VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Zřejmě zasifleno

https://forum.viry.cz:443/viewtopic.php?t=110769

Stránka 4 z 5

Re: Zřejmě zasifleno

Napsal: 29 dub 2011 20:07
od AndySue
ComboFix 11-04-28.03 - Ondra 29.04.2011 18:27:56.7.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.2820 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ondra\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ondra\Plocha\cfscript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\system32\drivers\12762681.sys"
"c:\windows\system32\drivers\12762682.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\lDi28604gNpNk28604
c:\documents and settings\All Users\Data aplikací\lDi28604gNpNk28604\lDi28604gNpNk28604
c:\windows\system32\drivers\12762681.sys
c:\windows\system32\drivers\12762682.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_12762681
-------\Legacy_12762682
-------\Service_12762681
-------\Service_12762682
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-28 do 2011-04-29 )))))))))))))))))))))))))))))))
.
.
2011-04-22 11:18 . 2011-03-18 17:55 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-22 11:18 . 2011-03-18 17:55 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-22 11:18 . 2011-03-18 17:55 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-22 11:18 . 2011-03-18 17:55 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-22 11:18 . 2011-03-18 17:55 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-04-22 11:18 . 2011-03-18 17:55 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-22 11:18 . 2011-03-18 17:55 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-04-22 11:18 . 2011-03-18 17:55 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-21 09:48 . 2011-04-21 09:48 -------- d-----w- C:\found.000
2011-04-20 15:00 . 2011-04-20 15:05 -------- d-----w- C:\inst
2011-04-20 14:49 . 2011-04-20 14:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-04-20 14:49 . 2011-04-20 14:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-16 12:14 . 2011-04-17 18:58 -------- d-----w- c:\documents and settings\Ondra\.freemind
2011-04-16 12:14 . 2011-04-16 12:14 -------- d-----w- c:\program files\FreeMind
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-04-04 22:30 . 2011-04-11 17:20 -------- d-----w- c:\program files\Defraggler
2011-04-04 10:39 . 2011-04-04 10:39 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\Foxit Software
2011-04-04 09:14 . 2011-04-04 09:14 75208 ----a-w- c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
2011-04-04 08:35 . 2011-04-04 08:35 -------- d-----w- C:\_OTM
2011-04-02 16:23 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-02 16:23 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-02 16:23 . 2011-04-02 16:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-02 10:04 . 2010-09-29 15:13 24064 ----a-w- c:\windows\system32\drivers\motmodem.sys
2011-04-02 10:04 . 2010-12-03 12:03 20352 ----a-w- c:\windows\system32\drivers\motccgp.sys
2011-04-02 10:04 . 2009-01-29 14:18 8320 ----a-w- c:\windows\system32\drivers\motccgpfl.sys
2011-04-02 10:04 . 2007-11-02 12:51 6400 ----a-w- c:\windows\system32\drivers\motswch.sys
2011-04-02 10:04 . 2009-12-21 11:42 15616 ----a-w- c:\windows\system32\mot_ci.dll
2011-04-02 10:04 . 2009-05-08 08:56 42752 ----a-w- c:\windows\system32\drivers\motodrv.sys
2011-04-02 10:04 . 2011-04-02 10:04 -------- d-----w- c:\program files\Common Files\Motorola Shared
2011-04-02 10:04 . 2011-04-02 10:15 -------- d-----w- c:\program files\Motorola
2011-04-01 07:29 . 2011-04-01 07:29 -------- d-----w- C:\spoolerlogs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-24 21:00 . 2011-03-24 21:00 304640 ----a-w- c:\windows\system32\hlvdd.dll
2011-03-24 21:00 . 2011-03-24 21:00 6656 ----a-w- c:\windows\system32\haspvdd.dll
2011-03-24 21:00 . 2011-03-24 21:00 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys
2011-03-07 05:33 . 2008-12-09 20:51 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2004-08-18 11:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2004-08-18 11:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2004-08-18 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2004-08-18 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2004-08-18 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-18 11:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-18 11:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-18 11:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-18 11:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-18 11:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-18 11:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-18 11:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-18 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2008-12-09 20:50 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-03-18 17:55 . 2011-04-22 11:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotkeyP"="c:\program files\hotkeyp\HotkeyP.exe" [2008-07-15 65536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]
"Alt+S Override"="c:\program files\Alt+S Override\Alt+S Override.exe" [2009-10-08 154112]
"EasyPHP"="c:\program files\EasyPHP-5.3.1\EasyPHP-5.3.1.exe" [2010-02-15 277504]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-07 13529088]
"nwiz"="nwiz.exe" [2008-05-07 1630208]
"NVHotkey"="nvHotkey.dll" [2008-05-07 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-07 86016]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-01-19 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-06 202256]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
.
