 05:38 -------- d-----w- c:\program files\trend micro
2011-02-04 05:28 . 2011-02-04 05:31 -------- d-----w- C:\rsit
2011-02-03 15:18 . 2011-02-03 15:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-03 14:09 . 2011-02-03 14:09 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\Digiarty
2011-02-03 13:32 . 2011-02-03 13:32 -------- d-----w- c:\program files\Digiarty
2011-02-03 13:29 . 2011-02-03 13:30 -------- d-----w- c:\program files\DVD To AVI Converter4.0
2011-02-02 17:12 . 2011-02-02 17:12 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-31 18:51 . 2011-01-31 18:51 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\proDAD
2011-01-31 18:51 . 2011-01-31 18:51 -------- d-----w- c:\program files\proDAD
2011-01-31 18:51 . 2011-02-02 17:12 -------- d-----w- c:\program files\LooksBuilderSE
2011-01-31 18:50 . 2011-02-02 17:11 -------- d-----w- c:\program files\Boris FX, Inc
2011-01-31 16:26 . 2005-09-23 22:18 171520 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
2011-01-31 16:26 . 2011-01-31 16:26 -------- d-----w- c:\program files\Common Files\Pinnacle
2011-01-31 16:26 . 2011-01-31 16:26 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Data aplikací\Downloaded Installations
2011-01-31 16:26 . 2011-01-31 16:26 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2011-01-31 16:22 . 2011-01-31 16:22 -------- d-----w- c:\program files\Common Files\Yahoo!
2011-01-31 04:12 . 2011-01-31 04:12 -------- d-----w- c:\program files\directx
2011-01-31 04:10 . 2000-12-14 19:05 299520 ----a-w- c:\windows\uninst.exe
2011-01-30 15:25 . 2004-08-03 22:10 51328 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-01-30 15:25 . 2004-08-03 22:10 51328 ----a-w- c:\windows\system32\drivers\msdv.sys
2011-01-30 15:25 . 2004-08-03 22:10 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2011-01-30 15:25 . 2004-08-03 22:10 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2011-01-30 15:25 . 2004-08-03 22:10 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2011-01-30 15:25 . 2004-08-03 22:10 48128 ----a-w- c:\windows\system32\drivers\61883.sys
2011-01-28 14:11 . 2002-07-25 16:06 282624 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\agent.exe
2011-01-28 14:01 . 2003-03-15 21:15 90112 ----a-w- c:\windows\unvise32.exe
2011-01-28 14:00 . 2002-01-05 01:40 487424 ----a-w- c:\windows\system32\MSVCP70.DLL
2011-01-28 14:00 . 2002-01-05 01:38 54784 ----a-w- c:\windows\system32\MSVCI70.DLL
2011-01-28 14:00 . 2002-01-05 01:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-01-28 14:00 . 2002-01-05 02:48 974848 ----a-w- c:\windows\system32\MFC70.DLL
2011-01-28 14:00 . 2002-01-05 02:36 964608 ----a-w- c:\windows\system32\MFC70U.DLL
2011-01-28 14:00 . 2002-01-05 00:18 84992 ----a-w- c:\windows\system32\ATL70.DLL
2011-01-28 13:59 . 2011-01-31 18:50 -------- d-----w- c:\program files\Pinnacle
2011-01-28 13:59 . 2002-03-19 08:29 14165 ------w- c:\windows\system32\drivers\Pclepci.sys
2011-01-26 14:56 . 2011-01-26 14:56 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\Unity
2011-01-25 14:47 . 2011-01-25 15:06 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\AidemMedia
2011-01-25 14:44 . 2011-02-04 05:54 -------- d-----w- c:\program files\AidemMedia
2011-01-16 17:29 . 2011-01-16 17:29 -------- d--h--w- c:\windows\PIF
2011-01-15 04:43 . 2011-01-15 04:46 -------- d-----w- C:\UsbFix
2011-01-06 14:47 . 2011-02-01 06:04 -------- d-----w- c:\program files\Ford Racing 3
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-28 15:15 . 2010-12-02 06:34 1409 ----a-w- c:\windows\QTFont.for
2011-01-15 04:46 . 2011-01-15 04:46 18635 ----a-w- C:\UsbFix_Upload_Me_PC.zip
2010-11-24 08:00 . 2010-12-05 17:47 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-11-23 14:14 . 2010-11-23 14:14 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-11-23 14:14 . 2010-11-23 14:14 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-11-13 12:42 . 2010-11-13 12:42 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2010-11-13 12:42 . 2010-11-13 12:42 298104 ----a-w- c:\windows\system32\imon.dll
2010-11-13 12:42 . 2010-11-13 12:42 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-10-07 488728]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Enterra Icon Keeper"="c:\program files\Enterra\Icon Keeper\IcnKeepr.exe" [2006-08-18 57344]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2007-02-24 507904]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-01-19 2245984]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 624248]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-11-13 949376]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"RTHDCPL"="RTHDCPL.EXE" [2010-11-02 19580520]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2004-06-23 163840]
