ComboFix 11-02-13.04 - Dolda 14.02.2011 20:35:29.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.227 [GMT 1:00]
Spuštěný z: c:\documents and settings\Dolda\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Dolda\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
file zipped: c:\windows\SETE8.tmp
file zipped: c:\windows\system32\drivers\lehotuycmqlz.sys
file zipped: c:\windows\system32\drivers\nbsbrkkjwx.sys
file zipped: c:\windows\system32\drivers\oyeidufipvmuv.sys
file zipped: c:\windows\system32\drivers\qbjyiitvnjoq.sys
file zipped: c:\windows\system32\MAI6.tmp
file zipped: c:\windows\system32\MAI7.tmp
file zipped: c:\windows\system32\MAI8.tmp
file zipped: c:\windows\system32\MAI9.tmp
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\SETE8.tmp
c:\windows\system32\drivers\lehotuycmqlz.sys
c:\windows\system32\drivers\nbsbrkkjwx.sys
c:\windows\system32\drivers\oyeidufipvmuv.sys
c:\windows\system32\drivers\qbjyiitvnjoq.sys
c:\windows\system32\MAI6.tmp
c:\windows\system32\MAI7.tmp
c:\windows\system32\MAI8.tmp
c:\windows\system32\MAI9.tmp
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BCCTHPKV
-------\Legacy_PKEBHXEN
-------\Legacy_QRVTWWFY
-------\Legacy_TQYXLPBT
-------\Legacy_WKRWHTXW
-------\Legacy_XDFMQGEE
-------\Legacy_XDQHSOXW
-------\Legacy_XTRKBGAR
-------\Legacy_ZPHWQ
-------\Service_bccthpkv
-------\Service_pkebhxen
-------\Service_qrvtwwfy
-------\Service_tqyxlpbt
-------\Service_wkrwhtxw
-------\Service_xdfmqgee
-------\Service_xdqhsoxw
-------\Service_xtrkbgar
-------\Service_zphwq
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-14 do 2011-02-14 )))))))))))))))))))))))))))))))
.
2011-02-14 18:32 . 2005-06-06 16:51 11264 ----a-w- c:\windows\system32\drivers\vulfntr.sys
2011-02-14 18:32 . 2005-01-05 17:02 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys
2011-02-14 18:32 . 2003-10-03 15:28 45056 ----a-w- c:\windows\system32\vusetup.dll
2011-02-14 18:32 . 1998-11-13 11:58 307200 ----a-w- c:\windows\IsUn0405.exe
2011-02-13 19:20 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-02-13 19:20 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-02-13 19:19 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-02-13 19:19 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-02-13 19:14 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-02-13 17:32 . 2011-02-13 17:32 -------- dc----w- C:\rsit
2011-02-13 16:46 . 2011-02-13 17:32 -------- d-----w- c:\program files\Trend Micro
2011-02-13 13:27 . 2011-02-13 13:27 -------- d-----w- c:\documents and settings\LocalService\Plocha
2011-02-13 13:26 . 2011-02-13 13:26 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-02-13 11:15 . 2011-02-13 19:40 -------- d-----w- c:\windows\ie8updates
2011-02-13 11:06 . 2011-02-13 11:06 -------- d-----w- c:\program files\MSXML 4.0
2011-02-13 10:56 . 2009-07-31 09:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-02-13 10:56 . 2008-04-14 02:30 80896 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-02-13 10:55 . 2008-04-14 03:11 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll
2011-02-13 10:54 . 2008-04-14 03:19 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2011-02-13 10:54 . 2008-04-14 03:21 81920 ------w- c:\windows\system32\ieencode.dll
2011-02-13 10:54 . 2006-12-28 19:01 19569 ----a-w- c:\windows\003250_.tmp
2011-02-13 10:46 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-02-13 10:45 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2011-02-13 10:45 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-02-13 10:45 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-02-13 10:45 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-02-13 10:44 . 2010-08-27 08:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-02-13 10:44 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-02-13 10:43 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-02-13 10:43 . 2010-12-09 15:14 2194944 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-02-13 10:43 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-02-13 10:43 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2011-02-13 10:43 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-02-13 10:43 . 2010-12-20 17:25 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2011-02-13 10:43 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-02-13 10:43 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-02-13 10:43 . 2010-12-09 15:15 713216 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-02-13 10:43 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-02-13 10:43 . 2010-12-09 15:14 2150912 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-02-13 10:43 . 2010-12-09 15:14 2029056 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-02-13 10:41 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-02-13 10:41 . 2010-12-20 23:52 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-02-13 10:41 . 2010-12-20 23:52 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-02-13 10:41 . 2010-12-20 23:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-13 10:41 . 2010-12-20 23:52 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-13 10:41 . 2010-12-20 23:52 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-13 10:41 . 2010-12-20 23:52 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-02-13 10:41 . 2010-12-20 10:52 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-02-13 10:40 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-02-13 10:35 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-02-12 19:20 . 2011-02-12 19:20 -------- d-----w- c:\documents and settings\Dolda\Local Settings\Data aplikací\Downloaded Installations