c:\documents and settings\Ondra\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - miranda32.exe.lnk - c:\program files\Miranda IM\miranda32.exe [2011-1-21 817760]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CLS2009.01.lnk - c:\program files\Edgecam\Cam\cls.exe [2011-3-24 782336]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ondra^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=c:\documents and settings\Ondra\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ondra^Nabídka Start^Programy^Po spuštění^Jádro Plánovače úloh SolidWorks.lnk]
path=c:\documents and settings\Ondra\Nabídka Start\Programy\Po spuštění\Jádro Plánovače úloh SolidWorks.lnk
backup=c:\windows\pss\Jádro Plánovače úloh SolidWorks.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ondra^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Ondra\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-09-13 10:12 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mumservice]
2011-02-02 14:45 1066304 ----a-w- c:\program files\Motorola\Software Update\mumservice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSync - ScheduleSync]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2008-04-04 10:38 88584 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-06 13:37 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BBDemon"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"mnmsrvc"=3 (0x3)
"ERSvc"=2 (0x2)
"TapiSrv"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\LowRateVoip\\LowRateVoip.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Python25\\pythonw.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\rFactor\\rFactor.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Motorola\\Software Update\\mumapp.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"7328:TCP"= 7328:TCP:Services
"7329:TCP"= 7329:TCP:Services
"9880:TCP"= 9880:TCP:Services
"9881:TCP"= 9881:TCP:Services
"5804:TCP"= 5804:TCP:Services
"5507:TCP"= 5507:TCP:Services
"9677:TCP"= 9677:TCP:Services
"8008:TCP"= 8008:TCP:Services
"4960:TCP"= 4960:TCP:Services
"5369:TCP"= 5369:TCP:Services
"2225:TCP"= 2225:TCP:Services
"6991:TCP"= 6991:TCP:Services
"4507:TCP"= 4507:TCP:Services
"7514:TCP"= 7514:TCP:Services
"1694:TCP"= 1694:TCP:Services
"7912:TCP"= 7912:TCP:Services
"2460:TCP"= 2460:TCP:Services
"9271:TCP"= 9271:TCP:Services
"2413:TCP"= 2413:TCP:Services
"9334:TCP"= 9334:TCP:Services
"4975:TCP"= 4975:TCP:Services
"8818:TCP"= 8818:TCP:Services
"3960:TCP"= 3960:TCP:Services
"7959:TCP"= 7959:TCP:Services
"2491:TCP"= 2491:TCP:Services
"9099:TCP"= 9099:TCP:Services
"1725:TCP"= 1725:TCP:Services
"9474:TCP"= 9474:TCP:Services
"9521:TCP"= 9521:TCP:Services
"9943:TCP"= 9943:TCP:Services
"1897:TCP"= 1897:TCP:Services
"3054:TCP"= 3054:TCP:Services
"4539:TCP"= 4539:TCP:Services
"2850:TCP"= 2850:TCP:Services
"2038:TCP"= 2038:TCP:Services
"7287:TCP"= 7287:TCP:Services
"5802:TCP"= 5802:TCP:Services
"1788:TCP"= 1788:TCP:Services
"7490:TCP"= 7490:TCP:Services
"3585:TCP"= 3585:TCP:Services
"7151:TCP"= 7151:TCP:Services
"7152:TCP"= 7152:TCP:Services
"9254:TCP"= 9254:TCP:Services
"1796:TCP"= 1796:TCP:Services
"1648:TCP"= 1648:TCP:Services
"1882:TCP"= 1882:TCP:Services
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 13:31 115008]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [13.10.2006 22:53 14912]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [1.11.2010 18:08 143184]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [1.11.2010 18:08 41936]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 16:41 810144]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [3.12.2010 1:48 218432]
R2 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [23.11.2009 20:48 71464]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [22.5.2009 18:47 16384]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [22.5.2009 18:47 17408]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [22.5.2009 18:47 9856]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [8.10.2010 16:57 100560]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [8.10.2010 16:57 111568]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [20.1.2010 1:59 87336]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [21.11.2010 16:11 112640]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [21.11.2010 19:43 100480]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2.4.2011 12:04 20352]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2.4.2011 12:04 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2.4.2011 12:04 42752]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [1.11.2010 18:08 31888]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [27.1.2010 12:22 11520]
S3 xcpip;Ovladač protokolu TCP/IP;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 8:01 2799808]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.12.2008 19:02 721904]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-1284227242-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
2011-04-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-1284227242-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
2011-04-29 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-01-01 05:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.lide.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {D282F74B-6F08-4903-B5C4-F39D344FDC8A} = 77.78.80.211,213.46.172.36
FF - ProfilePath - c:\documents and settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\h74hq88m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://localhost/to-do-list.php
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-29 18:52
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2348)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\EASYPH~1.1\MySql\bin\mysqld.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2011-04-29 18:59:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-04-29 16:59
ComboFix2.txt 2011-04-27 13:01
ComboFix3.txt 2010-02-11 17:13
.
Před spuštěním: Volných bajtů: 53 576 519 680
Po spuštění: Volných bajtů: 53 681 946 624
.
- - End Of File - - 9B8ABCAAD28942C28BFB83B61069E786

