upc mi píše, že rozesílám viry, ale na nic nemohu přijít. Ve zprávě od UPC je: BOTS srcport 35822 mwtype Torpig destaddr 91.20.213.146 Prosím o kontrolu logu. Díky
Logfile of random's system information tool 1.08 (written by random/random)
Run by Freedom at 2011-04-18 08:53:36
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 17 GB (15%) free of 114 GB
Total RAM: 1535 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:53:39, on 18.4.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Freedom\Local Settings\Temporary Internet Files\Content.IE5\Z90HSEET\RSIT[1].exe
C:\Program Files\trend micro\Freedom.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=66019
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66019
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66019
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss ... ffID=17981
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66019
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Softonic Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Freedom\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 9508 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-299502267-725345543-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-299502267-725345543-1004UA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{9C9277A5-6345-4FB8-B911-79BF24F76D5D}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2011-04-05 1232520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-03-02 298160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll [2011-03-02 848952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Softonic Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-02-01 1487240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\ctbr.dll [2011-04-05 1232520]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-03-02 298160]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Softonic Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-02-01 1487240]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-06-18 67584]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-03 339968]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-11-18 2219184]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288]
"tsnp2std"=C:\WINDOWS\tsnp2std.exe [2005-11-24 106496]
"snp2std"=C:\WINDOWS\vsnp2std.exe [2005-11-23 344064]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-07-10 2957824]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-01-03 15028104]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-11-16 39408]
"Google Update"=C:\Documents and Settings\Freedom\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-01-14 136176]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-03 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Freedom\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Freedom\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2011-04-15 12:23:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2011-04-15 12:22:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2506223$
2011-04-15 12:21:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2412687$
2011-04-15 12:18:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2508272$
2011-04-15 12:18:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2503658$
2011-04-15 12:17:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2507618$
2011-04-15 12:17:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2011-04-15 12:17:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2511455$
2011-04-15 12:16:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2011-04-15 12:14:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2011-04-13 20:27:10 ----DC---- C:\Program Files\Ask.com
2011-04-13 20:21:59 ----DC---- C:\Program Files\BabylonToolbar
2011-04-13 20:15:16 ----DC---- C:\Video Hardware Drivers
2011-04-13 20:15:15 ----DC---- C:\Script Menu
2011-04-13 20:11:36 ----DC---- C:\WINDOWS\Video Hardware Drivers
2011-04-13 20:11:33 ----DC---- C:\WINDOWS\Script Menu
2011-04-11 21:13:02 ----DC---- C:\Documents and Settings\Freedom\Data aplikací\vlc
2011-04-08 18:26:20 ----DC---- C:\rsit
2011-04-08 18:26:20 ----DC---- C:\Program Files\trend micro
2011-04-08 09:48:16 ----AC---- C:\WINDOWS\ScanSpyware.INI
2011-04-08 08:24:54 ----DC---- C:\Documents and Settings\Freedom\Data aplikací\ScanSpyware
2011-04-08 08:24:54 ----AC---- C:\WINDOWS\system32\ssbtsr.exe
2011-04-08 08:24:53 ----DC---- C:\Program Files\ScanSpyware
2011-04-07 20:01:27 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2011-04-07 19:01:33 ----DC---- C:\Documents and Settings\Freedom\Data aplikací\Malwarebytes
2011-04-07 19:01:16 ----AC---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-04-07 19:01:15 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2011-04-07 19:01:09 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware
2011-04-07 19:01:09 ----AC---- C:\WINDOWS\system32\drivers\mbam.sys
2011-04-07 18:11:47 ----ASH---- C:\hiberfil.sys
2011-04-07 08:12:38 ----AC---- C:\WINDOWS\ntbtlog.txt
2011-04-06 19:30:03 ----AC---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011-04-06 19:30:02 ----DC---- C:\Documents and Settings\Freedom\Data aplikací\Spyware Terminator
2011-04-06 19:30:02 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spyware Terminator
