ok po vikendu dam vedet zda vse slape.
da se nejak chranit proti napadani ROODKITu? pokud to tedy byl ten problem v mem pocitaci.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
neco mi ovlada ADSL modem
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: neco mi ovlada ADSL modem
Myslím že byl, ted je toho spousty 
.
Přímo proti rootkitu ne, platí základní zabezpečení počítače - aktualizovaný antivir a firewall, pravidelně stahovat aktualizace windows, nestahovat cracky a keygeny, nelezt na warez a pod, chovat se na internetu slušně
.
Určitě se ozvěte
.Přímo proti rootkitu ne, platí základní zabezpečení počítače - aktualizovaný antivir a firewall, pravidelně stahovat aktualizace windows, nestahovat cracky a keygeny, nelezt na warez a pod, chovat se na internetu slušně
.Určitě se ozvěte
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: neco mi ovlada ADSL modem
tak to si mohu rovnou odpojit internet a kupovat si jenom noviny 
tobyl pouze for.
urcite se ozvu jak to slape.
a zase dekuji
za vse
tobyl pouze for.urcite se ozvu jak to slape.
a zase dekuji
za vsemotji píše:Myslím že byl, ted je toho spousty
Přímo proti rootkitu ne, platí základní zabezpečení počítače - aktualizovaný antivir a firewall, pravidelně stahovat aktualizace windows, nestahovat cracky a keygeny, nelezt na warez a pod, chovat se na internetu slušně
Určitě se ozvěte
Re: neco mi ovlada ADSL modem
Není zač
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: neco mi ovlada ADSL modem
ahoj
tak vcera jsem zjistili ze problem se opakuje. vecer poslu nejaky log.
tak vcera jsem zjistili ze problem se opakuje. vecer poslu nejaky log.
Re: neco mi ovlada ADSL modem
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe -souhlaste s instalací konzole pro zotavení
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: neco mi ovlada ADSL modem
ok log vlozim cca 18.00 hod
Re: neco mi ovlada ADSL modem
ComboFix 09-12-27.04 - lukas 28.12.2009 17:49:09.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.754 [GMT 1:00]
Spuštěný z: c:\documents and settings\lukas\Dokumenty\Stažené soubory\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-28 do 2009-12-28 )))))))))))))))))))))))))))))))
.
2009-12-25 13:36 . 2009-12-25 13:36 -------- d-s---w- c:\documents and settings\zuzka\UserData
2009-12-24 13:42 . 2009-12-24 13:42 -------- d-s---w- c:\documents and settings\lukas\UserData
2009-12-08 17:34 . 2007-01-28 20:24 654848 ----a-w- c:\windows\system32\x264vfw.dll
2009-12-08 17:34 . 2007-01-20 20:26 1565480 ----a-w- c:\windows\system32\wmv9vcm.dll
2009-12-08 17:34 . 2007-01-30 05:03 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-12-08 17:34 . 2007-01-30 05:03 200704 ----a-w- c:\windows\system32\ssldivx.dll
2009-12-08 17:34 . 2006-11-01 13:54 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-08 17:34 . 2006-11-01 13:52 765952 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-08 17:34 . 2007-01-30 05:03 1044480 ----a-w- c:\windows\system32\libdivx.dll
2009-12-08 17:34 . 2007-01-30 04:56 73728 ----a-w- c:\windows\system32\dpl100.dll
2009-12-08 17:34 . 2007-01-30 04:56 196608 ----a-w- c:\windows\system32\dtu100.dll
2009-12-08 17:33 . 2007-02-01 04:56 639066 ----a-w- c:\windows\system32\divx.dll
2009-12-08 17:33 . 2007-02-21 20:00 10752 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-08 17:33 . 2004-01-11 23:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-08 17:33 . 2009-12-08 17:34 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-07 19:54 . 2009-12-07 19:54 -------- d-----w- c:\program files\CCleaner
2009-12-04 21:33 . 2009-12-04 22:00 -------- d-----w- c:\documents and settings\lukas\DoctorWeb
2009-12-04 17:19 . 2008-04-13 22:10 96512 ------w- C:\atapi.sys
2009-12-02 20:14 . 2009-12-02 20:14 -------- d-----w- c:\program files\trend micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 13:37 . 2009-11-28 14:49 -------- d-----w- c:\program files\rajce
2009-12-21 13:53 . 2009-11-21 11:32 -------- d-----w- c:\program files\uTorrent
2009-11-21 13:02 . 2009-11-21 13:02 -------- d-----w- c:\program files\Common Files\DirectX
2009-11-21 12:53 . 2009-11-21 12:53 -------- d-----w- c:\program files\Buka
2009-11-21 12:53 . 2009-11-17 15:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-21 12:30 . 2009-11-21 12:30 -------- d-----w- c:\program files\Alcohol Soft
2009-11-21 11:41 . 2009-11-21 11:41 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-21 11:05 . 2009-11-21 11:05 -------- d-----w- c:\program files\IrfanView
2009-11-20 17:20 . 2009-11-20 17:20 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-17 21:42 . 2009-11-17 21:42 -------- d-----w- c:\program files\Snapshot Viewer
2009-11-17 21:41 . 2009-11-17 15:07 -------- d-----w- c:\program files\microsoft frontpage
2009-11-17 20:15 . 2009-11-17 20:15 -------- d-----w- c:\program files\Realore