2011-02-12 19:16 . 2011-02-13 16:41 -------- d-----w- c:\program files\MSI
2011-02-12 16:46 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2011-02-12 16:46 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2011-02-12 16:46 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2011-02-12 16:45 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2011-02-11 17:43 . 2008-04-14 03:19 15872 -c--a-w- c:\windows\system32\dllcache\padrs404.dll
2011-02-11 17:42 . 2008-04-14 03:17 81976 -c--a-w- c:\windows\system32\dllcache\imjpdct.dll
2011-02-11 17:41 . 2008-04-14 03:08 97792 -c--a-w- c:\windows\system32\dllcache\chtmbx.dll
2011-02-11 17:15 . 1980-01-01 00:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-02-11 17:15 . 1980-01-01 00:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-02-11 17:04 . 2011-02-11 17:04 5280 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-02-11 16:53 . 2008-04-14 03:21 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
2011-02-11 16:52 . 2008-04-14 03:22 20480 ----a-w- c:\program files\Internet Explorer\Connection Wizard\inetwiz.exe
2011-02-11 16:52 . 2008-04-14 03:22 86016 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn2.exe
2011-02-11 16:52 . 2008-04-14 03:22 215552 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
2011-02-11 16:26 . 2003-07-02 03:42 27904 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS
2011-02-11 15:58 . 2004-08-03 21:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2011-02-11 15:50 . 1980-01-01 00:00 9090 ----a-r- c:\windows\SETE5.tmp
2011-02-11 14:43 . 2011-02-11 14:43 -------- dc----w- C:\$WIN_NT$.~BT
2011-02-11 14:38 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-11 14:38 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-11 14:38 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-11 14:38 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-11 14:38 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-11 14:38 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-11 14:38 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-11 14:37 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-11 14:37 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-11 14:37 . 2011-02-11 14:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-01-21 14:44 . 2011-01-21 14:44 440320 -c----w- c:\windows\system32\dllcache\shimgvw.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 1980-01-01 00:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 1980-01-01 00:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 1980-01-01 00:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 1980-01-01 00:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 1980-01-01 00:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 1980-01-01 00:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 1980-01-01 00:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 1980-01-01 00:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 1980-01-01 00:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 1980-01-01 00:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 1980-01-01 00:00 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 1980-01-01 00:00 2071552 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 1980-01-01 00:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-18 18:15 . 2008-07-31 21:51 81920 ----a-w- c:\windows\system32\isign32.dll
2010-04-12 12:41 . 2010-04-12 12:40 728858 ----a-w- c:\program files\Common Files\unins000.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-18 39408]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Dolda^Nabídka Start^Programy^Po spuštění^Registrace .lnk]
path=c:\documents and settings\Dolda\Nabídka Start\Programy\Po spuštění\Registrace .lnk
backup=c:\windows\pss\Registrace .lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
c:\documents and settings\Dolda\skt.exe \u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool]
2010-03-06 15:46 286720 ----a-w- c:\program files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.0\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 13:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD]
2007-09-06 21:49 1004840 ----a-w- c:\program files\CyberLink\PowerDVD\PowerDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-03-30 12:34 25263144 ----a-w- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-18 14:18 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"O&O Defrag"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate1ca07b2faf6ca72"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7235:TCP"= 7235:TCP:doounus
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11.2.2011 15:38 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.2.2011 15:38 17744]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [17.10.2008 15:18 246520]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.8.2008 12:46 691696]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [10.5.2010 10:44 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [10.5.2010 10:44 25912]
S3 MsibiosDevice;MsibiosDevice;\??\c:\program files\MSI\Live Update 4\LU4\msibios.sys --> c:\program files\MSI\Live Update 4\LU4\msibios.sys [?]
S3 pwxpwmhf;pwxpwmhf;\??\c:\windows\System32\Drivers\pwxpwmhf.sys --> c:\windows\System32\Drivers\pwxpwmhf.sys [?]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys --> c:\windows\system32\drivers\vmfilter323.sys [?]