2011-04-01 10:32:45 ----AC---- C:\WINDOWS\system32\javaws.exe
2011-04-01 10:32:45 ----AC---- C:\WINDOWS\system32\javaw.exe
2011-04-01 10:32:45 ----AC---- C:\WINDOWS\system32\java.exe
2011-03-30 14:54:54 ----AC---- C:\WINDOWS\system32\lsdelete.exe
2011-03-30 11:57:16 ----AC---- C:\WINDOWS\system32\drivers\Lbd.sys
2011-03-30 11:40:18 ----HDC---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\{48F52499-ADE3-4774-9621-FB173785947D}
2011-03-30 11:39:50 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Lavasoft
2011-03-24 17:23:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2524375$
======List of files/folders modified in the last 1 months======
2011-04-18 08:53:39 ----DC---- C:\WINDOWS\Prefetch
2011-04-18 08:53:36 ----DC---- C:\WINDOWS\Temp
2011-04-18 08:29:17 ----DC---- C:\Documents and Settings\Freedom\Data aplikací\Skype
2011-04-18 08:16:07 ----SDC---- C:\WINDOWS\Tasks
2011-04-18 08:12:34 ----DC---- C:\WINDOWS\system32\drivers
2011-04-17 22:55:24 ----AC---- C:\WINDOWS\SchedLgU.Txt
2011-04-17 21:12:19 ----DC---- C:\WINDOWS\system32\CatRoot2
2011-04-17 19:01:13 ----SHDC---- C:\WINDOWS\Installer
2011-04-17 19:01:09 ----SHDC---- C:\Config.Msi
2011-04-17 19:00:34 ----DC---- C:\WINDOWS\Microsoft.NET
2011-04-17 19:00:30 ----RSDC---- C:\WINDOWS\assembly
2011-04-17 18:53:33 ----DC---- C:\Documents and Settings\Freedom\Data aplikací\skypePM
2011-04-16 12:31:25 ----DC---- C:\WINDOWS\system32
2011-04-16 12:26:12 ----DC---- C:\WINDOWS
2011-04-15 12:24:07 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft Help
2011-04-15 12:23:11 ----HDC---- C:\WINDOWS\inf
2011-04-15 12:23:07 ----HDC---- C:\WINDOWS\$hf_mig$
2011-04-15 12:23:04 ----AC---- C:\WINDOWS\imsins.BAK
2011-04-15 12:23:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-04-15 12:22:24 ----DC---- C:\Program Files\Internet Explorer
2011-04-15 12:21:46 ----DC---- C:\WINDOWS\WinSxS
2011-04-15 12:21:25 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-04-15 12:15:15 ----AC---- C:\WINDOWS\system32\MRT.exe
2011-04-13 20:27:10 ----RADC---- C:\Program Files
2011-04-13 20:21:50 ----DC---- C:\Documents and Settings\Freedom\Data aplikací\Sony
2011-04-13 20:17:06 ----DC---- C:\Alien Arena 2008
2011-04-08 22:15:47 ----DC---- C:\Program Files\Common Files
2011-04-08 22:04:49 ----DC---- C:\Program Files\VDOWNLOADER
2011-04-07 20:05:04 ----DC---- C:\Program Files\Spybot - Search & Destroy
2011-04-07 18:33:50 ----DC---- C:\Program Files\Spyware Terminator
2011-04-07 11:39:49 ----SHDC---- C:\RECYCLER
2011-04-07 08:13:17 ----DC---- C:\Documents and Settings
2011-04-06 19:36:28 ----DC---- C:\Program Files\Crawler
2011-04-01 20:39:33 ----SDC---- C:\WINDOWS\Downloaded Program Files
2011-04-01 20:39:30 ----DC---- C:\Program Files\ESET
2011-04-01 10:32:41 ----DC---- C:\Program Files\Java
2011-03-30 11:57:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-03-27 11:48:44 ----SDC---- C:\Documents and Settings\Freedom\Data aplikací\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-13 46464]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2011-03-30 64288]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2003-11-07 35328]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-08-03 95896]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-06-21 626204]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-03 768512]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-04-13 70144]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-12-23 10219136]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 xcpip;Ovladač protokolu TCP/IP; C:\WINDOWS\system32\drivers\xcpip.sys []
R3 xpsec;Ovladač IPSEC; C:\WINDOWS\system32\drivers\xpsec.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-03 389120]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-11-18 810144]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-03-30 1181328]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-07-10 1097216]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-03 516096]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-11-18 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-01-14 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
nevím si rady
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: nevím si rady
odinstaluj ASK Toolbar + vsetky antiSpy >> Terminator, SpyBot, Ad-aware
potom:
stiahni a uloz na plochu ComboFix
potom spust pod uctom s administratorskym opravnenim
akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie
Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.
po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)
potom:
stiahni a uloz na plochu ComboFix
potom spust pod uctom s administratorskym opravnenim
akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie
Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.
po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: nevím si rady
tak tady je ten scan
ComboFix 11-04-17.02 - Freedom 18.04.2011 11:09:31.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1535.946 [GMT 2:00]
Spuštěný z: c:\documents and settings\Freedom\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Freedom\WINDOWS
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\system32\_000125_.tmp.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-18 do 2011-04-18 )))))))))))))))))))))))))))))))
.