2009-11-17 19:41 . 2009-11-17 19:07 -------- d-----w- c:\program files\ICQ6.5
2009-11-17 19:26 . 2009-11-17 19:26 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-17 19:24 . 2009-11-17 19:24 -------- d-----r- c:\program files\Skype
2009-11-17 19:24 . 2009-11-17 19:24 -------- d-----w- c:\program files\Common Files\Skype
2009-11-17 18:16 . 2009-11-17 18:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 18:02 . 2009-11-17 18:02 0 ----a-w- c:\windows\nsreg.dat
2009-11-17 17:36 . 2009-11-17 17:28 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-17 17:28 . 2009-11-17 17:28 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-17 17:28 . 2009-11-17 17:28 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-17 17:28 . 2009-11-17 17:28 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-17 17:28 . 2009-11-17 17:28 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-17 17:28 . 2009-11-17 17:28 -------- d-----w- c:\program files\Symantec
2009-11-17 17:28 . 2009-11-17 17:28 -------- d-----w- c:\program files\Windows Sidebar
2009-11-17 17:28 . 2009-11-17 17:28 -------- d-----w- c:\program files\Norton AntiVirus
2009-11-17 17:27 . 2009-11-17 17:27 -------- d-----w- c:\program files\NortonInstaller
2009-11-17 16:41 . 2009-11-17 16:41 -------- d-----w- c:\program files\Total Uninstall 3
2009-11-17 16:31 . 2009-11-17 16:31 -------- d-----w- c:\program files\Common Files\Ahead
2009-11-17 16:31 . 2009-11-17 16:31 -------- d-----w- c:\program files\Nero
2009-11-17 16:16 . 2009-11-17 16:13 -------- d-----w- c:\program files\Creative
2009-11-17 16:05 . 2001-10-25 14:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2009-11-17 16:05 . 2001-10-25 14:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2009-11-17 15:59 . 2009-11-17 15:59 -------- d-----w- c:\program files\Realtek Sound Manager
2009-11-17 15:59 . 2009-11-17 15:59 -------- d-----w- c:\program files\AvRack
2009-11-17 15:58 . 2009-11-17 15:55 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-17 15:58 . 2009-11-17 15:58 -------- d-----w- c:\program files\AMD
2009-11-17 15:46 . 2009-11-17 15:07 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-11-17 15:46 . 2009-11-17 15:07 3038 ----a-w- c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2009-11-17 15:21 . 2009-11-17 15:07 8972 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cntstore.bin
2009-11-17 15:07 . 2009-11-17 15:07 558142 ----a-w- c:\windows\java\Packages\7HZJ1N37.ZIP
2009-11-17 15:07 . 2009-11-17 15:07 2678 ----a-w- c:\windows\java\Packages\Data\PR9RVZ97.DAT
2009-11-17 15:07 . 2009-11-17 15:07 2678 ----a-w- c:\windows\java\Packages\Data\7LB93TB5.DAT
2009-11-17 15:07 . 2009-11-17 15:07 155995 ----a-w- c:\windows\java\Packages\0KB7LFNL.ZIP
2009-11-17 15:07 . 2009-11-17 15:07 2678 ----a-w- c:\windows\java\Packages\Data\ZHJTZTBH.DAT
2009-11-17 15:07 . 2009-11-17 15:07 2678 ----a-w- c:\windows\java\Packages\Data\BFBDVF3Z.DAT
2009-11-17 15:07 . 2009-11-17 15:07 2678 ----a-w- c:\windows\java\Packages\Data\4YA9FN57.DAT
2009-11-17 15:05 . 2009-11-17 15:05 21812 ----a-w- c:\windows\system32\emptyregdb.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"nwiz"="nwiz.exe" [2005-08-02 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 245760]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1101000.013\SymDS.sys [17.11.2009 20:57 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1101000.013\SymEFA.sys [17.11.2009 20:57 171056]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1101000.013\cchpx86.sys [17.11.2009 20:57 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1101000.013\Ironx86.sys [17.11.2009 20:57 114736]
R2 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys [18.12.2009 21:32 529456]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe [17.11.2009 20:57 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [20.11.2009 17:22 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSXpx86.sys [18.12.2009 22:33 329592]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [17.11.2009 17:14 91830]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.11.2009 12:41 721904]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\lukas\Data aplikací\Mozilla\Firefox\Profiles\c91di3lp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 17:53
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.1.0.19\diMaster.dll\" /prefetch:1"
.
Celkový čas: 2009-12-28 17:56:04
ComboFix-quarantined-files.txt 2009-12-28 16:56
Před spuštěním: Volných bajtů: 121 746 997 248
Po spuštění: Volných bajtů: 121 757 671 424
- - End Of File - - 1923E4BA6077745B8CA80EC72F435930
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.754 [GMT 1:00]
Spuštěný z: c:\documents and settings\lukas\Dokumenty\Stažené soubory\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-28 do 2009-12-28 )))))))))))))))))))))))))))))))
.