S3 ZSMC326;Vimicro USB2.0 PC Camera(VC0323);c:\windows\system32\Drivers\usbvm323.sys --> c:\windows\system32\Drivers\usbvm323.sys [?]
S4 gupdate1ca07b2faf6ca72;Služba Google Update (gupdate1ca07b2faf6ca72);c:\program files\Google\Update\GoogleUpdate.exe [18.7.2009 15:21 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 14:20]
2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 14:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-14 20:45
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet049\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="81F37352C122B3DE9CC6F4A2FCE80D1BA5B7B674BF7D1490891514ECF421153AB3FB80B7FA811E25F1BDEBDE2FA44585FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6171C11EC38DE3DC038D530D6EB34520626215BB447CF5139C09FBF176A97AE978AD2CC744C6644B948AEE107B9E17B44F8070D0853BBF73E38716236FCF6AB48247EDA2C4E070A9E653CC40F19C03AE1B708CE008290EABF8939916AA787A0DDAC8CB697543CAC1F11F2299DCBF41FAC189ED88F19A1D4E1EEEA0F0C7FAA916F7D0ECD94E59129E667A1C0366755BC861974C7FD60B203D8652F81481E3423A736486DD48E879EB8C6CB27AE082F4E6479EA1F6824006971AE63F120216822C437364BDDD910D16752A6D6B3CDC52F4FBC9241BD36B71B874E97CFE82B84FC1C28837D095E1529DAF11D2FC1DCCA5F64ADB579C26979D20F0F106D4A60364593F113FE84AF73328FCF4EF62DDB6A86D5D44F748D98DDEF8DFDC50141EB223427C3F93052EA781B965B8BD59C77C0EBE7060E450C1E6E731E6B65A520FADD23E58F815448AC6AB913C85DD78ADDDC7C73D1D5DEFB5CA7026E6D4FD889BEF491F28B27138F980104BE8D7BEC45C346C86793BD9C7238FCE7BFDB96FDF66DE6A186309C7627D46697E4E4D66A71607486C465923AD698D391E9550659B5BF251BE93FC76F5F0D3D33654F118883EFD58E1FA7D2DA64EB878FD6B99998E57419687DB64250DE6E97BBB58F81E247B2495D217F3283AC21649A84AE00C7FC4C1B98356059529F2D7FB7DD2C30FB5B6A26938854979B11ADAC8B859E205A430EFC5E18440D0EED7FEE5479715E35B2DF3576A5D2A0F2CA8B97DF7FB41125D5027F12C0B01584ED1FD6E0B8EC7ED8945E3270DC6A9A3A65B54DB92E63A06425765A2C5E385B1A93CB9A5160F2B4939A36CE8B2A4F8A8640AC6EDEDDDECDB5753E39CCB5B17A93294793BDC89A5D7434B92F7A987A27D110F50A3AF121CD1C612DBAB79CB5461F4CD80D615EBE0871A442ED124A28DB78DB9AA857DF6609FCD39D71D17EA3C4C9EFCA471EA17DF3E081AA974A745748BC7F26C2E934B01D230E6DE5285B1D2D09D7EBF475253D9A8137522CC1604CC0C3AA2AC6C80AC4D83EA5FD11E8C488EEB3200FBF1092A026F2829C2238EA104C18E1BA976B162CC25E03B4E265E38F2A03348AC3BA2617F2B7F7F2E19185EEA625FC708A711E34907BE1FB3F967421B699573A8FE3B04D163B7DBEC758B577BD3DA5E7E89BFBEC317054417C17C36F9BF81FFAA8219536D4C74E7125B915003716DDC2F1511E2D4579BFF564A4356F9789743086A9CC8A2A0F78FD4005509F6A487825571B060C1F3BD910B72342DC1C9596C094D764C444A460DAD030"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(636)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Celkový čas: 2011-02-14 20:50:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-14 19:50
ComboFix2.txt 2011-02-14 19:06
Před spuštěním: 1 647 140 864
Po spuštění: 1 653 555 200
- - End Of File - - E78E2E68E7FB22343398BB2CC4E82AB8
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu,moc děkuji.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu,moc děkuji.
Tak snad naposledy. Spusťte CF tímto skriptem:
Collect::
c:\windows\System32\Drivers\pwxpwmhf.sys
Driver::
pwxpwmhf
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu,moc děkuji.
Tak snad poslední a moc děkuji.