"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2010-12-01 434176]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-12-02 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RAinit]
2005-04-18 11:24 10496 ----a-w- c:\windows\system32\RAinit.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.9.2009 10:29 685816]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [13.11.2010 13:42 15424]
R2 SCPDFV4ReadSpool;SolidConverterPDFv4ReadSpool;c:\windows\Installer\MSI1C.tmp [15.9.2009 11:51 189688]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [17.8.2004 15:49 5120]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [14.11.2010 13:26 208467]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [14.11.2010 13:55 9284]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [14.11.2010 13:55 36261]
R3 ramirr;ramirr;c:\windows\system32\drivers\ramirr.sys [18.4.2005 12:24 7424]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20.12.2007 16:13 1553896]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [14.11.2010 13:30 9510]
S2 RAInfo;RemotelyAnywhere Kernel Information Provider;\??\c:\program files\RemotelyAnywhere\RaInfo.sys --> c:\program files\RemotelyAnywhere\RaInfo.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13.11.2010 19:13 1691480]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [18.8.2005 7168]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\x9xb4fml.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: 比比猫视频下载器: vd@bbmao.com - %profile%\extensions\vd@bbmao.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-05 12:39
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCPDFV4ReadSpool]
"ImagePath"="c:\windows\Installer\MSI1C.tmp"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\RAinit.dll
.
Celkový čas: 2011-02-05 12:41:16
ComboFix-quarantined-files.txt 2011-02-05 11:41
Před spuštěním: Volných bajtů: 13 283 885 056
Po spuštění: Volných bajtů: 13 240 692 736
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - B8C3ACD6A9E578AD4A8CD2B1CCA25DB1
Scan přes Combofix jsem provedl, zde je jeho log:
ComboFix 11-01-31.02 - uzivatel 05.02.2011 12:37:23.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3326.2596 [GMT 1:00]
Spuštěný z: c:\documents and settings\uzivatel\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ICQ6.5\ICQLRun.exe
c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin5.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
c:\program files\QuickTime\Plugins\npqtplugin2.dll
c:\program files\QuickTime\Plugins\npqtplugin3.dll
c:\program files\QuickTime\Plugins\npqtplugin4.dll
c:\program files\QuickTime\Plugins\npqtplugin5.dll
c:\program files\QuickTime\Plugins\npqtplugin6.dll
c:\windows\system32\Dvbpws.dll
c:\windows\system32\twunk_32.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-05 do 2011-02-05 )))))))))))))))))))))))))))))))
.
2011-02-04 05:28 . 2011-02-04 05:38 -------- d-----w- c:\program files\trend micro
2011-02-04 05:28 . 2011-02-04 05:31 -------- d-----w- C:\rsit
2011-02-03 15:18 . 2011-02-03 15:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-03 14:09 . 2011-02-03 14:09 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\Digiarty
2011-02-03 13:32 . 2011-02-03 13:32 -------- d-----w- c:\program files\Digiarty
2011-02-03 13:29 . 2011-02-03 13:30 -------- d-----w- c:\program files\DVD To AVI Converter4.0
2011-02-02 17:12 . 2011-02-02 17:12 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-31 18:51 . 2011-01-31 18:51 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\proDAD
2011-01-31 18:51 . 2011-01-31 18:51 -------- d-----w- c:\program files\proDAD
2011-01-31 18:51 . 2011-02-02 17:12 -------- d-----w- c:\program files\LooksBuilderSE
2011-01-31 18:50 . 2011-02-02 17:11 -------- d-----w- c:\program files\Boris FX, Inc
2011-01-31 16:26 . 2005-09-23 22:18 171520 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
2011-01-31 16:26 . 2011-01-31 16:26 -------- d-----w- c:\program files\Common Files\Pinnacle
2011-01-31 16:26 . 2011-01-31 16:26 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Data aplikací\Downloaded Installations
2011-01-31 16:26 . 2011-01-31 16:26 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2011-01-31 16:22 . 2011-01-31 16:22 -------- d-----w- c:\program files\Common Files\Yahoo!