2009-12-25 13:36 . 2009-12-25 13:36 -------- d-s---w- c:\documents and settings\zuzka\UserData
2009-12-24 13:42 . 2009-12-24 13:42 -------- d-s---w- c:\documents and settings\lukas\UserData
2009-12-08 17:34 . 2007-01-28 20:24 654848 ----a-w- c:\windows\system32\x264vfw.dll
2009-12-08 17:34 . 2007-01-20 20:26 1565480 ----a-w- c:\windows\system32\wmv9vcm.dll
2009-12-08 17:34 . 2007-01-30 05:03 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-12-08 17:34 . 2007-01-30 05:03 200704 ----a-w- c:\windows\system32\ssldivx.dll
2009-12-08 17:34 . 2006-11-01 13:54 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-08 17:34 . 2006-11-01 13:52 765952 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-08 17:34 . 2007-01-30 05:03 1044480 ----a-w- c:\windows\system32\libdivx.dll
2009-12-08 17:34 . 2007-01-30 04:56 73728 ----a-w- c:\windows\system32\dpl100.dll
2009-12-08 17:34 . 2007-01-30 04:56 196608 ----a-w- c:\windows\system32\dtu100.dll
2009-12-08 17:33 . 2007-02-01 04:56 639066 ----a-w- c:\windows\system32\divx.dll
2009-12-08 17:33 . 2007-02-21 20:00 10752 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-08 17:33 . 2004-01-11 23:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-08 17:33 . 2009-12-08 17:34 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-07 19:54 . 2009-12-07 19:54 -------- d-----w- c:\program files\CCleaner
2009-12-04 21:33 . 2009-12-04 22:00 -------- d-----w- c:\documents and settings\lukas\DoctorWeb
2009-12-04 17:19 . 2008-04-13 22:10 96512 ------w- C:\atapi.sys
2009-12-02 20:14 . 2009-12-02 20:14 -------- d-----w- c:\program files\trend micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 13:37 . 2009-11-28 14:49 -------- d-----w- c:\program files\rajce
2009-12-21 13:53 . 2009-11-21 11:32 -------- d-----w- c:\program files\uTorrent
2009-11-21 13:02 . 2009-11-21 13:02 -------- d-----w- c:\program files\Common Files\DirectX
2009-11-21 12:53 . 2009-11-21 12:53 -------- d-----w- c:\program files\Buka
2009-11-21 12:53 . 2009-11-17 15:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-21 12:30 . 2009-11-21 12:30 -------- d-----w- c:\program files\Alcohol Soft
2009-11-21 11:41 . 2009-11-21 11:41 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-21 11:05 . 2009-11-21 11:05 -------- d-----w- c:\program files\IrfanView
2009-11-20 17:20 . 2009-11-20 17:20 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-17 21:42 . 2009-11-17 21:42 -------- d-----w- c:\program files\Snapshot Viewer
2009-11-17 21:41 . 2009-11-17 15:07 -------- d-----w- c:\program files\microsoft frontpage
2009-11-17 20:15 . 2009-11-17 20:15 -------- d-----w- c:\program files\Realore
2009-11-17 19:41 . 2009-11-17 19:07 -------- d-----w- c:\program files\ICQ6.5
2009-11-17 19:26 . 2009-11-17 19:26 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-17 19:24 . 2009-11-17 19:24 -------- d-----r- c:\program files\Skype
2009-11-17 19:24 . 2009-11-17 19:24 -------- d-----w- c:\program files\Common Files\Skype
2009-11-17 18:16 . 2009-11-17 18:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 18:02 . 2009-11-17 18:02 0 ----a-w- c:\windows\nsreg.dat
2009-11-17 17:36 . 2009-11-17 17:28 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-17 17:28 . 2009-11-17 17:28 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-17 17:28 . 2009-11-17 17:28 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-17 17:28 . 2009-11-17 17:28 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-17 17:28 . 2009-11-17 17:28 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-17 17:28 . 2009-11-17 17:28 -------- d-----w- c:\program files\Symantec
2009-11-17 17:28 . 2009-11-17 17:28 -------- d-----w- c:\program files\Windows Sidebar
2009-11-17 17:28 . 2009-11-17 17:28 -------- d-----w- c:\program files\Norton AntiVirus
2009-11-17 17:27 . 2009-11-17 17:27 -------- d-----w- c:\program files\NortonInstaller
2009-11-17 16:41 . 2009-11-17 16:41 -------- d-----w- c:\program files\Total Uninstall 3
2009-11-17 16:31 . 2009-11-17 16:31 -------- d-----w- c:\program files\Common Files\Ahead
2009-11-17 16:31 . 2009-11-17 16:31 -------- d-----w- c:\program files\Nero
2009-11-17 16:16 . 2009-11-17 16:13 -------- d-----w- c:\program files\Creative
2009-11-17 16:05 . 2001-10-25 14:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2009-11-17 16:05 . 2001-10-25 14:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2009-11-17 15:59 . 2009-11-17 15:59 -------- d-----w- c:\program files\Realtek Sound Manager
2009-11-17 15:59 . 2009-11-17 15:59 -------- d-----w- c:\program files\AvRack
2009-11-17 15:58 . 2009-11-17 15:55 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-17 15:58 . 2009-11-17 15:58 -------- d-----w- c:\program files\AMD
2009-11-17 15:46 . 2009-11-17 15:07 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-11-17 15:46 . 2009-11-17 15:07 3038 ----a-w- c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2009-11-17 15:21 . 2009-11-17 15:07 8972 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cntstore.bin
2009-11-17 15:07 . 2009-11-17 15:07 558142 ----a-w- c:\windows\java\Packages\7HZJ1N37.ZIP
2009-11-17 15:07 . 2009-11-17 15:07 2678 ----a-w- c:\windows\java\Packages\Data\PR9RVZ97.DAT
2009-11-17 15:07 . 2009-11-17 15:07 2678 ----a-w- c:\windows\java\Packages\Data\7LB93TB5.DAT
2009-11-17 15:07 . 2009-11-17 15:07 155995 ----a-w- c:\windows\java\Packages\0KB7LFNL.ZIP
2009-11-17 15:07 . 2009-11-17 15:07 2678 ----a-w- c:\windows\java\Packages\Data\ZHJTZTBH.DAT
2009-11-17 15:07 . 2009-11-17 15:07 2678 ----a-w- c:\windows\java\Packages\Data\BFBDVF3Z.DAT
2009-11-17 15:07 . 2009-11-17 15:07 2678 ----a-w- c:\windows\java\Packages\Data\4YA9FN57.DAT
2009-11-17 15:05 . 2009-11-17 15:05 21812 ----a-w- c:\windows\system32\emptyregdb.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"nwiz"="nwiz.exe" [2005-08-02 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 245760]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1101000.013\SymDS.sys [17.11.2009 20:57 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1101000.013\SymEFA.sys [17.11.2009 20:57 171056]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1101000.013\cchpx86.sys [17.11.2009 20:57 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1101000.013\Ironx86.sys [17.11.2009 20:57 114736]
R2 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys [18.12.2009 21:32 529456]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe [17.11.2009 20:57 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [20.11.2009 17:22 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSXpx86.sys [18.12.2009 22:33 329592]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [17.11.2009 17:14 91830]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.11.2009 12:41 721904]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\lukas\Data aplikací\Mozilla\Firefox\Profiles\c91di3lp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 17:53
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.1.0.19\diMaster.dll\" /prefetch:1"
.