.
2011-04-18 07:28 . 2011-04-18 08:20 -------- dc----w- c:\documents and settings\Freedom\Data aplikací\Sammsoft
2011-04-17 16:52 . 2011-04-17 16:53 -------- dc----w- c:\documents and settings\NetworkService.NT AUTHORITY.002\Local Settings\Data aplikací\Temp
2011-04-13 18:21 . 2011-04-13 18:21 -------- dc----w- c:\program files\BabylonToolbar
2011-04-13 18:15 . 2011-04-13 18:15 -------- dc----w- C:\Video Hardware Drivers
2011-04-13 18:15 . 2011-04-13 18:15 -------- dc----w- C:\Script Menu
2011-04-13 18:11 . 2011-04-13 18:11 -------- dc----w- c:\windows\Video Hardware Drivers
2011-04-13 18:11 . 2011-04-13 18:11 -------- dc----w- c:\windows\Script Menu
2011-04-11 19:13 . 2011-04-13 14:37 -------- dc----w- c:\documents and settings\Freedom\Data aplikací\vlc
2011-04-08 16:26 . 2011-04-18 06:53 -------- dc----w- c:\program files\trend micro
2011-04-08 16:26 . 2011-04-08 16:26 -------- dc----w- C:\rsit
2011-04-08 06:24 . 2011-04-08 06:24 -------- dc----w- c:\documents and settings\Freedom\Data aplikací\ScanSpyware
2011-04-08 06:24 . 2008-09-07 15:22 8704 -c--a-w- c:\windows\system32\ssbtsr.exe
2011-04-08 06:24 . 2011-04-08 06:24 -------- dc----w- c:\program files\ScanSpyware
2011-04-07 18:01 . 2011-04-07 19:03 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2011-04-07 17:01 . 2011-04-07 17:01 -------- dc----w- c:\documents and settings\Freedom\Data aplikací\Malwarebytes
2011-04-07 17:01 . 2010-12-20 16:09 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-07 17:01 . 2011-04-07 17:01 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2011-04-07 17:01 . 2011-04-07 17:01 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-07 17:01 . 2010-12-20 16:08 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-04-07 06:27 . 2011-04-07 06:27 -------- dc----w- c:\documents and settings\NetworkService.NT AUTHORITY.002\Plocha
2011-04-07 06:13 . 2011-04-07 06:13 -------- dc----w- c:\documents and settings\Administrator.JAKUB
2011-04-06 17:30 . 2011-04-06 17:30 138752 -c--a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-04-06 17:30 . 2011-04-07 16:33 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Spyware Terminator
2011-04-06 17:30 . 2011-04-07 16:14 -------- dc----w- c:\documents and settings\Freedom\Data aplikací\Spyware Terminator
2011-03-30 10:06 . 2011-03-30 10:06 -------- dc----w- c:\documents and settings\LocalService.NT AUTHORITY.002\Plocha
2011-03-30 09:39 . 2011-04-18 07:18 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2011-01-04 22:59 692736 -c--a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2006-03-02 12:00 420864 -c--a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2006-03-02 12:00 1857920 -c--a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2006-03-02 12:00 916480 -c--a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2006-03-02 12:00 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2006-03-02 12:00 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2006-03-02 12:00 385024 -c--a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2006-03-02 12:00 455936 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-03-02 12:00 357888 -c--a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 06:25 5632 -c--a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2006-03-02 12:00 290432 -c--a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2006-03-02 12:00 270848 -c--a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-03-02 12:00 186880 -c--a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2006-03-02 12:00 978944 -c--a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2006-03-02 12:00 974848 -c--a-w- c:\windows\system32\mfc42u.dll