ComboFix 11-02-13.04 - Dolda 14.02.2011 21:03:56.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.276 [GMT 1:00]
Spuštěný z: c:\documents and settings\Dolda\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Dolda\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PWXPWMHF
-------\Service_pwxpwmhf
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-14 do 2011-02-14 )))))))))))))))))))))))))))))))
.
2011-02-14 18:32 . 2005-06-06 16:51 11264 ----a-w- c:\windows\system32\drivers\vulfntr.sys
2011-02-14 18:32 . 2005-01-05 17:02 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys
2011-02-14 18:32 . 2003-10-03 15:28 45056 ----a-w- c:\windows\system32\vusetup.dll
2011-02-14 18:32 . 1998-11-13 11:58 307200 ----a-w- c:\windows\IsUn0405.exe
2011-02-13 19:20 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-02-13 19:20 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-02-13 19:19 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-02-13 19:19 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-02-13 19:14 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-02-13 16:46 . 2011-02-13 17:32 -------- d-----w- c:\program files\Trend Micro
2011-02-13 13:27 . 2011-02-13 13:27 -------- d-----w- c:\documents and settings\LocalService\Plocha
2011-02-13 13:26 . 2011-02-13 13:26 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-02-13 11:15 . 2011-02-13 19:40 -------- d-----w- c:\windows\ie8updates
2011-02-13 11:06 . 2011-02-13 11:06 -------- d-----w- c:\program files\MSXML 4.0
2011-02-13 10:56 . 2009-07-31 09:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-02-13 10:56 . 2008-04-14 02:30 80896 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-02-13 10:55 . 2008-04-14 03:11 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll
2011-02-13 10:54 . 2008-04-14 03:19 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2011-02-13 10:54 . 2008-04-14 03:21 81920 ------w- c:\windows\system32\ieencode.dll
2011-02-13 10:54 . 2006-12-28 19:01 19569 ----a-w- c:\windows\003250_.tmp
2011-02-13 10:46 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-02-13 10:45 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2011-02-13 10:45 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-02-13 10:45 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-02-13 10:45 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-02-13 10:44 . 2010-08-27 08:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-02-13 10:44 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-02-13 10:43 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-02-13 10:43 . 2010-12-09 15:14 2194944 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-02-13 10:43 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-02-13 10:43 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2011-02-13 10:43 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-02-13 10:43 . 2010-12-20 17:25 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2011-02-13 10:43 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-02-13 10:43 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-02-13 10:43 . 2010-12-09 15:15 713216 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-02-13 10:43 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-02-13 10:43 . 2010-12-09 15:14 2150912 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-02-13 10:43 . 2010-12-09 15:14 2029056 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-02-13 10:41 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-02-13 10:41 . 2010-12-20 23:52 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-02-13 10:41 . 2010-12-20 23:52 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-02-13 10:41 . 2010-12-20 23:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-13 10:41 . 2010-12-20 23:52 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-13 10:41 . 2010-12-20 23:52 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-13 10:41 . 2010-12-20 23:52 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-02-13 10:41 . 2010-12-20 10:52 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-02-13 10:40 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-02-13 10:35 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-02-12 19:20 . 2011-02-12 19:20 -------- d-----w- c:\documents and settings\Dolda\Local Settings\Data aplikací\Downloaded Installations
2011-02-12 19:16 . 2011-02-13 16:41 -------- d-----w- c:\program files\MSI
2011-02-12 16:46 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2011-02-12 16:46 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2011-02-12 16:46 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2011-02-12 16:45 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2011-02-11 17:43 . 2008-04-14 03:19 15872 -c--a-w- c:\windows\system32\dllcache\padrs404.dll
2011-02-11 17:42 . 2008-04-14 03:17 81976 -c--a-w- c:\windows\system32\dllcache\imjpdct.dll
2011-02-11 17:41 . 2008-04-14 03:08 97792 -c--a-w- c:\windows\system32\dllcache\chtmbx.dll
2011-02-11 17:15 . 1980-01-01 00:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-02-11 17:15 . 1980-01-01 00:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-02-11 17:04 . 2011-02-11 17:04 5280 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-02-11 16:53 . 2008-04-14 03:21 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
2011-02-11 16:52 . 2008-04-14 03:22 20480 ----a-w- c:\program files\Internet Explorer\Connection Wizard\inetwiz.exe
2011-02-11 16:52 . 2008-04-14 03:22 86016 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn2.exe