Celkový čas: 2009-12-28 17:56:04
ComboFix-quarantined-files.txt 2009-12-28 16:56
Před spuštěním: Volných bajtů: 121 746 997 248
Po spuštění: Volných bajtů: 121 757 671 424
- - End Of File - - 1923E4BA6077745B8CA80EC72F435930
Re: neco mi ovlada ADSL modem
Log je uplně čistý 
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.
Jsou stejné problémy jako předtím? Kromě modemu zlobí ještě nějak počítač?
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.
Jsou stejné problémy jako předtím? Kromě modemu zlobí ještě nějak počítač?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: neco mi ovlada ADSL modem
omlouvam se ze to trvalo ale vcera jsem to nestihnul.
nove problemy ne. jenom pocitaci trva hodne dlouho nez se vypne. nekolik minut ale to delalo i drive.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-30 06:38:21
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\lukas\LOCALS~1\Temp\kxtdapow.sys
---- System - GMER 1.0.15 ----
SSDT 84A04998 ZwAlertResumeThread
SSDT 84A04A78 ZwAlertThread
SSDT 84A66170 ZwAllocateVirtualMemory
SSDT 849FCF28 ZwAssignProcessToJobObject
SSDT 863881A8 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xEBDED210]
SSDT 849F1510 ZwCreateMutant
SSDT 849FCD48 ZwCreateSymbolicLinkObject
SSDT 84A800F0 ZwCreateThread
SSDT 849F1048 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xEBDED490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEBDED9F0]
SSDT 84A74168 ZwDuplicateObject
SSDT spnn.sys ZwEnumerateKey [0xF73F9CA4]
SSDT spnn.sys ZwEnumerateValueKey [0xF73FA032]
SSDT 849FD170 ZwFreeVirtualMemory
SSDT 849F1008 ZwImpersonateAnonymousToken
SSDT 84A048B8 ZwImpersonateThread
SSDT 864AC0A8 ZwLoadDriver
SSDT 849FD070 ZwMapViewOfSection
SSDT 849F1430 ZwOpenEvent
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwOpenKey [0xEBDED7A0]
SSDT 84A77168 ZwOpenProcess
SSDT 84A740A8 ZwOpenProcessToken
SSDT 849F1270 ZwOpenSection
SSDT 84A77098 ZwOpenThread
SSDT 849FCE38 ZwProtectVirtualMemory
SSDT spnn.sys ZwQueryKey [0xF73FA10A]
SSDT spnn.sys ZwQueryValueKey [0xF73F9F8A]
SSDT 84A04B58 ZwResumeThread
SSDT 84A00080 ZwSetContextThread
SSDT 84A00160 ZwSetInformationProcess
SSDT 849F1128 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEBDEDC40]
SSDT 849F1350 ZwSuspendProcess
SSDT 849FD848 ZwSuspendThread
SSDT 84A80008 ZwTerminateProcess
SSDT 849FDA58 ZwTerminateThread
SSDT 84A00230 ZwUnmapViewOfSection
SSDT 84A66080 ZwWriteVirtualMemory
INT 0x62 ? 8676CBF8
INT 0x63 ? 86430F00
INT 0x73 ? 86430F00
INT 0x82 ? 8676CBF8
INT 0x83 ? 8676CBF8
---- Kernel code sections - GMER 1.0.15 ----
? spnn.sys Systém nemùže nalézt uvedený soubor. !
? SYMDS.SYS Systém nemùže nalézt uvedený soubor. !
? SYMEFA.SYS Systém nemùže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload EEB868AC 5 Bytes JMP 864304E0
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xEE574360, 0x1DE5ED, 0xE8000020]
.text aw00jxnd.SYS EE529386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aw00jxnd.SYS EE5293AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aw00jxnd.SYS EE5293C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aw00jxnd.SYS EE5293C9 1 Byte [2E]
.text aw00jxnd.SYS EE5293C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[3704] ntdll.dll!RtlValidateUnicodeString + 554 7C91639E 10 Bytes JMP 0280003A
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73DC042] spnn.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73DC13E] spnn.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73DC0C0] spnn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73DC800] spnn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73DC6D6] spnn.sys
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!KfAcquireSpinLock] CCCCCCC3
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!READ_PORT_UCHAR] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!KeGetCurrentIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!KfRaiseIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!KfLowerIrql] 8BEC8B55
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!HalGetInterruptVector] 00C73445
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!HalTranslateBusAddress] 00000000
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!KeStallExecutionProcessor] 830C458B
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!KfReleaseSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 053C0D74
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!READ_PORT_USHORT] 57B80974
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000000
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!WRITE_PORT_UCHAR] 56C35DE5
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[WMILIB.SYS!WmiSystemControl] 8D51FC4D
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[WMILIB.SYS!WmiCompleteRequest] 8D52FD55
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73EBE9C] spnn.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 867D81F8
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\usbohci \Device\USBPDO-0 86319500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8676D1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8676D1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8676D1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8676D1F8
Device \Driver\usbehci \Device\USBPDO-1 86510500
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 867DB1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 867DB1F8
Device \Driver\Cdrom \Device\CdRom0 863281F8
Device \Driver\Cdrom \Device\CdRom1 863281F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{59F24906-51A0-4151-8642-94F154337C18} 859C31F8
Device \Driver\Cdrom \Device\CdRom2 863281F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 859C31F8
Device \Driver\NetBT \Device\NetbiosSmb 859C31F8
Device \Driver\PCI_PNP5672 \Device\0000004c spnn.sys
Device \Driver\PCI_PNP5672 \Device\0000004c spnn.sys
Device \Driver\sptd \Device\2703703172 spnn.sys
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\nvata \Device\0000006c 8676C1F8
Device \Driver\usbohci \Device\USBFDO-0 86319500
Device \Driver\nvata \Device\0000006d 8676C1F8
Device \Driver\usbehci \Device\USBFDO-1 86510500
Device \Driver\nvata \Device\NvAta0 8676C1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8645C500
Device \Driver\nvata \Device\NvAta1 8676C1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8645C500
Device \Driver\nvata \Device\0000006f 8676C1F8
Device \Driver\Ftdisk \Device\FtControl 867DB1F8
Device \Driver\aw00jxnd \Device\Scsi\aw00jxnd1 8642C500
Device \Driver\aw00jxnd \Device\Scsi\aw00jxnd1Port3Path0Target0Lun0 8642C500
Device \Driver\imagedrv \Device\Scsi\imagedrv1 867D91F8
Device \FileSystem\Cdfs \Cdfs 84D5B1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x62 0x63 0x18 0x9A ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x9E 0x7A 0xB1 0x8C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xCD 0x39 0xF0 0x78 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x62 0x63 0x18 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x9E 0x7A 0xB1 0x8C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x02 0x01 0x88 0x5C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x62 0x63 0x18 0x9A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x9E 0x7A 0xB1 0x8C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x02 0x01 0x88 0x5C ...