Re: Zřejmě zasifleno

Napsal: 29 dub 2011 20:09
od AndySue
Chová se rozumně, žádné anomálie nepozoruji. Ale třeba tu ještě nějaký červíku bude!

Re: Zřejmě zasifleno

Napsal: 01 kvě 2011 06:33
od cernohous13
:arrow: Netušíš co znamenají ty otevřené porty - která služba je používá?

:arrow: Odinstaluj Spybot - Search & Destroy - je zastaralý a způsobuje víc zmatků než užitku. (pak nový RSIT)
občasný scan MBAM nebo SAS budou lepší volbou.

:arrow: Neobjevil se žádný problém? Budeme uklízet?

Re: Zřejmě zasifleno

Napsal: 07 kvě 2011 18:57
od AndySue
cernohous13 píše::arrow: Netušíš co znamenají ty otevřené porty - která služba je používá?

:arrow: Odinstaluj Spybot - Search & Destroy - je zastaralý a způsobuje víc zmatků než užitku. (pak nový RSIT)
občasný scan MBAM nebo SAS budou lepší volbou.

:arrow: Neobjevil se žádný problém? Budeme uklízet?
Otevřené porty? To nevím.

Ale údajně podle zprávce sítě oplývám virem Torpig. Nevíš, jak ho vyléčet?

Re: Zřejmě zasifleno

Napsal: 07 kvě 2011 19:22
od cernohous13
:( Uvítal bych tvoji rychlejší reakci na poskytované rady a častější přístup na fórum.
Pokud používáš InternetBanking raději si do vyčištění PC zablokuj účet.
Torpig odesílá tvoje přístupové kódy na útočníkovu adresu a po jeho odstranění budeš muset všechna hesla změnit.
stáhni MBR
Obrázek http://www2.gmer.net/mbr/mbr.exe ulož ho na plochu (jen ulož ale nespouštěj)
klik na hlavním panelu tlačítko "Start" -> "Spustit..." - do příkazového řádku zkopíruj celý červený příkaz
"%userprofile%\plocha\mbr" -t -s -> OK
na ploše vznikne mbr.log - jeho obsah sem zkopíruj
:arrow: Stáhni "System Look" - http://jpshortstuff.247fixes.com/SystemLook.exe
Spusť jej a do okna zkopíruj

Kód: Vybrat vše

:filefind
ibm0000*.exe
ibm0000*.dll
country.exe
Klik na Look a po scanu sem zkopíruj výsledek hledání

Re: Zřejmě zasifleno

Napsal: 13 kvě 2011 07:53
od AndySue
Log z MBR:


Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD32 rev.11.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
C:\WINDOWS\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B0CDAB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IAAStorageDevice-0[0x8AB51028]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user & kernel MBR OK
copy of MBR has been found in sector 625139712

Re: Zřejmě zasifleno

Napsal: 13 kvě 2011 08:05
od AndySue
Log ze SystemLooku:

SystemLook 04.09.10 by jpshortstuff
Log created at 08:53 on 13/05/2011 by Ondra
Administrator - Elevation successful

========== filefind ==========

Searching for "ibm0000*.exe"
No files found.

Searching for "ibm0000*.dll"
No files found.

Searching for "country.exe"
No files found.

-= EOF =-

Re: Zřejmě zasifleno

Napsal: 13 kvě 2011 10:07
od cernohous13
Torpig se nepotvrdil :)
správce sítě ho tam ještě vidí?

Dej mi nový RSIT

Re: Zřejmě zasifleno

Napsal: 13 kvě 2011 22:18
od AndySue
Nyní nevím, ale před dnešní kontrolou tam údajně byl.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Ondra at 2011-05-13 23:17:54
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 47 GB (16%) free of 292 GB
Total RAM: 3582 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:17:56, on 13.5.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Program Files\hotkeyp\HotkeyP.exe
C:\Genius\ioCentre\gZoom.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Program Files\Alt+S Override\Alt+S Override.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\EasyPHP-5.3.1\EasyPHP-5.3.1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Edgecam\Cam\cls.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\PROGRA~1\EASYPH~1.1\MySql\bin\mysqld.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\PSPad editor\PSPad.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\EASYPH~1.1\Apache\bin\apache.exe
C:\PROGRA~1\EASYPH~1.1\Apache\bin\apache.exe
C:\Program Files\LowRateVoip\LowRateVoip.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\calc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ondra\Plocha\OSTATNÍ\RSIT.exe
C:\Documents and Settings\Ondra\Plocha\OSTATNÍ\Ondra.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lide.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [HotkeyP] C:\Program Files\hotkeyp\HotkeyP.exe 0
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Alt+S Override] "C:\Program Files\Alt+S Override\Alt+S Override.exe"
O4 - HKCU\..\Run: [EasyPHP] "C:\Program Files\EasyPHP-5.3.1\EasyPHP-5.3.1.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Zástupce - miranda32.exe.lnk = C:\Program Files\Miranda IM\miranda32.exe
O4 - Global Startup: CLS2009.01.lnk = C:\Program Files\Edgecam\Cam\cls.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D282F74B-6F08-4903-B5C4-F39D344FDC8A}: NameServer = 77.78.80.211,213.46.172.36
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systemes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Solver for Flow Simulation 2010 - Mentor Graphics Corporation - C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11012 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-1284227242-839522115-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-1284227242-839522115-1003.job
C:\WINDOWS\tasks\SDMsgUpdate (TE).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F85D76C-0569-466F-A488-493E6BD0E955}]
dsWebAllowBHO Class - C:\Program Files\Windows Desktop Search\dsWebAllow.dll [2006-03-26 265432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-06 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-07 13529088]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=nvHotkey.dll,Start []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-07 86016]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-07-25 823296]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-07-25 974848]
"OEM02Mon.exe"=C:\WINDOWS\OEM02Mon.exe [2007-05-10 36864]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-10-25 167936]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-10-09 2183168]
"ioCentre"=C:\Genius\ioCentre\gTaskBar.exe [2007-01-19 61440]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-06 202256]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-01-12 2219184]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HotkeyP"=C:\Program Files\hotkeyp\HotkeyP.exe [2008-07-15 65536]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-04-20 26192680]
"Alt+S Override"=C:\Program Files\Alt+S Override\Alt+S Override.exe [2009-10-08 154112]
"EasyPHP"=C:\Program Files\EasyPHP-5.3.1\EasyPHP-5.3.1.exe [2010-02-15 277504]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-09-13 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mumservice]
C:\Program Files\Motorola\Software Update\mumservice.exe [2011-02-02 1066304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSync - ScheduleSync]
C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE [2005-10-21 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2008-04-04 88584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-06 202256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acrobat Assistant.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe [2003-05-15 217193]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2006-05-24 622653]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Desktop Search.lnk]
C:\PROGRA~1\WINDOW~4\WINDOW~3.EXE [2006-03-26 257752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ondra^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ondra^Nabídka Start^Programy^Po spuštění^Jádro Plánovače úloh SolidWorks.lnk]
C:\Program Files\SolidWorks SE\swScheduler\swBOEngine.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ondra^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-10-05 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BBDemon"=2
"Adobe LM Service"=3
"mnmsrvc"=3
"ERSvc"=2
"TapiSrv"=3