2011-02-11 16:52 . 2008-04-14 03:22 215552 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
2011-02-11 16:26 . 2003-07-02 03:42 27904 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS
2011-02-11 15:58 . 2004-08-03 21:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2011-02-11 15:50 . 1980-01-01 00:00 9090 ----a-r- c:\windows\SETE5.tmp
2011-02-11 14:43 . 2011-02-11 14:43 -------- dc----w- C:\$WIN_NT$.~BT
2011-02-11 14:38 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-11 14:38 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-11 14:38 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-11 14:38 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-11 14:38 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-11 14:38 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-11 14:38 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-11 14:37 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-11 14:37 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-11 14:37 . 2011-02-11 14:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-01-21 14:44 . 2011-01-21 14:44 440320 -c----w- c:\windows\system32\dllcache\shimgvw.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 1980-01-01 00:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 1980-01-01 00:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 1980-01-01 00:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 1980-01-01 00:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 1980-01-01 00:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 1980-01-01 00:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 1980-01-01 00:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 1980-01-01 00:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 1980-01-01 00:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 1980-01-01 00:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 1980-01-01 00:00 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 1980-01-01 00:00 2071552 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 1980-01-01 00:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-18 18:15 . 2008-07-31 21:51 81920 ----a-w- c:\windows\system32\isign32.dll
2010-04-12 12:41 . 2010-04-12 12:40 728858 ----a-w- c:\program files\Common Files\unins000.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-18 39408]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Dolda^Nabídka Start^Programy^Po spuštění^Registrace .lnk]
path=c:\documents and settings\Dolda\Nabídka Start\Programy\Po spuštění\Registrace .lnk
backup=c:\windows\pss\Registrace .lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
c:\documents and settings\Dolda\skt.exe \u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool]
2010-03-06 15:46 286720 ----a-w- c:\program files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.0\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 13:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD]
2007-09-06 21:49 1004840 ----a-w- c:\program files\CyberLink\PowerDVD\PowerDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-03-30 12:34 25263144 ----a-w- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-18 14:18 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"O&O Defrag"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate1ca07b2faf6ca72"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7235:TCP"= 7235:TCP:doounus
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11.2.2011 15:38 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.2.2011 15:38 17744]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [17.10.2008 15:18 246520]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.8.2008 12:46 691696]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [10.5.2010 10:44 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [10.5.2010 10:44 25912]
S3 MsibiosDevice;MsibiosDevice;\??\c:\program files\MSI\Live Update 4\LU4\msibios.sys --> c:\program files\MSI\Live Update 4\LU4\msibios.sys [?]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys --> c:\windows\system32\drivers\vmfilter323.sys [?]
S3 ZSMC326;Vimicro USB2.0 PC Camera(VC0323);c:\windows\system32\Drivers\usbvm323.sys --> c:\windows\system32\Drivers\usbvm323.sys [?]
S4 gupdate1ca07b2faf6ca72;Služba Google Update (gupdate1ca07b2faf6ca72);c:\program files\Google\Update\GoogleUpdate.exe [18.7.2009 15:21 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 14:20]
2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 14:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-14 21:13
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet049\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="81F37352C122B3DE9CC6F4A2FCE80D1BA5B7B674BF7D1490891514ECF421153AB3FB80B7FA811E25F1BDEBDE2FA44585FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6171C11EC38DE3DC038D530D6EB34520626215BB447CF5139C09FBF176A97AE978AD2CC744C6644B948AEE107B9E17B44F8070D0853BBF73E38716236FCF6AB48247EDA2C4E070A9E653CC40F19C03AE1B708CE008290EABF8939916AA787A0DDAC8CB697543CAC1F11F2299DCBF41FAC189ED88F19A1D4E1EEEA0F0C7FAA916F7D0ECD94E59129E667A1C0366755BC861974C7FD60B203D8652F81481E3423A736486DD48E879EB8C6CB27AE082F4E6479EA1F6824006971AE63F120216822C437364BDDD910D16752A6D6B3CDC52F4FBC9241BD36B71B874E97CFE82B84FC1C28837D095E1529DAF11D2FC1DCCA5F64ADB579C26979D20F0F106D4A60364593F113FE84AF73328FCF4EF62DDB6A86D5D44F748D98DDEF8DFDC50141EB223427C3F93052EA781B965B8BD59C77C0EBE7060E450C1E6E731E6B65A520FADD23E58F815448AC6AB913C85DD78ADDDC7C73D1D5DEFB5CA7026E6D4FD889BEF491F28B27138F980104BE8D7BEC45C346C86793BD9