---- EOF - GMER 1.0.15 ----
nove problemy ne. jenom pocitaci trva hodne dlouho nez se vypne. nekolik minut ale to delalo i drive.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-30 06:38:21
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\lukas\LOCALS~1\Temp\kxtdapow.sys
---- System - GMER 1.0.15 ----
SSDT 84A04998 ZwAlertResumeThread
SSDT 84A04A78 ZwAlertThread
SSDT 84A66170 ZwAllocateVirtualMemory
SSDT 849FCF28 ZwAssignProcessToJobObject
SSDT 863881A8 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xEBDED210]
SSDT 849F1510 ZwCreateMutant
SSDT 849FCD48 ZwCreateSymbolicLinkObject
SSDT 84A800F0 ZwCreateThread
SSDT 849F1048 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xEBDED490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEBDED9F0]
SSDT 84A74168 ZwDuplicateObject
SSDT spnn.sys ZwEnumerateKey [0xF73F9CA4]
SSDT spnn.sys ZwEnumerateValueKey [0xF73FA032]
SSDT 849FD170 ZwFreeVirtualMemory
SSDT 849F1008 ZwImpersonateAnonymousToken
SSDT 84A048B8 ZwImpersonateThread
SSDT 864AC0A8 ZwLoadDriver
SSDT 849FD070 ZwMapViewOfSection
SSDT 849F1430 ZwOpenEvent
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwOpenKey [0xEBDED7A0]
SSDT 84A77168 ZwOpenProcess
SSDT 84A740A8 ZwOpenProcessToken
SSDT 849F1270 ZwOpenSection
SSDT 84A77098 ZwOpenThread
SSDT 849FCE38 ZwProtectVirtualMemory
SSDT spnn.sys ZwQueryKey [0xF73FA10A]
SSDT spnn.sys ZwQueryValueKey [0xF73F9F8A]
SSDT 84A04B58 ZwResumeThread
SSDT 84A00080 ZwSetContextThread
SSDT 84A00160 ZwSetInformationProcess
SSDT 849F1128 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEBDEDC40]
SSDT 849F1350 ZwSuspendProcess
SSDT 849FD848 ZwSuspendThread
SSDT 84A80008 ZwTerminateProcess
SSDT 849FDA58 ZwTerminateThread
SSDT 84A00230 ZwUnmapViewOfSection
SSDT 84A66080 ZwWriteVirtualMemory
INT 0x62 ? 8676CBF8
INT 0x63 ? 86430F00
INT 0x73 ? 86430F00
INT 0x82 ? 8676CBF8
INT 0x83 ? 8676CBF8
---- Kernel code sections - GMER 1.0.15 ----
? spnn.sys Systém nemùže nalézt uvedený soubor. !
? SYMDS.SYS Systém nemùže nalézt uvedený soubor. !
? SYMEFA.SYS Systém nemùže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload EEB868AC 5 Bytes JMP 864304E0
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xEE574360, 0x1DE5ED, 0xE8000020]
.text aw00jxnd.SYS EE529386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aw00jxnd.SYS EE5293AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aw00jxnd.SYS EE5293C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aw00jxnd.SYS EE5293C9 1 Byte [2E]
.text aw00jxnd.SYS EE5293C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[3704] ntdll.dll!RtlValidateUnicodeString + 554 7C91639E 10 Bytes JMP 0280003A
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73DC042] spnn.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73DC13E] spnn.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73DC0C0] spnn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73DC800] spnn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73DC6D6] spnn.sys
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!KfAcquireSpinLock] CCCCCCC3
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!READ_PORT_UCHAR] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!KeGetCurrentIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!KfRaiseIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!KfLowerIrql] 8BEC8B55
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!HalGetInterruptVector] 00C73445
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!HalTranslateBusAddress] 00000000
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!KeStallExecutionProcessor] 830C458B
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!KfReleaseSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 053C0D74
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!READ_PORT_USHORT] 57B80974
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000000
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[HAL.dll!WRITE_PORT_UCHAR] 56C35DE5
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[WMILIB.SYS!WmiSystemControl] 8D51FC4D
IAT \SystemRoot\System32\Drivers\aw00jxnd.SYS[WMILIB.SYS!WmiCompleteRequest] 8D52FD55
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73EBE9C] spnn.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 867D81F8
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\usbohci \Device\USBPDO-0 86319500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8676D1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8676D1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8676D1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8676D1F8
Device \Driver\usbehci \Device\USBPDO-1 86510500
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 867DB1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 867DB1F8
Device \Driver\Cdrom \Device\CdRom0 863281F8
Device \Driver\Cdrom \Device\CdRom1 863281F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{59F24906-51A0-4151-8642-94F154337C18} 859C31F8
Device \Driver\Cdrom \Device\CdRom2 863281F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 859C31F8
Device \Driver\NetBT \Device\NetbiosSmb 859C31F8
Device \Driver\PCI_PNP5672 \Device\0000004c spnn.sys
Device \Driver\PCI_PNP5672 \Device\0000004c spnn.sys
Device \Driver\sptd \Device\2703703172 spnn.sys
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\nvata \Device\0000006c 8676C1F8
Device \Driver\usbohci \Device\USBFDO-0 86319500
Device \Driver\nvata \Device\0000006d 8676C1F8
Device \Driver\usbehci \Device\USBFDO-1 86510500
Device \Driver\nvata \Device\NvAta0 8676C1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8645C500
Device \Driver\nvata \Device\NvAta1 8676C1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8645C500
Device \Driver\nvata \Device\0000006f 8676C1F8
Device \Driver\Ftdisk \Device\FtControl 867DB1F8
Device \Driver\aw00jxnd \Device\Scsi\aw00jxnd1 8642C500
Device \Driver\aw00jxnd \Device\Scsi\aw00jxnd1Port3Path0Target0Lun0 8642C500
Device \Driver\imagedrv \Device\Scsi\imagedrv1 867D91F8
Device \FileSystem\Cdfs \Cdfs 84D5B1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x62 0x63 0x18 0x9A ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x9E 0x7A 0xB1 0x8C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xCD 0x39 0xF0 0x78 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x62 0x63 0x18 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x9E 0x7A 0xB1 0x8C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x02 0x01 0x88 0x5C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x62 0x63 0x18 0x9A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x9E 0x7A 0xB1 0x8C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x02 0x01 0x88 0x5C ...