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
CLS2009.01.lnk - C:\Program Files\Edgecam\Cam\cls.exe

C:\Documents and Settings\Ondra\Nabídka Start\Programy\Po spuštění
Zástupce - miranda32.exe.lnk - C:\Program Files\Miranda IM\miranda32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 233472]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\LowRateVoip\LowRateVoip.exe"="C:\Program Files\LowRateVoip\LowRateVoip.exe:*:Enabled:LowRateVoip"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Python25\pythonw.exe"="C:\Program Files\Python25\pythonw.exe:*:Enabled:pythonw"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\rFactor\rFactor.exe"="C:\Program Files\rFactor\rFactor.exe:*:Enabled:rFactor"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Motorola\Software Update\msu.exe"="C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu"
"C:\Program Files\Motorola\Software Update\mumapp.exe"="C:\Program Files\Motorola\Software Update\mumapp.exe:*:Enabled:mumapp"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.txt - open - notepad.exe %1

======List of files/folders created in the last 1 months======

2011-04-30 11:25:06 ----SHD---- C:\RECYCLER
2011-04-29 18:59:17 ----A---- C:\ComboFix.txt
2011-04-29 18:36:46 ----D---- C:\WINDOWS\temp
2011-04-25 16:30:18 ----A---- C:\TDSSKiller.2.4.21.0_25.04.2011_16.30.18_log.txt
2011-04-25 16:04:37 ----A---- C:\TDSSKiller.2.4.21.0_25.04.2011_16.04.37_log.txt
2011-04-25 16:04:22 ----A---- C:\TDSSKiller.2.4.21.0_25.04.2011_16.04.22_log.txt
2011-04-25 15:33:44 ----A---- C:\TDSSKiller.2.4.21.0_25.04.2011_15.33.44_log.txt
2011-04-21 12:50:18 ----A---- C:\TDSSKiller.2.4.21.0_21.04.2011_12.50.18_log.txt
2011-04-21 11:48:44 ----D---- C:\found.000
2011-04-20 17:00:05 ----D---- C:\inst
2011-04-20 16:49:10 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-04-20 16:49:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-04-20 15:49:39 ----D---- C:\install
2011-04-20 13:46:44 ----A---- C:\TDSSKiller.2.4.21.0_20.04.2011_13.46.44_log.txt
2011-04-18 11:29:16 ----A---- C:\TDSSKiller.2.4.21.0_18.04.2011_11.29.16_log.txt
2011-04-17 20:06:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2011-04-17 20:06:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2506223$
2011-04-17 20:04:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2412687$
2011-04-17 20:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2508272$
2011-04-17 20:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2503658$
2011-04-16 14:14:14 ----D---- C:\Program Files\FreeMind
2011-04-15 22:19:04 ----RASHD---- C:\cmdcons
2011-04-15 16:50:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2507618$
2011-04-15 16:50:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2011-04-15 16:50:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2511455$
2011-04-15 16:50:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2011-04-15 16:47:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2011-04-15 16:47:32 ----A---- C:\WINDOWS\imsins.BAK