2011-02-02 19:40 . 2011-01-17 16:30 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:19 . 2011-01-17 16:30 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2011-01-04 22:57 2067456 -c--a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2011-01-04 22:57 677888 -c--a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-03-02 12:00 440320 -c--a-w- c:\windows\system32\shimgvw.dll
2008-09-29 16:13 . 2008-09-29 16:13 4275456 -c--a-w- c:\program files\vidcap60.exe
2008-09-29 16:13 . 2008-09-29 16:13 820480 -c--a-w- c:\program files\sftutor60.dll
2008-09-29 16:13 . 2008-09-29 16:13 3822336 -c--a-w- c:\program files\vegasmoviestudiope90k.dll
2008-09-29 16:13 . 2008-09-29 16:13 13311744 -c--a-w- c:\program files\VegasMovieStudioPE90.exe
2008-09-29 16:13 . 2008-09-29 16:13 79104 -c--a-w- c:\program files\Sony.Vegas.Publish.dll
2008-09-29 16:13 . 2008-09-29 16:13 288000 -c--a-w- c:\program files\Sony.Vegas.dll
2008-09-29 16:13 . 2008-09-29 16:13 378112 -c--a-w- c:\program files\Sony.MediaSoftware.clrshared.dll
2008-09-29 16:13 . 2008-09-29 16:13 103680 -c--a-w- c:\program files\Sony.MediaSoftware.ExternalVideoDevice.dll
2008-09-29 16:13 . 2008-09-29 16:13 230656 -c--a-w- c:\program files\Sony.Capture.dll
2008-09-29 16:13 . 2008-09-29 16:13 1727744 -c--a-w- c:\program files\sfvstwrap.dll
2008-09-29 16:13 . 2008-09-29 16:13 1146112 -c--a-w- c:\program files\sftutor.dll
2008-09-29 16:13 . 2008-09-29 16:13 1088768 -c--a-w- c:\program files\sfs4rw.dll
2008-09-29 16:13 . 2008-09-29 16:13 1048832 -c--a-w- c:\program files\sfpublish.dll
2008-09-29 16:13 . 2008-09-29 16:13 1536256 -c--a-w- c:\program files\sfmarket2.dll
2008-09-29 16:13 . 2008-09-29 16:13 410368 -c--a-w- c:\program files\sfconfigmgr.dll
2008-09-29 16:13 . 2008-09-29 16:13 792320 -c--a-w- c:\program files\sfapprw.dll
2008-09-29 16:12 . 2008-09-29 16:12 1709312 -c--a-w- c:\program files\ApplicationRegistration.exe
2008-09-29 15:38 . 2008-09-29 15:38 40960 -c--a-w- c:\program files\sfibdmux.dll
2008-09-29 15:38 . 2008-09-29 15:38 551936 -c--a-w- c:\program files\ESS.dll
2008-09-29 15:38 . 2008-09-29 15:38 313344 -c--a-w- c:\program files\sfwbdmux.dll
2008-09-29 15:38 . 2008-09-29 15:38 446464 -c--a-w- c:\program files\sfsbdmux.xsfs
2008-09-29 15:30 . 2008-09-29 15:30 623104 -c--a-w- c:\program files\sfcd.cdd
2008-09-29 15:30 . 2008-09-29 15:30 161280 -c--a-w- c:\program files\sfprnsim.pdd
2008-09-29 15:29 . 2008-09-29 15:29 604160 -c--a-w- c:\program files\sfld.ldd
2008-09-29 15:29 . 2008-09-29 15:29 162304 -c--a-w- c:\program files\sfldsim.ldd
2008-09-29 15:29 . 2008-09-29 15:29 164352 -c--a-w- c:\program files\fargo.pdd
2008-09-29 15:29 . 2008-09-29 15:29 15872 -c--a-w- c:\program files\sfcdsim.cdd
2008-09-29 15:29 . 2008-09-29 15:29 2274816 -c--a-w- c:\program files\sfcdix.dll
2008-09-29 15:29 . 2008-09-29 15:29 400896 -c--a-w- c:\program files\sfcdfs.dll
2008-09-29 15:29 . 2008-09-29 15:29 23552 -c--a-w- c:\program files\sfscsi.dll
2008-09-29 15:29 . 2008-09-29 15:29 365568 -c--a-w- c:\program files\sfspti.dll
2008-09-29 15:29 . 2008-09-29 15:29 760320 -c--a-w- c:\program files\sfdvd.dll
2008-03-28 10:47 . 2008-03-28 10:47 552960 -c--a-w- c:\program files\TSWrapper.dll
2008-03-28 10:47 . 2008-03-28 10:47 430080 -c--a-w- c:\program files\FileAllocator.dll
2008-03-28 10:47 . 2008-03-28 10:47 40960 -c--a-w- c:\program files\MuxCommon.dll
2008-03-28 10:47 . 2008-03-28 10:47 24576 -c--a-w- c:\program files\RemoteTS.dll