---- EOF - GMER 1.0.15 ----
Re: neco mi ovlada ADSL modem
Ještě poprosím o log ze Rsitu, ale nikde nic nevidím
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: neco mi ovlada ADSL modem
Logfile of random's system information tool 1.06 (written by random/random)
Run by lukas at 2009-12-30 17:46:57
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 112 GB (86%) free of 130 GB
Total RAM: 1023 MB (33% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:47:02, on 30.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\lukas\Dokumenty\Stažené soubory\RSIT(2).exe
C:\Program Files\trend micro\lukas.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\IPSBHO.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-21-507921405-287218729-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'sarka')
O4 - HKUS\S-1-5-21-507921405-287218729-839522115-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'sarka')
O4 - HKUS\S-1-5-21-507921405-287218729-839522115-1004\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent (User 'sarka')
O4 - HKUS\S-1-5-21-507921405-287218729-839522115-1004\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'sarka')
O4 - HKUS\S-1-5-21-507921405-287218729-839522115-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'sarka')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 6918 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Norton AntiVirus - lukas - Úplné prověření systému.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\IPSBHO.DLL [2009-10-01 79224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-08-02 7110656]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-08-02 86016]
"Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CAMTRAY.EXE [2004-07-30 245760]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2009-12-30 17:46:57 ----D---- C:\rsit
2009-12-28 18:34:23 ----SHD---- C:\RECYCLER
2009-12-28 17:56:06 ----A---- C:\ComboFix.txt
2009-12-28 17:47:46 ----A---- C:\WINDOWS\zip.exe
2009-12-28 17:47:46 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-12-28 17:47:46 ----A---- C:\WINDOWS\SWSC.exe
2009-12-28 17:47:46 ----A---- C:\WINDOWS\SWREG.exe
2009-12-28 17:47:46 ----A---- C:\WINDOWS\sed.exe
2009-12-28 17:47:46 ----A---- C:\WINDOWS\PEV.exe
2009-12-28 17:47:46 ----A---- C:\WINDOWS\NIRCMD.exe
2009-12-28 17:47:46 ----A---- C:\WINDOWS\grep.exe
2009-12-28 17:47:38 ----D---- C:\WINDOWS\ERDNT
2009-12-28 17:40:21 ----D---- C:\ComboFix
2009-12-28 17:39:59 ----D---- C:\Qoobox
2009-12-14 18:18:52 ----A---- C:\WINDOWS\OEWABLog.txt
2009-12-12 16:17:18 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-12 12:22:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\MSN6
2009-12-08 18:34:50 ----D---- C:\Documents and Settings\lukas\Data aplikací\Media Player Classic
2009-12-08 18:34:02 ----A---- C:\WINDOWS\system32\x264vfw.dll
2009-12-08 18:34:02 ----A---- C:\WINDOWS\system32\wmv9vcm.dll
2009-12-08 18:34:01 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-12-08 18:34:01 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-12-08 18:34:01 ----A---- C:\WINDOWS\system32\ssldivx.dll
2009-12-08 18:34:01 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2009-12-08 18:34:00 ----A---- C:\WINDOWS\system32\libdivx.dll
2009-12-08 18:34:00 ----A---- C:\WINDOWS\system32\dtu100.dll
2009-12-08 18:34:00 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-12-08 18:33:59 ----A---- C:\WINDOWS\system32\divx.dll
2009-12-08 18:33:58 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-12-08 18:33:58 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-12-08 18:33:57 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-12-08 18:33:56 ----D---- C:\Program Files\K-Lite Codec Pack
2009-12-07 20:54:39 ----D---- C:\Program Files\CCleaner
2009-12-05 10:48:44 ----D---- C:\WINDOWS\Minidump
2009-12-03 06:25:58 ----A---- C:\Boot.bak
2009-12-03 06:25:55 ----RASHD---- C:\cmdcons
2009-12-03 06:23:51 ----A---- C:\WINDOWS\MBR.exe
2009-12-02 21:14:18 ----D---- C:\Program Files\trend micro
======List of files/folders modified in the last 1 months======
2009-12-30 17:46:56 ----D---- C:\WINDOWS\Prefetch
2009-12-30 17:44:23 ----D---- C:\Documents and Settings\lukas\Data aplikací\Skype
2009-12-30 17:44:07 ----D---- C:\Program Files\Mozilla Firefox
2009-12-30 17:43:27 ----D---- C:\Documents and Settings\lukas\Data aplikací\ICQ
2009-12-30 17:43:24 ----D---- C:\WINDOWS\Temp
2009-12-30 09:50:08 ----SHD---- C:\System Volume Information
2009-12-30 09:48:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-30 00:02:14 ----D---- C:\Documents and Settings\lukas\Data aplikací\skypePM
2009-12-29 23:33:11 ----D---- C:\Program Files\ICQ6.5
2009-12-28 17:53:45 ----D---- C:\WINDOWS
2009-12-28 17:53:45 ----A---- C:\WINDOWS\system.ini
2009-12-28 17:51:54 ----D---- C:\WINDOWS\system32\drivers
2009-12-28 17:51:54 ----D---- C:\WINDOWS\system32
2009-12-28 17:51:54 ----D---- C:\WINDOWS\AppPatch
2009-12-28 17:51:51 ----D---- C:\Program Files\Common Files
2009-12-28 17:48:21 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-26 17:00:53 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-25 21:29:34 ----A---- C:\WINDOWS\LEXSTAT.INI
2009-12-25 14:09:56 ----SHD---- C:\WINDOWS\Installer
2009-12-24 14:37:34 ----D---- C:\Program Files\rajce
2009-12-21 14:53:44 ----D---- C:\Program Files\uTorrent
2009-12-20 10:06:27 ----D---- C:\Documents and Settings
2009-12-19 22:17:42 ----D---- C:\Documents and Settings\lukas\Data aplikací\uTorrent
2009-12-08 18:33:56 ----RD---- C:\Program Files
2009-12-08 17:49:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-12-07 20:55:13 ----D---- C:\WINDOWS\Debug
2009-12-07 19:21:34 ----D---- C:\WINDOWS\system32\Restore
2009-12-07 19:00:12 ----A---- C:\WINDOWS\wincmd.ini
2009-12-06 12:22:47 ----SD---- C:\Documents and Settings\lukas\Data aplikací\Microsoft
2009-12-06 09:50:00 ----SD---- C:\WINDOWS\Tasks
2009-12-04 18:33:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-03 06:25:58 ----RASH---- C:\boot.ini
2009-12-02 19:46:38 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-12-01 09:30:39 ----A---- C:\WINDOWS\ODBC.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\system32\drivers\NAV\1101000.013\ccHPx86.sys [2009-10-20 501888]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NAV\1101000.013\SRTSPX.SYS [2009-10-09 43696]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\System32\Drivers\NAV\1101000.013\Ironx86.SYS [2009-10-09 114736]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NAV\1101000.013\SYMTDI.SYS [2009-10-15 361520]
R2 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSxpx86.sys []
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091230.005\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091230.005\NAVEX15.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-08-02 3198560]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 P0630VID;Creative WebCam Live!; C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-07-30 91830]
R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1101000.013\SRTSP.SYS [2009-10-09 325168]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 agpx48jj;agpx48jj; C:\WINDOWS\system32\drivers\agpx48jj.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\lukas\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 rkhdrv40;Rootkit Unhooker Driver; C:\WINDOWS\system32\drivers\rkhdrv40.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-25 303104]
R2 NAV;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe [2009-10-20 126392]
R2 NVSvc;WinFast(R) Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-08-02 127043]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
-----------------EOF-----------------
Run by lukas at 2009-12-30 17:46:57
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 112 GB (86%) free of 130 GB
Total RAM: 1023 MB (33% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:47:02, on 30.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\lukas\Dokumenty\Stažené soubory\RSIT(2).exe
C:\Program Files\trend micro\lukas.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\IPSBHO.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-21-507921405-287218729-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'sarka')
O4 - HKUS\S-1-5-21-507921405-287218729-839522115-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'sarka')
O4 - HKUS\S-1-5-21-507921405-287218729-839522115-1004\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent (User 'sarka')
O4 - HKUS\S-1-5-21-507921405-287218729-839522115-1004\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'sarka')
O4 - HKUS\S-1-5-21-507921405-287218729-839522115-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'sarka')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 6918 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Norton AntiVirus - lukas - Úplné prověření systému.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\IPSBHO.DLL [2009-10-01 79224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-08-02 7110656]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-08-02 86016]
"Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CAMTRAY.EXE [2004-07-30 245760]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2009-12-30 17:46:57 ----D---- C:\rsit
2009-12-28 18:34:23 ----SHD---- C:\RECYCLER
2009-12-28 17:56:06 ----A---- C:\ComboFix.txt
2009-12-28 17:47:46 ----A---- C:\WINDOWS\zip.exe
2009-12-28 17:47:46 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-12-28 17:47:46 ----A---- C:\WINDOWS\SWSC.exe
2009-12-28 17:47:46 ----A---- C:\WINDOWS\SWREG.exe
2009-12-28 17:47:46 ----A---- C:\WINDOWS\sed.exe
2009-12-28 17:47:46 ----A---- C:\WINDOWS\PEV.exe
2009-12-28 17:47:46 ----A---- C:\WINDOWS\NIRCMD.exe
2009-12-28 17:47:46 ----A---- C:\WINDOWS\grep.exe
2009-12-28 17:47:38 ----D---- C:\WINDOWS\ERDNT
2009-12-28 17:40:21 ----D---- C:\ComboFix
2009-12-28 17:39:59 ----D---- C:\Qoobox
2009-12-14 18:18:52 ----A---- C:\WINDOWS\OEWABLog.txt
2009-12-12 16:17:18 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-12 12:22:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\MSN6
2009-12-08 18:34:50 ----D---- C:\Documents and Settings\lukas\Data aplikací\Media Player Classic
2009-12-08 18:34:02 ----A---- C:\WINDOWS\system32\x264vfw.dll
2009-12-08 18:34:02 ----A---- C:\WINDOWS\system32\wmv9vcm.dll
2009-12-08 18:34:01 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-12-08 18:34:01 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-12-08 18:34:01 ----A---- C:\WINDOWS\system32\ssldivx.dll
2009-12-08 18:34:01 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2009-12-08 18:34:00 ----A---- C:\WINDOWS\system32\libdivx.dll