C7238FCE7BFDB96FDF66DE6A186309C7627D46697E4E4D66A71607486C465923AD698D391E9550659B5BF251BE93FC76F5F0D3D33654F118883EFD58E1FA7D2DA64EB878FD6B99998E57419687DB64250DE6E97BBB58F81E247B2495D217F3283AC21649A84AE00C7FC4C1B98356059529F2D7FB7DD2C30FB5B6A26938854979B11ADAC8B859E205A430EFC5E18440D0EED7FEE5479715E35B2DF3576A5D2A0F2CA8B97DF7FB41125D5027F12C0B01584ED1FD6E0B8EC7ED8945E3270DC6A9A3A65B54DB92E63A06425765A2C5E385B1A93CB9A5160F2B4939A36CE8B2A4F8A8640AC6EDEDDDECDB5753E39CCB5B17A93294793BDC89A5D7434B92F7A987A27D110F50A3AF121CD1C612DBAB79CB5461F4CD80D615EBE0871A442ED124A28DB78DB9AA857DF6609FCD39D71D17EA3C4C9EFCA471EA17DF3E081AA974A745748BC7F26C2E934B01D230E6DE5285B1D2D09D7EBF475253D9A8137522CC1604CC0C3AA2AC6C80AC4D83EA5FD11E8C488EEB3200FBF1092A026F2829C2238EA104C18E1BA976B162CC25E03B4E265E38F2A03348AC3BA2617F2B7F7F2E19185EEA625FC708A711E34907BE1FB3F967421B699573A8FE3B04D163B7DBEC758B577BD3DA5E7E89BFBEC317054417C17C36F9BF81FFAA8219536D4C74E7125B915003716DDC2F1511E2D4579BFF564A4356F9789743086A9CC8A2A0F78FD4005509F6A487825571B060C1F3BD910B72342DC1C9596C094D764C444A460DAD030"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(4028)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Celkový čas: 2011-02-14 21:19:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-14 20:19
ComboFix2.txt 2011-02-14 19:50
ComboFix3.txt 2011-02-14 19:06
Před spuštěním: 1 645 957 120
Po spuštění: 1 598 136 320
- - End Of File - - 67535C534AC34FB1AFE050DCA6873DDC
ComboFix 11-02-13.04 - Dolda 14.02.2011 21:03:56.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.276 [GMT 1:00]
Spuštěný z: c:\documents and settings\Dolda\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Dolda\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PWXPWMHF
-------\Service_pwxpwmhf
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-14 do 2011-02-14 )))))))))))))))))))))))))))))))
.
2011-02-14 18:32 . 2005-06-06 16:51 11264 ----a-w- c:\windows\system32\drivers\vulfntr.sys
2011-02-14 18:32 . 2005-01-05 17:02 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys
2011-02-14 18:32 . 2003-10-03 15:28 45056 ----a-w- c:\windows\system32\vusetup.dll
2011-02-14 18:32 . 1998-11-13 11:58 307200 ----a-w- c:\windows\IsUn0405.exe
2011-02-13 19:20 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-02-13 19:20 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-02-13 19:19 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-02-13 19:19 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-02-13 19:14 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-02-13 16:46 . 2011-02-13 17:32 -------- d-----w- c:\program files\Trend Micro
2011-02-13 13:27 . 2011-02-13 13:27 -------- d-----w- c:\documents and settings\LocalService\Plocha
2011-02-13 13:26 . 2011-02-13 13:26 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-02-13 11:15 . 2011-02-13 19:40 -------- d-----w- c:\windows\ie8updates
2011-02-13 11:06 . 2011-02-13 11:06 -------- d-----w- c:\program files\MSXML 4.0
2011-02-13 10:56 . 2009-07-31 09:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-02-13 10:56 . 2008-04-14 02:30 80896 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-02-13 10:55 . 2008-04-14 03:11 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll
2011-02-13 10:54 . 2008-04-14 03:19 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2011-02-13 10:54 . 2008-04-14 03:21 81920 ------w- c:\windows\system32\ieencode.dll
2011-02-13 10:54 . 2006-12-28 19:01 19569 ----a-w- c:\windows\003250_.tmp
2011-02-13 10:46 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-02-13 10:45 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2011-02-13 10:45 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-02-13 10:45 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-02-13 10:45 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-02-13 10:44 . 2010-08-27 08:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-02-13 10:44 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-02-13 10:43 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-02-13 10:43 . 2010-12-09 15:14 2194944 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-02-13 10:43 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-02-13 10:43 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2011-02-13 10:43 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-02-13 10:43 . 2010-12-20 17:25 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2011-02-13 10:43 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-02-13 10:43 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-02-13 10:43 . 2010-12-09 15:15 713216 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-02-13 10:43 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-02-13 10:43 . 2010-12-09 15:14 2150912 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-02-13 10:43 . 2010-12-09 15:14 2029056 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-02-13 10:41 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-02-13 10:41 . 2010-12-20 23:52 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-02-13 10:41 . 2010-12-20 23:52 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-02-13 10:41 . 2010-12-20 23:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-13 10:41 . 2010-12-20 23:52 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-13 10:41 . 2010-12-20 23:52 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-13 10:41 . 2010-12-20 23:52 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-02-13 10:41 . 2010-12-20 10:52 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-02-13 10:40 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-02-13 10:35 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-02-12 19:20 . 2011-02-12 19:20 -------- d-----w- c:\documents and settings\Dolda\Local Settings\Data aplikací\Downloaded Installations