======List of files/folders modified in the last 1 months======

2011-05-13 22:35:36 ----D---- C:\Documents and Settings\Ondra\Data aplikací\Skype
2011-05-13 19:46:42 ----SD---- C:\WINDOWS\Tasks
2011-05-13 19:40:41 ----A---- C:\WINDOWS\wincmd.ini
2011-05-13 12:19:16 ----D---- C:\Documents and Settings\Ondra\Data aplikací\LowRateVoip
2011-05-13 11:57:21 ----A---- C:\WINDOWS\wcx_ftp.ini
2011-05-13 11:16:47 ----D---- C:\Program Files\LowRateVoip
2011-05-13 08:36:35 ----D---- C:\WINDOWS
2011-05-13 08:36:35 ----D---- C:\Documents and Settings\Ondra\Data aplikací\skypePM
2011-05-13 08:34:55 ----D---- C:\WINDOWS\Minidump
2011-05-12 12:48:26 ----D---- C:\WINDOWS\system32
2011-05-12 09:45:20 ----A---- C:\WINDOWS\NeroDigital.ini
2011-05-11 10:24:22 ----D---- C:\temp
2011-05-10 01:02:11 ----A---- C:\WINDOWS\hpbafd.ini
2011-05-09 12:04:21 ----D---- C:\Documents and Settings\Ondra\Data aplikací\PrimoPDF
2011-05-08 10:23:09 ----D---- C:\Documents and Settings\Ondra\Data aplikací\SolidWorks
2011-05-07 15:42:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-05-05 23:38:29 ----D---- C:\WINDOWS\Prefetch
2011-05-05 16:50:09 ----D---- C:\Program Files\Mozilla Firefox
2011-04-29 20:46:00 ----D---- C:\Program Files\Mozilla Thunderbird
2011-04-29 18:59:20 ----D---- C:\WINDOWS\system32\drivers
2011-04-29 18:59:20 ----D---- C:\Qoobox
2011-04-29 18:58:09 ----D---- C:\WINDOWS\system32\CatRoot2
2011-04-29 18:52:28 ----A---- C:\WINDOWS\system.ini
2011-04-29 18:51:12 ----D---- C:\WINDOWS\system32\drivers\etc
2011-04-29 18:37:02 ----D---- C:\WINDOWS\system32\config
2011-04-29 18:36:50 ----D---- C:\WINDOWS\ERDNT
2011-04-29 18:34:01 ----D---- C:\WINDOWS\AppPatch
2011-04-29 18:34:00 ----D---- C:\Program Files\Common Files
2011-04-27 21:38:38 ----A---- C:\WINDOWS\solvermfc.INI
2011-04-27 13:29:56 ----HD---- C:\WINDOWS\inf
2011-04-27 13:27:40 ----D---- C:\Config.Msi
2011-04-26 11:06:03 ----SHD---- C:\WINDOWS\Installer
2011-04-21 18:27:54 ----D---- C:\MBEAM
2011-04-21 13:01:27 ----SHD---- C:\System Volume Information
2011-04-21 11:51:17 ----D---- C:\Program Files\Microsoft Silverlight
2011-04-21 11:51:11 ----D---- C:\Program Files\ESET
2011-04-20 17:06:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2011-04-20 16:49:10 ----D---- C:\Program Files
2011-04-18 15:46:44 ----A---- C:\WINDOWS\system32\MRT.exe
2011-04-17 20:47:06 ----RSD---- C:\WINDOWS\assembly
2011-04-17 20:42:23 ----D---- C:\WINDOWS\Microsoft.NET
2011-04-17 20:07:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-04-17 20:06:48 ----D---- C:\WINDOWS\WinSxS
2011-04-17 20:06:34 ----HD---- C:\WINDOWS\$hf_mig$
2011-04-17 20:06:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-04-17 20:05:20 ----D---- C:\Program Files\Internet Explorer
2011-04-17 20:05:04 ----D---- C:\WINDOWS\ie8updates
2011-04-17 20:04:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-04-16 13:27:29 ----D---- C:\WINDOWS\system32\NtmsData
2011-04-15 22:19:08 ----RASH---- C:\boot.ini
2011-04-15 19:29:32 ----D---- C:\WINDOWS\Help
2011-04-15 13:07:49 ----D---- C:\Program Files\Opera
2011-04-14 10:32:57 ----D---- C:\Documents and Settings\Ondra\Data aplikací\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2008-12-09 327192]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-08-20 44944]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-08-03 55256]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 LUMDriver;LUMDriver; \??\C:\WINDOWS\system32\drivers\LUMDriver.sys []
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2010-10-08 143184]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2010-10-08 41936]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-12-10 21393]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-12-21 141264]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-12-21 134000]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-05-29 12416]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Ovladač bezdrátové karty Dell WLAN; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-10-09 1123328]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-24 328237]
R3 btkrnl;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-12-21 33120]
R3 gHidPnp;USB Device Enhanced Function Driver; C:\WINDOWS\System32\Drivers\gHidPnp.Sys [2007-03-20 16384]
R3 gMouPS2;PS2 Scroll Mouse Device; C:\WINDOWS\system32\DRIVERS\gMouPS2.sys [2006-07-12 17408]
R3 gMouUsb;USB Mouse Device Drv; C:\WINDOWS\system32\DRIVERS\gMouUsb.sys [2007-03-13 9856]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-07 6546880]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-07-18 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2008-09-25 31680]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2010-10-08 100560]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [2010-10-08 111568]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
R3 vsbus;Virtual Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\vsb.sys [2005-07-18 15264]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2008-01-24 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2008-01-24 48904]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-09-17 265856]
S2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2008-04-02 76288]
S3 actser;actser; C:\WINDOWS\system32\drivers\actser.sys [2004-12-16 29440]
S3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2004-04-28 328448]
S3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2004-05-11 99968]
S3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-12-26 164400]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-09-10 176640]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-24 30427]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-24 148900]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-05-24 45683]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-24 30285]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\WINDOWS\system32\DRIVERS\ewusbnet.sys [2009-07-23 112640]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-07-23 102528]
S3 hwusbfake;Huawei DataCard USB Fake; C:\WINDOWS\system32\DRIVERS\ewusbfake.sys [2009-07-23 100480]
S3 mbr;mbr; \??\C:\DOCUME~1\Ondra\LOCALS~1\Temp\mbr.sys []
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2010-12-03 20352]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2009-05-08 42752]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2010-09-29 24064]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2009-06-03 3482112]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 VBoxUSB;VirtualBox USB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [2010-10-08 31888]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\WINDOWS\System32\DRIVERS\vserial.sys [2005-07-18 47744]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2008-01-24 28168]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2008-01-24 29192]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2008-01-24 14728]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 xcpip;Ovladač protokolu TCP/IP; C:\WINDOWS\system32\drivers\xcpip.sys []
S3 xpsec;Ovladač IPSEC; C:\WINDOWS\system32\drivers\xpsec.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-06-21 721904]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 266295]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MotoHelper;MotoHelper Service; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [2010-12-03 218432]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-07 159812]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2009-11-23 71464]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-07-25 987136]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe [2007-05-10 94208]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-07-25 294912]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-10-09 24064]
S2 Apache2;Apache2; C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe [2006-07-27 20539]
S2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-12-24 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service; C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-01-20 87336]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2011-01-12 33584]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-11-04 867080]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-09-12 724992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2009-05-22 79360]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Zřejmě zasifleno