2008-03-28 10:47 . 2008-03-28 10:47 233472 -c--a-w- c:\program files\FSBuilder.dll
2008-03-28 10:47 . 2008-03-28 10:47 204800 -c--a-w- c:\program files\DBWrapper.dll
2008-03-28 10:47 . 2008-03-28 10:47 20480 -c--a-w- c:\program files\DM_Hash.dll
2008-03-28 10:47 . 2008-03-28 10:47 18432 -c--a-w- c:\program files\FSComp.dll
2008-03-28 10:47 . 2008-03-28 10:47 114688 -c--a-w- c:\program files\mux.net.dll
2008-03-28 10:46 . 2008-03-28 10:46 659456 -c--a-w- c:\program files\sonymvd2pro_xp.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-03 15028104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-16 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 339968]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-18 2219184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"tsnp2std"="c:\windows\tsnp2std.exe" [2005-11-24 106496]
"snp2std"="c:\windows\vsnp2std.exe" [2005-11-23 344064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-07-10 2957824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Freedom\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"4128:TCP"= 4128:TCP:Services
"6756:TCP"= 6756:TCP:Services
"9146:TCP"= 9146:TCP:Services
"6696:TCP"= 6696:TCP:Services
"6507:TCP"= 6507:TCP:Services
"7819:TCP"= 7819:TCP:Services
"5993:TCP"= 5993:TCP:Services
"4245:TCP"= 4245:TCP:Services
"1556:TCP"= 1556:TCP:Services
"4928:TCP"= 4928:TCP:Services
"2744:TCP"= 2744:TCP:Services
"2853:TCP"= 2853:TCP:Services
"4727:TCP"= 4727:TCP:Services
"3854:TCP"= 3854:TCP:Services
"5287:TCP"= 5287:TCP:Services
"4885:TCP"= 4885:TCP:Services
"4271:TCP"= 4271:TCP:Services
"6181:TCP"= 6181:TCP:Services
"8084:TCP"= 8084:TCP:Services
"7321:TCP"= 7321:TCP:Services
"7287:TCP"= 7287:TCP:Services
"1928:TCP"= 1928:TCP:Services
"1559:TCP"= 1559:TCP:Services
"2452:TCP"= 2452:TCP:Services
"1976:TCP"= 1976:TCP:Services
"3382:TCP"= 3382:TCP:Services
"8646:TCP"= 8646:TCP:Services
"8963:TCP"= 8963:TCP:Services
"7618:TCP"= 7618:TCP:Services
"4287:TCP"= 4287:TCP:Services
"6397:TCP"= 6397:TCP:Services
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 13:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3.8.2010 13:28 95896]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [6.4.2011 19:30 138752]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [18.11.2010 15:11 810144]
R3 xcpip;Ovladač protokolu TCP/IP;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30.1.2010 12:52 135664]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 10:52]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 10:52]
.
2011-04-18 c:\windows\Tasks\User_Feed_Synchronization-{9C9277A5-6345-4FB8-B911-79BF24F76D5D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-SC07-ORF - c:\documents and settings\Freedom\Plocha\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-18 11:15
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-04-18 11:17:07
ComboFix-quarantined-files.txt 2011-04-18 09:17
.
Před spuštěním: Volných bajtů: 22 963 703 808
Po spuštění: Volných bajtů: 24 141 594 624
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 78286CF8704983B7C31D8EE7E44A93C6
ComboFix 11-04-17.02 - Freedom 18.04.2011 11:09:31.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1535.946 [GMT 2:00]
Spuštěný z: c:\documents and settings\Freedom\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Freedom\WINDOWS
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\system32\_000125_.tmp.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-18 do 2011-04-18 )))))))))))))))))))))))))))))))
.
.