2011-02-12 19:16 . 2011-02-13 16:41 -------- d-----w- c:\program files\MSI
2011-02-12 16:46 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2011-02-12 16:46 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2011-02-12 16:46 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2011-02-12 16:45 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2011-02-11 17:43 . 2008-04-14 03:19 15872 -c--a-w- c:\windows\system32\dllcache\padrs404.dll
2011-02-11 17:42 . 2008-04-14 03:17 81976 -c--a-w- c:\windows\system32\dllcache\imjpdct.dll
2011-02-11 17:41 . 2008-04-14 03:08 97792 -c--a-w- c:\windows\system32\dllcache\chtmbx.dll
2011-02-11 17:15 . 1980-01-01 00:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-02-11 17:15 . 1980-01-01 00:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-02-11 17:04 . 2011-02-11 17:04 5280 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-02-11 16:53 . 2008-04-14 03:21 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
2011-02-11 16:52 . 2008-04-14 03:22 20480 ----a-w- c:\program files\Internet Explorer\Connection Wizard\inetwiz.exe
2011-02-11 16:52 . 2008-04-14 03:22 86016 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn2.exe
2011-02-11 16:52 . 2008-04-14 03:22 215552 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
2011-02-11 16:26 . 2003-07-02 03:42 27904 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS
2011-02-11 15:58 . 2004-08-03 21:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2011-02-11 15:50 . 1980-01-01 00:00 9090 ----a-r- c:\windows\SETE5.tmp
2011-02-11 14:43 . 2011-02-11 14:43 -------- dc----w- C:\$WIN_NT$.~BT
2011-02-11 14:38 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-11 14:38 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-11 14:38 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-11 14:38 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-11 14:38 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-11 14:38 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-11 14:38 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-11 14:37 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-11 14:37 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-11 14:37 . 2011-02-11 14:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-01-21 14:44 . 2011-01-21 14:44 440320 -c----w- c:\windows\system32\dllcache\shimgvw.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 1980-01-01 00:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 1980-01-01 00:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 1980-01-01 00:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 1980-01-01 00:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 1980-01-01 00:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 1980-01-01 00:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 1980-01-01 00:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 1980-01-01 00:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 1980-01-01 00:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 1980-01-01 00:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 1980-01-01 00:00 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 1980-01-01 00:00 2071552 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 1980-01-01 00:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-18 18:15 . 2008-07-31 21:51 81920 ----a-w- c:\windows\system32\isign32.dll
2010-04-12 12:41 . 2010-04-12 12:40 728858 ----a-w- c:\program files\Common Files\unins000.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-18 39408]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Dolda^Nabídka Start^Programy^Po spuštění^Registrace .lnk]
path=c:\documents and settings\Dolda\Nabídka Start\Programy\Po spuštění\Registrace .lnk
backup=c:\windows\pss\Registrace .lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
c:\documents and settings\Dolda\skt.exe \u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool]
2010-03-06 15:46 286720 ----a-w- c:\program files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.0\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 13:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD]
2007-09-06 21:49 1004840 ----a-w- c:\program files\CyberLink\PowerDVD\PowerDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-03-30 12:34 25263144 ----a-w- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-18 14:18 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"O&O Defrag"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate1ca07b2faf6ca72"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7235:TCP"= 7235:TCP:doounus
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11.2.2011 15:38 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.2.2011 15:38 17744]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [17.10.2008 15:18 246520]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.8.2008 12:46 691696]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [10.5.2010 10:44 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [10.5.2010 10:44 25912]
S3 MsibiosDevice;MsibiosDevice;\??\c:\program files\MSI\Live Update 4\LU4\msibios.sys --> c:\program files\MSI\Live Update 4\LU4\msibios.sys [?]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys --> c:\windows\system32\drivers\vmfilter323.sys [?]