Napsal: 14 kvě 2011 09:04
od cernohous13
Stáhni OTM z jednoho odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe
http://www.itxassociates.com/OT-Tools/OTM.exe

Spusť program „OTM.exe“ (pro Vistu a Win7 – pravým a „Run As Administrator“).
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“

Klikni na červené „Moveit!“

Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\
Script OTM

Kód: Vybrat vše

:Commands
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

:Files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
c:\program files\Spybot - Search & Destroy
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-1284227242-839522115-1003.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-1284227242-839522115-1003.job
C:\TDSSKiller*.txt

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
"7328:TCP"=-
"7329:TCP"=-
"9880:TCP"=-
"9881:TCP"=-
"5804:TCP"=-
"5507:TCP"=-
"9677:TCP"=-
"8008:TCP"=-
"4960:TCP"=-
"5369:TCP"=-
"2225:TCP"=-
"6991:TCP"=-
"4507:TCP"=-
"7514:TCP"=-
"1694:TCP"=-
"7912:TCP"=-
"2460:TCP"=-
"9271:TCP"=-
"2413:TCP"=-
"9334:TCP"=-
"4975:TCP"=-
"8818:TCP"=-
"3960:TCP"=-
"7959:TCP"=-
"2491:TCP"=-
"9099:TCP"=-
"1725:TCP"=-
"9474:TCP"=-
"9521:TCP"=-
"9943:TCP"=-
"1897:TCP"=-
"3054:TCP"=-
"4539:TCP"=-
"2850:TCP"=-
"2038:TCP"=-
"7287:TCP"=-
"5802:TCP"=-
"1788:TCP"=-
"7490:TCP"=-
"3585:TCP"=-
"7151:TCP"=-
"7152:TCP"=-
"9254:TCP"=-
"1796:TCP"=-
"1648:TCP"=-
"1882:TCP"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=-
"Adobe Reader Speed Launcher"=-
"QuickTime Task"=-
"KernelFaultCheck"=-

:Services
Hardlock
Haspnt

Re: Zřejmě zasifleno

Napsal: 14 kvě 2011 10:30
od AndySue
Celý scan neproběhl kompletně. Hlásilo to poškozené souboři.

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Ondra
->Temp folder emptied: 342388799 bytes
->Temporary Internet Files folder emptied: 9136657 bytes
->Java cache emptied: 1811723 bytes
->FireFox cache emptied: 124729678 bytes
->Google Chrome cache emptied: 193809599 bytes
->Opera cache emptied: 1346742 bytes
->Flash cache emptied: 11464 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 99201 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 369661634 bytes