2011-01-31 04:12 . 2011-01-31 04:12 -------- d-----w- c:\program files\directx
2011-01-31 04:10 . 2000-12-14 19:05 299520 ----a-w- c:\windows\uninst.exe
2011-01-30 15:25 . 2004-08-03 22:10 51328 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-01-30 15:25 . 2004-08-03 22:10 51328 ----a-w- c:\windows\system32\drivers\msdv.sys
2011-01-30 15:25 . 2004-08-03 22:10 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2011-01-30 15:25 . 2004-08-03 22:10 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2011-01-30 15:25 . 2004-08-03 22:10 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2011-01-30 15:25 . 2004-08-03 22:10 48128 ----a-w- c:\windows\system32\drivers\61883.sys
2011-01-28 14:11 . 2002-07-25 16:06 282624 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\agent.exe
2011-01-28 14:01 . 2003-03-15 21:15 90112 ----a-w- c:\windows\unvise32.exe
2011-01-28 14:00 . 2002-01-05 01:40 487424 ----a-w- c:\windows\system32\MSVCP70.DLL
2011-01-28 14:00 . 2002-01-05 01:38 54784 ----a-w- c:\windows\system32\MSVCI70.DLL
2011-01-28 14:00 . 2002-01-05 01:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-01-28 14:00 . 2002-01-05 02:48 974848 ----a-w- c:\windows\system32\MFC70.DLL
2011-01-28 14:00 . 2002-01-05 02:36 964608 ----a-w- c:\windows\system32\MFC70U.DLL
2011-01-28 14:00 . 2002-01-05 00:18 84992 ----a-w- c:\windows\system32\ATL70.DLL
2011-01-28 13:59 . 2011-01-31 18:50 -------- d-----w- c:\program files\Pinnacle
2011-01-28 13:59 . 2002-03-19 08:29 14165 ------w- c:\windows\system32\drivers\Pclepci.sys
2011-01-26 14:56 . 2011-01-26 14:56 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\Unity
2011-01-25 14:47 . 2011-01-25 15:06 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\AidemMedia
2011-01-25 14:44 . 2011-02-04 05:54 -------- d-----w- c:\program files\AidemMedia
2011-01-16 17:29 . 2011-01-16 17:29 -------- d--h--w- c:\windows\PIF
2011-01-15 04:43 . 2011-01-15 04:46 -------- d-----w- C:\UsbFix
2011-01-06 14:47 . 2011-02-01 06:04 -------- d-----w- c:\program files\Ford Racing 3
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-28 15:15 . 2010-12-02 06:34 1409 ----a-w- c:\windows\QTFont.for
2011-01-15 04:46 . 2011-01-15 04:46 18635 ----a-w- C:\UsbFix_Upload_Me_PC.zip
2010-11-24 08:00 . 2010-12-05 17:47 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-11-23 14:14 . 2010-11-23 14:14 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-11-23 14:14 . 2010-11-23 14:14 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-11-13 12:42 . 2010-11-13 12:42 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2010-11-13 12:42 . 2010-11-13 12:42 298104 ----a-w- c:\windows\system32\imon.dll
2010-11-13 12:42 . 2010-11-13 12:42 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-10-07 488728]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Enterra Icon Keeper"="c:\program files\Enterra\Icon Keeper\IcnKeepr.exe" [2006-08-18 57344]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2007-02-24 507904]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-01-19 2245984]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 624248]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-11-13 949376]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"RTHDCPL"="RTHDCPL.EXE" [2010-11-02 19580520]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2004-06-23 163840]
"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2010-12-01 434176]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-12-02 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RAinit]
2005-04-18 11:24 10496 ----a-w- c:\windows\system32\RAinit.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.9.2009 10:29 685816]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [13.11.2010 13:42 15424]
R2 SCPDFV4ReadSpool;SolidConverterPDFv4ReadSpool;c:\windows\Installer\MSI1C.tmp [15.9.2009 11:51 189688]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [17.8.2004 15:49 5120]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [14.11.2010 13:26 208467]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [14.11.2010 13:55 9284]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [14.11.2010 13:55 36261]
R3 ramirr;ramirr;c:\windows\system32\drivers\ramirr.sys [18.4.2005 12:24 7424]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20.12.2007 16:13 1553896]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [14.11.2010 13:30 9510]
S2 RAInfo;RemotelyAnywhere Kernel Information Provider;\??\c:\program files\RemotelyAnywhere\RaInfo.sys --> c:\program files\RemotelyAnywhere\RaInfo.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13.11.2010 19:13 1691480]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [18.8.2005 7168]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\x9xb4fml.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: 比比猫视频下载器: vd@bbmao.com - %profile%\extensions\vd@bbmao.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-05 12:39
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCPDFV4ReadSpool]
"ImagePath"="c:\windows\Installer\MSI1C.tmp"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\RAinit.dll
.
Celkový čas: 2011-02-05 12:41:16
ComboFix-quarantined-files.txt 2011-02-05 11:41
Před spuštěním: Volných bajtů: 13 283 885 056
Po spuštění: Volných bajtů: 13 240 692 736
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - B8C3ACD6A9E578AD4A8CD2B1CCA25DB1
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Několik infikovaných položek bylo smazáno, zbytek logu vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu
Spustil jsem znovu Spybot a zdá se, že problém je pryč. Žádný blokovaný soubor nehlásí a žádný malware či jinou havěť nenašel.
Děkuji za věnovaný čas a pomoc.
Děkuji za věnovaný čas a pomoc.
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?