S3 ZSMC326;Vimicro USB2.0 PC Camera(VC0323);c:\windows\system32\Drivers\usbvm323.sys --> c:\windows\system32\Drivers\usbvm323.sys [?]
S4 gupdate1ca07b2faf6ca72;Služba Google Update (gupdate1ca07b2faf6ca72);c:\program files\Google\Update\GoogleUpdate.exe [18.7.2009 15:21 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 14:20]
2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 14:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-14 21:13
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet049\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="81F37352C122B3DE9CC6F4A2FCE80D1BA5B7B674BF7D1490891514ECF421153AB3FB80B7FA811E25F1BDEBDE2FA44585FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6171C11EC38DE3DC038D530D6EB34520626215BB447CF5139C09FBF176A97AE978AD2CC744C6644B948AEE107B9E17B44F8070D0853BBF73E38716236FCF6AB48247EDA2C4E070A9E653CC40F19C03AE1B708CE008290EABF8939916AA787A0DDAC8CB697543CAC1F11F2299DCBF41FAC189ED88F19A1D4E1EEEA0F0C7FAA916F7D0ECD94E59129E667A1C0366755BC861974C7FD60B203D8652F81481E3423A736486DD48E879EB8C6CB27AE082F4E6479EA1F6824006971AE63F120216822C437364BDDD910D16752A6D6B3CDC52F4FBC9241BD36B71B874E97CFE82B84FC1C28837D095E1529DAF11D2FC1DCCA5F64ADB579C26979D20F0F106D4A60364593F113FE84AF73328FCF4EF62DDB6A86D5D44F748D98DDEF8DFDC50141EB223427C3F93052EA781B965B8BD59C77C0EBE7060E450C1E6E731E6B65A520FADD23E58F815448AC6AB913C85DD78ADDDC7C73D1D5DEFB5CA7026E6D4FD889BEF491F28B27138F980104BE8D7BEC45C346C86793BD9C7238FCE7BFDB96FDF66DE6A186309C7627D46697E4E4D66A71607486C465923AD698D391E9550659B5BF251BE93FC76F5F0D3D33654F118883EFD58E1FA7D2DA64EB878FD6B99998E57419687DB64250DE6E97BBB58F81E247B2495D217F3283AC21649A84AE00C7FC4C1B98356059529F2D7FB7DD2C30FB5B6A26938854979B11ADAC8B859E205A430EFC5E18440D0EED7FEE5479715E35B2DF3576A5D2A0F2CA8B97DF7FB41125D5027F12C0B01584ED1FD6E0B8EC7ED8945E3270DC6A9A3A65B54DB92E63A06425765A2C5E385B1A93CB9A5160F2B4939A36CE8B2A4F8A8640AC6EDEDDDECDB5753E39CCB5B17A93294793BDC89A5D7434B92F7A987A27D110F50A3AF121CD1C612DBAB79CB5461F4CD80D615EBE0871A442ED124A28DB78DB9AA857DF6609FCD39D71D17EA3C4C9EFCA471EA17DF3E081AA974A745748BC7F26C2E934B01D230E6DE5285B1D2D09D7EBF475253D9A8137522CC1604CC0C3AA2AC6C80AC4D83EA5FD11E8C488EEB3200FBF1092A026F2829C2238EA104C18E1BA976B162CC25E03B4E265E38F2A03348AC3BA2617F2B7F7F2E19185EEA625FC708A711E34907BE1FB3F967421B699573A8FE3B04D163B7DBEC758B577BD3DA5E7E89BFBEC317054417C17C36F9BF81FFAA8219536D4C74E7125B915003716DDC2F1511E2D4579BFF564A4356F9789743086A9CC8A2A0F78FD4005509F6A487825571B060C1F3BD910B72342DC1C9596C094D764C444A460DAD030"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(4028)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Celkový čas: 2011-02-14 21:19:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-14 20:19
ComboFix2.txt 2011-02-14 19:50
ComboFix3.txt 2011-02-14 19:06
Před spuštěním: 1 645 957 120
Po spuštění: 1 598 136 320
- - End Of File - - 67535C534AC34FB1AFE050DCA6873DDC
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu,moc děkuji.
Už je to OK, log vypadá čistý. PC se chová korketně?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu,moc děkuji.
ještě jednou moc děkuji
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu,moc děkuji.
Rádo se stalo!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?