2011-04-18 07:28 . 2011-04-18 08:20 -------- dc----w- c:\documents and settings\Freedom\Data aplikací\Sammsoft
2011-04-17 16:52 . 2011-04-17 16:53 -------- dc----w- c:\documents and settings\NetworkService.NT AUTHORITY.002\Local Settings\Data aplikací\Temp
2011-04-13 18:21 . 2011-04-13 18:21 -------- dc----w- c:\program files\BabylonToolbar
2011-04-13 18:15 . 2011-04-13 18:15 -------- dc----w- C:\Video Hardware Drivers
2011-04-13 18:15 . 2011-04-13 18:15 -------- dc----w- C:\Script Menu
2011-04-13 18:11 . 2011-04-13 18:11 -------- dc----w- c:\windows\Video Hardware Drivers
2011-04-13 18:11 . 2011-04-13 18:11 -------- dc----w- c:\windows\Script Menu
2011-04-11 19:13 . 2011-04-13 14:37 -------- dc----w- c:\documents and settings\Freedom\Data aplikací\vlc
2011-04-08 16:26 . 2011-04-18 06:53 -------- dc----w- c:\program files\trend micro
2011-04-08 16:26 . 2011-04-08 16:26 -------- dc----w- C:\rsit
2011-04-08 06:24 . 2011-04-08 06:24 -------- dc----w- c:\documents and settings\Freedom\Data aplikací\ScanSpyware
2011-04-08 06:24 . 2008-09-07 15:22 8704 -c--a-w- c:\windows\system32\ssbtsr.exe
2011-04-08 06:24 . 2011-04-08 06:24 -------- dc----w- c:\program files\ScanSpyware
2011-04-07 18:01 . 2011-04-07 19:03 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2011-04-07 17:01 . 2011-04-07 17:01 -------- dc----w- c:\documents and settings\Freedom\Data aplikací\Malwarebytes
2011-04-07 17:01 . 2010-12-20 16:09 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-07 17:01 . 2011-04-07 17:01 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2011-04-07 17:01 . 2011-04-07 17:01 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-07 17:01 . 2010-12-20 16:08 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-04-07 06:27 . 2011-04-07 06:27 -------- dc----w- c:\documents and settings\NetworkService.NT AUTHORITY.002\Plocha
2011-04-07 06:13 . 2011-04-07 06:13 -------- dc----w- c:\documents and settings\Administrator.JAKUB
2011-04-06 17:30 . 2011-04-06 17:30 138752 -c--a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-04-06 17:30 . 2011-04-07 16:33 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Spyware Terminator
2011-04-06 17:30 . 2011-04-07 16:14 -------- dc----w- c:\documents and settings\Freedom\Data aplikací\Spyware Terminator
2011-03-30 10:06 . 2011-03-30 10:06 -------- dc----w- c:\documents and settings\LocalService.NT AUTHORITY.002\Plocha
2011-03-30 09:39 . 2011-04-18 07:18 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2011-01-04 22:59 692736 -c--a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2006-03-02 12:00 420864 -c--a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2006-03-02 12:00 1857920 -c--a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2006-03-02 12:00 916480 -c--a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2006-03-02 12:00 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2006-03-02 12:00 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2006-03-02 12:00 385024 -c--a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2006-03-02 12:00 455936 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-03-02 12:00 357888 -c--a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 06:25 5632 -c--a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2006-03-02 12:00 290432 -c--a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2006-03-02 12:00 270848 -c--a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-03-02 12:00 186880 -c--a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2006-03-02 12:00 978944 -c--a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2006-03-02 12:00 974848 -c--a-w- c:\windows\system32\mfc42u.dll
2011-02-02 19:40 . 2011-01-17 16:30 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:19 . 2011-01-17 16:30 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2011-01-04 22:57 2067456 -c--a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2011-01-04 22:57 677888 -c--a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-03-02 12:00 440320 -c--a-w- c:\windows\system32\shimgvw.dll
2008-09-29 16:13 . 2008-09-29 16:13 4275456 -c--a-w- c:\program files\vidcap60.exe