2009-12-08 18:34:00 ----A---- C:\WINDOWS\system32\dtu100.dll
2009-12-08 18:34:00 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-12-08 18:33:59 ----A---- C:\WINDOWS\system32\divx.dll
2009-12-08 18:33:58 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-12-08 18:33:58 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-12-08 18:33:57 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-12-08 18:33:56 ----D---- C:\Program Files\K-Lite Codec Pack
2009-12-07 20:54:39 ----D---- C:\Program Files\CCleaner
2009-12-05 10:48:44 ----D---- C:\WINDOWS\Minidump
2009-12-03 06:25:58 ----A---- C:\Boot.bak
2009-12-03 06:25:55 ----RASHD---- C:\cmdcons
2009-12-03 06:23:51 ----A---- C:\WINDOWS\MBR.exe
2009-12-02 21:14:18 ----D---- C:\Program Files\trend micro
======List of files/folders modified in the last 1 months======
2009-12-30 17:46:56 ----D---- C:\WINDOWS\Prefetch
2009-12-30 17:44:23 ----D---- C:\Documents and Settings\lukas\Data aplikací\Skype
2009-12-30 17:44:07 ----D---- C:\Program Files\Mozilla Firefox
2009-12-30 17:43:27 ----D---- C:\Documents and Settings\lukas\Data aplikací\ICQ
2009-12-30 17:43:24 ----D---- C:\WINDOWS\Temp
2009-12-30 09:50:08 ----SHD---- C:\System Volume Information
2009-12-30 09:48:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-30 00:02:14 ----D---- C:\Documents and Settings\lukas\Data aplikací\skypePM
2009-12-29 23:33:11 ----D---- C:\Program Files\ICQ6.5
2009-12-28 17:53:45 ----D---- C:\WINDOWS
2009-12-28 17:53:45 ----A---- C:\WINDOWS\system.ini
2009-12-28 17:51:54 ----D---- C:\WINDOWS\system32\drivers
2009-12-28 17:51:54 ----D---- C:\WINDOWS\system32
2009-12-28 17:51:54 ----D---- C:\WINDOWS\AppPatch
2009-12-28 17:51:51 ----D---- C:\Program Files\Common Files
2009-12-28 17:48:21 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-26 17:00:53 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-25 21:29:34 ----A---- C:\WINDOWS\LEXSTAT.INI
2009-12-25 14:09:56 ----SHD---- C:\WINDOWS\Installer
2009-12-24 14:37:34 ----D---- C:\Program Files\rajce
2009-12-21 14:53:44 ----D---- C:\Program Files\uTorrent
2009-12-20 10:06:27 ----D---- C:\Documents and Settings
2009-12-19 22:17:42 ----D---- C:\Documents and Settings\lukas\Data aplikací\uTorrent
2009-12-08 18:33:56 ----RD---- C:\Program Files
2009-12-08 17:49:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-12-07 20:55:13 ----D---- C:\WINDOWS\Debug
2009-12-07 19:21:34 ----D---- C:\WINDOWS\system32\Restore
2009-12-07 19:00:12 ----A---- C:\WINDOWS\wincmd.ini
2009-12-06 12:22:47 ----SD---- C:\Documents and Settings\lukas\Data aplikací\Microsoft
2009-12-06 09:50:00 ----SD---- C:\WINDOWS\Tasks
2009-12-04 18:33:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-03 06:25:58 ----RASH---- C:\boot.ini
2009-12-02 19:46:38 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-12-01 09:30:39 ----A---- C:\WINDOWS\ODBC.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\system32\drivers\NAV\1101000.013\ccHPx86.sys [2009-10-20 501888]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NAV\1101000.013\SRTSPX.SYS [2009-10-09 43696]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\System32\Drivers\NAV\1101000.013\Ironx86.SYS [2009-10-09 114736]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NAV\1101000.013\SYMTDI.SYS [2009-10-15 361520]
R2 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSxpx86.sys []
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091230.005\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091230.005\NAVEX15.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-08-02 3198560]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 P0630VID;Creative WebCam Live!; C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-07-30 91830]
R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1101000.013\SRTSP.SYS [2009-10-09 325168]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 agpx48jj;agpx48jj; C:\WINDOWS\system32\drivers\agpx48jj.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\lukas\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 rkhdrv40;Rootkit Unhooker Driver; C:\WINDOWS\system32\drivers\rkhdrv40.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-25 303104]
R2 NAV;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe [2009-10-20 126392]
R2 NVSvc;WinFast(R) Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-08-02 127043]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
-----------------EOF-----------------
Re: neco mi ovlada ADSL modem
Pro jistotu otestujte na www.virustotal.comC:\WINDOWS\system32\drivers\atapi.sys
Nikde nic nevidím , zkoušel jste tu druhou sítovku?
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu
do okénka zkopírujte
okKód: Vybrat vše
"%userprofile%\plocha\mbr" -t
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: neco mi ovlada ADSL modem
zatim jsem druhou sitovku nezkousel. www.virustotal.com jsem dneska zkusil a beze zmen.
ok vyzkousim vymenu sitovky. dam vedet co se bude dit
ok vyzkousim vymenu sitovky. dam vedet co se bude dit
Re: neco mi ovlada ADSL modem
Myslíte jako 1 pozitivní na virustotalu?
Zkuste ještě otestovat C:\WINDOWS\system32\drivers\ndis.sys
Zkuste ještě otestovat C:\WINDOWS\system32\drivers\ndis.sys
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?