Total Files Cleaned = 995,00 mb


Restore points cleared and new OTM Restore Point set!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\system32\spool\PRINTERS\splB1D0.tmp moved successfully.
c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery folder moved successfully.
c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy\Logs folder moved successfully.
c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy folder moved successfully.
c:\program files\Spybot - Search & Destroy folder moved successfully.
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-1284227242-839522115-1003.job moved successfully.
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-1284227242-839522115-1003.job moved successfully.
C:\TDSSKiller.2.4.21.0_18.04.2011_11.29.16_log.txt moved successfully.
C:\TDSSKiller.2.4.21.0_20.04.2011_13.46.44_log.txt moved successfully.
C:\TDSSKiller.2.4.21.0_21.04.2011_12.50.18_log.txt moved successfully.
C:\TDSSKiller.2.4.21.0_25.04.2011_15.33.44_log.txt moved successfully.
C:\TDSSKiller.2.4.21.0_25.04.2011_16.04.22_log.txt moved successfully.
C:\TDSSKiller.2.4.21.0_25.04.2011_16.04.37_log.txt moved successfully.
C:\TDSSKiller.2.4.21.0_25.04.2011_16.30.18_log.txt moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\65533:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\52344:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7328:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7329:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\9880:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\9881:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5804:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5507:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\9677:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\8008:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\4960:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5369:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2225:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\6991:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\4507:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7514:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1694:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7912:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2460:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\9271:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2413:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\9334:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\4975:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\8818:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3960:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7959:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2491:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\9099:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1725:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\9474:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\9521:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\9943:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1897:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3054:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\4539:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2850:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2038:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7287:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5802:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1788:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7490:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3585:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7151:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7152:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\9254:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1796:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1648:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1882:TCP deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
========== SERVICES/DRIVERS ==========
Service Hardlock stopped successfully!
Service Hardlock deleted successfully!
Service Haspnt stopped successfully!
Service Haspnt deleted successfully!

OTM by OldTimer - Version 3.1.17.2 log created on 05142011_105947

Files moved on Reboot...

Registry entries deleted on Reboot...

Re: Zřejmě zasifleno

Napsal: 14 kvě 2011 12:59
od cernohous13
:o Podle logu by to mělo být v pořádku.

:arrow: Smaž starý ComboFix

:arrow: Stáhni ComboFix zde: http://www.bleepingcomputer.com/downloa ... s/combofix
Ulož ho přejmenovaný jako "zmije.com" na plochu a podle předchozího návodu spusť