2008-09-29 16:13 . 2008-09-29 16:13 820480 -c--a-w- c:\program files\sftutor60.dll
2008-09-29 16:13 . 2008-09-29 16:13 3822336 -c--a-w- c:\program files\vegasmoviestudiope90k.dll
2008-09-29 16:13 . 2008-09-29 16:13 13311744 -c--a-w- c:\program files\VegasMovieStudioPE90.exe
2008-09-29 16:13 . 2008-09-29 16:13 79104 -c--a-w- c:\program files\Sony.Vegas.Publish.dll
2008-09-29 16:13 . 2008-09-29 16:13 288000 -c--a-w- c:\program files\Sony.Vegas.dll
2008-09-29 16:13 . 2008-09-29 16:13 378112 -c--a-w- c:\program files\Sony.MediaSoftware.clrshared.dll
2008-09-29 16:13 . 2008-09-29 16:13 103680 -c--a-w- c:\program files\Sony.MediaSoftware.ExternalVideoDevice.dll
2008-09-29 16:13 . 2008-09-29 16:13 230656 -c--a-w- c:\program files\Sony.Capture.dll
2008-09-29 16:13 . 2008-09-29 16:13 1727744 -c--a-w- c:\program files\sfvstwrap.dll
2008-09-29 16:13 . 2008-09-29 16:13 1146112 -c--a-w- c:\program files\sftutor.dll
2008-09-29 16:13 . 2008-09-29 16:13 1088768 -c--a-w- c:\program files\sfs4rw.dll
2008-09-29 16:13 . 2008-09-29 16:13 1048832 -c--a-w- c:\program files\sfpublish.dll
2008-09-29 16:13 . 2008-09-29 16:13 1536256 -c--a-w- c:\program files\sfmarket2.dll
2008-09-29 16:13 . 2008-09-29 16:13 410368 -c--a-w- c:\program files\sfconfigmgr.dll
2008-09-29 16:13 . 2008-09-29 16:13 792320 -c--a-w- c:\program files\sfapprw.dll
2008-09-29 16:12 . 2008-09-29 16:12 1709312 -c--a-w- c:\program files\ApplicationRegistration.exe
2008-09-29 15:38 . 2008-09-29 15:38 40960 -c--a-w- c:\program files\sfibdmux.dll
2008-09-29 15:38 . 2008-09-29 15:38 551936 -c--a-w- c:\program files\ESS.dll
2008-09-29 15:38 . 2008-09-29 15:38 313344 -c--a-w- c:\program files\sfwbdmux.dll
2008-09-29 15:38 . 2008-09-29 15:38 446464 -c--a-w- c:\program files\sfsbdmux.xsfs
2008-09-29 15:30 . 2008-09-29 15:30 623104 -c--a-w- c:\program files\sfcd.cdd
2008-09-29 15:30 . 2008-09-29 15:30 161280 -c--a-w- c:\program files\sfprnsim.pdd
2008-09-29 15:29 . 2008-09-29 15:29 604160 -c--a-w- c:\program files\sfld.ldd
2008-09-29 15:29 . 2008-09-29 15:29 162304 -c--a-w- c:\program files\sfldsim.ldd
2008-09-29 15:29 . 2008-09-29 15:29 164352 -c--a-w- c:\program files\fargo.pdd
2008-09-29 15:29 . 2008-09-29 15:29 15872 -c--a-w- c:\program files\sfcdsim.cdd
2008-09-29 15:29 . 2008-09-29 15:29 2274816 -c--a-w- c:\program files\sfcdix.dll
2008-09-29 15:29 . 2008-09-29 15:29 400896 -c--a-w- c:\program files\sfcdfs.dll
2008-09-29 15:29 . 2008-09-29 15:29 23552 -c--a-w- c:\program files\sfscsi.dll
2008-09-29 15:29 . 2008-09-29 15:29 365568 -c--a-w- c:\program files\sfspti.dll
2008-09-29 15:29 . 2008-09-29 15:29 760320 -c--a-w- c:\program files\sfdvd.dll
2008-03-28 10:47 . 2008-03-28 10:47 552960 -c--a-w- c:\program files\TSWrapper.dll
2008-03-28 10:47 . 2008-03-28 10:47 430080 -c--a-w- c:\program files\FileAllocator.dll
2008-03-28 10:47 . 2008-03-28 10:47 40960 -c--a-w- c:\program files\MuxCommon.dll
2008-03-28 10:47 . 2008-03-28 10:47 24576 -c--a-w- c:\program files\RemoteTS.dll
2008-03-28 10:47 . 2008-03-28 10:47 233472 -c--a-w- c:\program files\FSBuilder.dll
2008-03-28 10:47 . 2008-03-28 10:47 204800 -c--a-w- c:\program files\DBWrapper.dll
2008-03-28 10:47 . 2008-03-28 10:47 20480 -c--a-w- c:\program files\DM_Hash.dll
2008-03-28 10:47 . 2008-03-28 10:47 18432 -c--a-w- c:\program files\FSComp.dll
2008-03-28 10:47 . 2008-03-28 10:47 114688 -c--a-w- c:\program files\mux.net.dll
2008-03-28 10:46 . 2008-03-28 10:46 659456 -c--a-w- c:\program files\sonymvd2pro_xp.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-03 15028104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-16 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 339968]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-18 2219184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"tsnp2std"="c:\windows\tsnp2std.exe" [2005-11-24 106496]
"snp2std"="c:\windows\vsnp2std.exe" [2005-11-23 344064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-07-10 2957824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Freedom\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"4128:TCP"= 4128:TCP:Services
"6756:TCP"= 6756:TCP:Services
"9146:TCP"= 9146:TCP:Services
"6696:TCP"= 6696:TCP:Services
"6507:TCP"= 6507:TCP:Services
"7819:TCP"= 7819:TCP:Services
"5993:TCP"= 5993:TCP:Services
"4245:TCP"= 4245:TCP:Services
"1556:TCP"= 1556:TCP:Services
"4928:TCP"= 4928:TCP:Services
"2744:TCP"= 2744:TCP:Services
"2853:TCP"= 2853:TCP:Services
"4727:TCP"= 4727:TCP:Services
"3854:TCP"= 3854:TCP:Services
"5287:TCP"= 5287:TCP:Services
"4885:TCP"= 4885:TCP:Services
"4271:TCP"= 4271:TCP:Services
"6181:TCP"= 6181:TCP:Services
"8084:TCP"= 8084:TCP:Services
"7321:TCP"= 7321:TCP:Services
"7287:TCP"= 7287:TCP:Services
"1928:TCP"= 1928:TCP:Services
"1559:TCP"= 1559:TCP:Services
"2452:TCP"= 2452:TCP:Services
"1976:TCP"= 1976:TCP:Services
"3382:TCP"= 3382:TCP:Services
"8646:TCP"= 8646:TCP:Services
"8963:TCP"= 8963:TCP:Services
"7618:TCP"= 7618:TCP:Services
"4287:TCP"= 4287:TCP:Services
"6397:TCP"= 6397:TCP:Services
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 13:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3.8.2010 13:28 95896]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [6.4.2011 19:30 138752]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [18.11.2010 15:11 810144]
R3 xcpip;Ovladač protokolu TCP/IP;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30.1.2010 12:52 135664]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 10:52]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 10:52]
.
2011-04-18 c:\windows\Tasks\User_Feed_Synchronization-{9C9277A5-6345-4FB8-B911-79BF24F76D5D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-SC07-ORF - c:\documents and settings\Freedom\Plocha\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-18 11:15
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-04-18 11:17:07
ComboFix-quarantined-files.txt 2011-04-18 09:17
.
Před spuštěním: Volných bajtů: 22 963 703 808
Po spuštění: Volných bajtů: 24 141 594 624
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 78286CF8704983B7C31D8EE7E44A93C6
Re: nevím si rady
prescanuj PC s MBAM - uplny scan - log vloz
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: nevím si rady
log z MBAM
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Verze databáze: 6393
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
19.4.2011 0:30:41
mbam-log-2011-04-19 (00-30-41).txt
Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 401599
Uplynulý čas: 1 hodin, 28 minut, 6 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 3
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\documents and settings\Freedom\Plocha\zaloha compu\Kryndy\hry\djs programy\atomix virtual dj 2.01 (full version)\virtual dj v2.01 full + effects + skins [ by dj francky ]\virtualdj v2.01 - crack.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\documents and settings\Freedom\Plocha\zaloha compu\Kryndy\hry\djs programy\virtualdjv1.08patchacecrack\acecrack-virtualdj_1.08.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4de4cbb0-54b4-4b24-ae75-ab877140eff0}\RP131\A0016307.dll (Trojan.Agent.WIMPD) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Verze databáze: 6393
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
19.4.2011 0:30:41
mbam-log-2011-04-19 (00-30-41).txt
Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 401599
Uplynulý čas: 1 hodin, 28 minut, 6 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 3
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\documents and settings\Freedom\Plocha\zaloha compu\Kryndy\hry\djs programy\atomix virtual dj 2.01 (full version)\virtual dj v2.01 full + effects + skins [ by dj francky ]\virtualdj v2.01 - crack.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\documents and settings\Freedom\Plocha\zaloha compu\Kryndy\hry\djs programy\virtualdjv1.08patchacecrack\acecrack-virtualdj_1.08.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4de4cbb0-54b4-4b24-ae75-ab877140eff0}\RP131\A0016307.dll (Trojan.Agent.WIMPD) -> Quarantined and deleted successfully.
Re: nevím si rady
najdene nechaj odstranit
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Přispějete na provoz fóra?