Re: Zřejmě zasifleno

Napsal: 14 kvě 2011 18:55
od AndySue
ComboFix 11-05-13.03 - Ondra 14.05.2011 17:29:59.8.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.2727 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ondra\Plocha\zmije.com
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-14 do 2011-05-14 )))))))))))))))))))))))))))))))
.
.
2011-04-22 11:18 . 2011-05-03 12:51 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-22 11:18 . 2011-05-03 12:51 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-22 11:18 . 2011-05-03 12:51 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-22 11:18 . 2011-05-03 12:51 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-04-22 11:18 . 2011-05-03 12:51 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-22 11:18 . 2011-05-03 12:51 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-04-22 11:18 . 2011-05-03 12:51 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-22 11:18 . 2011-05-03 12:51 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-21 09:48 . 2011-04-21 09:48 -------- d-----w- C:\found.000
2011-04-20 15:00 . 2011-04-20 15:05 -------- d-----w- C:\inst
2011-04-16 12:14 . 2011-04-17 18:58 -------- d-----w- c:\documents and settings\Ondra\.freemind
2011-04-16 12:14 . 2011-04-16 12:14 -------- d-----w- c:\program files\FreeMind
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-24 21:00 . 2011-03-24 21:00 304640 ----a-w- c:\windows\system32\hlvdd.dll
2011-03-24 21:00 . 2011-03-24 21:00 6656 ----a-w- c:\windows\system32\haspvdd.dll
2011-03-24 21:00 . 2011-03-24 21:00 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys
2011-03-07 05:33 . 2008-12-09 20:51 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2004-08-18 11:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2004-08-18 11:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2004-08-18 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2004-08-18 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2004-08-18 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-18 11:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-18 11:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-18 11:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-18 11:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-05-03 12:51 . 2011-04-22 11:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-04-27_12.59.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-14 09:04 . 2011-05-14 09:04 16384 c:\windows\temp\Perflib_Perfdata_e4.dat
- 2004-08-18 11:00 . 2011-04-17 18:04 69164 c:\windows\system32\perfc009.dat
+ 2004-08-18 11:00 . 2011-05-14 08:59 69164 c:\windows\system32\perfc009.dat
- 2004-08-18 11:00 . 2011-04-17 18:04 80156 c:\windows\system32\perfc005.dat
+ 2004-08-18 11:00 . 2011-05-14 08:59 80156 c:\windows\system32\perfc005.dat
+ 2008-12-09 20:57 . 2011-05-09 22:57 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-09 20:57 . 2011-04-25 18:38 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-04-29 17:16 . 2011-05-09 22:57 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-04-20 07:46 . 2011-04-25 18:38 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-08-18 11:00 . 2011-04-17 18:04 436268 c:\windows\system32\perfh009.dat
+ 2004-08-18 11:00 . 2011-05-14 08:59 436268 c:\windows\system32\perfh009.dat
+ 2004-08-18 11:00 . 2011-05-14 08:59 434192 c:\windows\system32\perfh005.dat
- 2004-08-18 11:00 . 2011-04-17 18:04 434192 c:\windows\system32\perfh005.dat
+ 2011-05-03 12:50 . 2011-05-03 12:50 235168 c:\windows\system32\Macromed\Flash\FlashUtil10p_Plugin.exe
+ 2010-01-27 01:07 . 2011-05-03 12:50 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2010-01-27 01:07 . 2011-03-22 10:38 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-12-14 18:42 . 2011-04-18 13:46 42181064 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotkeyP"="c:\program files\hotkeyp\HotkeyP.exe" [2008-07-15 65536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]
"Alt+S Override"="c:\program files\Alt+S Override\Alt+S Override.exe" [2009-10-08 154112]
"EasyPHP"="c:\program files\EasyPHP-5.3.1\EasyPHP-5.3.1.exe" [2010-02-15 277504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-07 13529088]
"nwiz"="nwiz.exe" [2008-05-07 1630208]
"NVHotkey"="nvHotkey.dll" [2008-05-07 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-07 86016]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-01-19 61440]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
.
c:\documents and settings\Ondra\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - miranda32.exe.lnk - c:\program files\Miranda IM\miranda32.exe [2011-1-21 817760]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CLS2009.01.lnk - c:\program files\Edgecam\Cam\cls.exe [2011-3-24 782336]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ondra^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=c:\documents and settings\Ondra\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ondra^Nabídka Start^Programy^Po spuštění^Jádro Plánovače úloh SolidWorks.lnk]
path=c:\documents and settings\Ondra\Nabídka Start\Programy\Po spuštění\Jádro Plánovače úloh SolidWorks.lnk
backup=c:\windows\pss\Jádro Plánovače úloh SolidWorks.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ondra^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Ondra\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-09-13 10:12 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mumservice]
2011-02-02 14:45 1066304 ----a-w- c:\program files\Motorola\Software Update\mumservice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSync - ScheduleSync]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2008-04-04 10:38 88584 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-06 13:37 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BBDemon"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"mnmsrvc"=3 (0x3)
"ERSvc"=2 (0x2)
"TapiSrv"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\LowRateVoip\\LowRateVoip.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Python25\\pythonw.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\rFactor\\rFactor.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Motorola\\Software Update\\mumapp.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 13:31 115008]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [13.10.2006 22:53 14912]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [1.11.2010 18:08 143184]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [1.11.2010 18:08 41936]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 16:41 810144]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [3.12.2010 1:48 218432]
R2 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [23.11.2009 20:48 71464]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [22.5.2009 18:47 16384]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [22.5.2009 18:47 17408]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [22.5.2009 18:47 9856]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [8.10.2010 16:57 100560]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [8.10.2010 16:57 111568]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [20.1.2010 1:59 87336]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [21.11.2010 16:11 112640]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [21.11.2010 19:43 100480]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2.4.2011 12:04 20352]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2.4.2011 12:04 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2.4.2011 12:04 42752]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [1.11.2010 18:08 31888]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [27.1.2010 12:22 11520]
S3 xcpip;Ovladač protokolu TCP/IP;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 8:01 2799808]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.12.2008 19:02 721904]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-14 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-01-01 05:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.lide.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {D282F74B-6F08-4903-B5C4-F39D344FDC8A} = 77.78.80.211,213.46.172.36
FF - ProfilePath - c:\documents and settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\h74hq88m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://localhost/to-do-list.php
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-14 17:38
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2560)
c:\windows\system32\webcheck.dll
.
Celkový čas: 2011-05-14 17:40:48
ComboFix-quarantined-files.txt 2011-05-14 15:40
ComboFix2.txt 2011-04-29 16:59
ComboFix3.txt 2011-04-27 13:01
ComboFix4.txt 2010-02-11 17:13
.
Před spuštěním: Volných bajtů: 52 355 133 440
Po spuštění: Volných bajtů: 52 344 664 064
.
- - End Of File - - 8C5A5C0E1E5DD04AB22C2CCF46318713

Re: Zřejmě zasifleno

Napsal: 14 kvě 2011 19:33
od cernohous13
:arrow: zdá se, že máš čisto, tak po sobě uklidím :wink:

:arrow: ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK

:arrow:
Stáhni a spusť T-cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe - uklidí po použitých čističích.
Po spuštění ignoruj případné varování antiviru - je to v pořádku
Po provedení akce T-cleaner smažeš
:arrow: stáhni program OTC tady: http://oldtimer.geekstogo.com/OTC.exe - spusť ho -> "CleanUp" (smaže dříve použité čističe)

:arrow: Mohu doporučit kontrolu a vyčištění Ccleanerem
Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx
Ten si můžeš nechat i na budoucí občasné čištění.

:arrow: Pozoruj chování PC a zkus prověřit u správce sítě jestli už nemá námitky.

Re: Zřejmě zasifleno

Napsal: 16 kvě 2011 00:30
od AndySue
Vyčištění provedeno. Kompl vypadá normálně. Budu sledovat admina, snad přestane prudit.

Jinak díky moc za léčení!
Všechny časy jsou v UTC+01:00
Stránka 4 z 5

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz