VIRY.CZ

RSIT

Logfile of random's system information tool 1.07 (written by random/random)
Run by magdalena at 2010-05-18 21:47:38
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (14%) free of 16 GB
Total RAM: 446 MB (24% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-08-31 1312040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2009-05-10 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2010-04-19 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2009-05-10 491520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2003-12-05 159744]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY []
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2005-04-07 544768]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-08 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-11-01 163840]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-04-19 2046816]
"lcfep"=C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe [2005-11-15 270336]
"Microsoft Driver Setup"=C:\WINDOWS\wndrive32.exe [2010-05-18 94208]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Microsoft Driver Setup"=C:\WINDOWS\wndrive32.exe [2010-05-18 94208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"12CFG214-K641-12SF-N85P"=C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe [2010-05-18 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-05-17 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-04-14 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
TivoliAP

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"consentpromptbehavioradmin"=0
"enableinstallerdetection"=0
"enablelua"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe"="C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe:*:Enabled:lcfd"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Kooperativa\KalkZiv\Kalk_ziv.exe"="C:\Program Files\Kooperativa\KalkZiv\Kalk_ziv.exe:*:Enabled:Kalk_ziv"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Program Files\ICQ6\ICQ.exe"="D:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe"="C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe:*:Enabled:lcfd"
"C:\Program Files\Kooperativa\KalkZiv\Kalk_ziv.exe"="C:\Program Files\Kooperativa\KalkZiv\Kalk_ziv.exe:*:Enabled:Kalk_ziv"
"C:\Tivoli\lcf\inv\SCAN\wepmcoll.exe"="C:\Tivoli\lcf\inv\SCAN\wepmcoll.exe:*:Disabled:wepmcoll"

======List of files/folders created in the last 1 months======

2010-05-18 21:47:40 ----D---- C:\Program Files\trend micro
2010-05-18 21:47:38 ----D---- C:\rsit
2010-05-18 21:46:21 ----RSH---- C:\WINDOWS\wndrive32.exe
2010-05-18 19:35:29 ----D---- C:\Program Files\SpeedFan
2010-05-18 18:46:36 ----D---- C:\WINDOWS\pss
2010-05-18 18:23:41 ----D---- C:\Program Files\CCleaner
2010-05-18 18:08:04 ----D---- C:\Program Files\Common Files\CANON
2010-05-18 18:06:10 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
2010-05-18 18:05:51 ----A---- C:\WINDOWS\system32\CNMLM94.DLL
2010-05-18 18:05:46 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2010-05-18 18:05:34 ----A---- C:\WINDOWS\system32\CNC520O.DLL
2010-05-18 18:05:34 ----A---- C:\WINDOWS\system32\CNC520L.DLL
2010-05-18 18:05:34 ----A---- C:\WINDOWS\system32\CNC520I.DLL
2010-05-18 18:05:33 ----A---- C:\WINDOWS\system32\CNC520C.DLL
2010-05-18 18:05:19 ----HD---- C:\Program Files\CanonBJ
2010-04-20 22:16:21 ----D---- C:\Documents and Settings\magdalena\Data aplikací\Mozilla
2010-04-20 12:20:25 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-20 12:19:30 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-20 12:12:43 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-04-20 12:10:23 ----SHD---- C:\Config.Msi
2010-04-20 12:08:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-20 12:08:28 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-20 12:08:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-20 12:05:16 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-20 10:20:23 ----D---- C:\Documents and Settings\magdalena\Data aplikací\Macromedia
2010-04-20 10:20:21 ----D---- C:\Documents and Settings\magdalena\Data aplikací\Adobe

======List of files/folders modified in the last 1 months======

2010-05-18 21:47:40 ----RD---- C:\Program Files
2010-05-18 21:46:52 ----D---- C:\WINDOWS\Prefetch
2010-05-18 21:46:36 ----D---- C:\Program Files\Mozilla Firefox
2010-05-18 21:46:21 ----RSHD---- C:\RECYCLER
2010-05-18 21:46:21 ----D---- C:\WINDOWS
2010-05-18 20:25:01 ----D---- C:\WINDOWS\TEMP
2010-05-18 20:00:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-18 19:38:55 ----SHD---- C:\WINDOWS\CSC
2010-05-18 19:35:28 ----D---- C:\WINDOWS\system32
2010-05-18 19:16:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-18 18:48:06 ----ASH---- C:\boot.ini
2010-05-18 18:48:06 ----A---- C:\WINDOWS\win.ini
2010-05-18 18:48:06 ----A---- C:\WINDOWS\system.ini
2010-05-18 18:40:46 ----D---- C:\WINDOWS\Debug
2010-05-18 18:40:40 ----D---- C:\WINDOWS\Minidump
2010-05-18 18:10:36 ----D---- C:\Program Files\Canon
2010-05-18 18:09:14 ----D---- C:\WINDOWS\Media
2010-05-18 18:09:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-18 18:09:05 ----D---- C:\WINDOWS\system32\drivers
2010-05-18 18:08:56 ----HD---- C:\WINDOWS\inf
2010-05-18 18:08:04 ----D---- C:\Program Files\Common Files
2010-05-18 13:25:01 ----A---- C:\fftrlog.txt
2010-05-18 12:01:06 ----D---- C:\WINDOWS\security
2010-05-13 10:08:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-04 08:59:05 ----D---- C:\Program Files\Kooperativa
2010-04-20 21:52:16 ----SD---- C:\Documents and Settings\magdalena\Data aplikací\Microsoft
2010-04-20 12:26:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-04-20 12:26:12 ----SHD---- C:\WINDOWS\Installer
2010-04-20 12:24:11 ----HD---- C:\$AVG8.VAULT$
2010-04-20 12:20:12 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-04-14 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-04-14 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-27 108552]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 TGrab;Tivoli Remote Control Text Grabber; C:\WINDOWS\system32\drivers\TGrab.sys [2009-04-22 8288]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-03-05 17801]
R2 CITMDRV;CITMDRV; \??\C:\WINDOWS\System32\drivers\CITMDRV.SYS []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-05-18 2319680]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-10-25 95970]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 BCM43XX;Broadcom 802.11 ovladač síťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 Eqnmirdd;Eqnmirdd; C:\WINDOWS\system32\DRIVERS\Eqnmirdd.sys [2009-04-22 6107]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-03-18 42496]
R3 KeyEx2;Tivoli Remote Control Keyboard Filter; C:\WINDOWS\system32\drivers\KeyEx2.sys [2009-04-22 5837]
R3 MouEx2;Tivoli Remote Control Pointer Filter; C:\WINDOWS\system32\drivers\MouEx2.sys [2009-04-22 4638]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-04-07 923826]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-12-27 247040]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2010-04-14 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2010-04-19 297752]
R2 InvokerUpdateService;InvokerUpdateService; c:\ais\Tahiti4\bin\InvokerService.exe [2009-03-05 176128]
R2 KoopPdfService;KoopPdfService; C:\Program Files\Kooperativa\Services\KoopPDFServer.exe [2010-05-10 447488]
R2 lcfd;Tivoli Endpoint; C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe [2005-11-15 172032]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 TME10RC;Tivoli Remote Control Service; C:\WINDOWS\RCSERV.EXE [2009-04-22 77824]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2005-02-17 65536]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Je tam skutečně stejná infekce jako z toho druhého počítače, jdeme na to


Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript: - zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde




Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

OTL logfile created on: 19.5.2010 0:23:13 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\magdalena\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

446,00 Mb Total Physical Memory | 292,00 Mb Available Physical Memory | 65,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15,65 Gb Total Space | 2,22 Gb Free Space | 14,21% Space Free | Partition Type: NTFS
Drive D: | 21,59 Gb Total Space | 13,79 Gb Free Space | 63,84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCHVASTEKOVA-OB
Current User Name: magdalena
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.18 20:42:22 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\magdalena\Plocha\OTL.exe
PRC - [2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010.05.18 20:42:22 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\magdalena\Plocha\OTL.exe
MOD - [2008.04.14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010.05.18 21:56:24 | 000,046,592 | ---- | M] () [Auto | Stopped] -- C:\Program Files\svchost.exe -- (AdbUpd)
SRV - [2010.05.10 15:03:16 | 000,447,488 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Kooperativa\Services\KoopPDFServer.exe -- (KoopPdfService)
SRV - [2010.04.19 22:51:34 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2010.04.14 21:05:24 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009.04.22 14:54:47 | 000,077,824 | ---- | M] (IBM Corporation) [Auto | Stopped] -- C:\WINDOWS\RCSERV.EXE -- (TME10RC)
SRV - [2009.03.05 14:48:21 | 000,176,128 | ---- | M] (LightComp v.o.s.) [Auto | Stopped] -- c:\ais\Tahiti4\bin\InvokerService.exe -- (InvokerUpdateService)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2005.11.15 19:17:08 | 000,172,032 | ---- | M] () [Auto | Stopped] -- C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe -- (lcfd)


========== Driver Services (SafeList) ==========

DRV - [2010.05.18 21:55:53 | 000,081,408 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\zxiwwbpdk7.sys -- (zxiwwbpdk7)
DRV - [2010.05.18 21:55:19 | 000,210,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2010.04.14 21:05:59 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010.04.14 21:05:59 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009.05.27 21:56:39 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009.04.22 14:55:25 | 000,008,288 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TGRAB.SYS -- (TGrab)
DRV - [2009.04.22 14:55:24 | 000,006,107 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Eqnmirdd.sys -- (Eqnmirdd)
DRV - [2009.04.22 14:55:23 | 000,005,837 | ---- | M] (International Business Machines, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KEYEX2.SYS -- (KeyEx2)
DRV - [2009.04.22 14:55:23 | 000,004,638 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MOUEX2.SYS -- (MouEx2)
DRV - [2008.12.16 16:48:40 | 000,021,144 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2008.12.16 16:47:00 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2008.02.18 23:14:26 | 000,010,752 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CITMDRV.SYS -- (CITMDRV)
DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005.05.18 11:50:30 | 002,319,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005.04.07 13:34:30 | 000,923,826 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005.02.11 15:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2003.10.25 00:27:32 | 000,095,970 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intra2rs.ph.koop.cz
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.20 22:16:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.04.29 22:03:23 | 000,000,000 | ---D | M]

[2010.04.20 22:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\magdalena\Data aplikací\Mozilla\Extensions
[2010.05.18 18:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\magdalena\Data aplikací\Mozilla\Firefox\Profiles\pwgf7qja.default\extensions
[2010.04.20 22:47:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\magdalena\Data aplikací\Mozilla\Firefox\Profiles\pwgf7qja.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.04.02 16:34:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008.03.31 21:06:24 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2008.03.31 21:06:24 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2008.01.27 11:57:20 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2008.01.27 11:57:20 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2008.03.31 21:06:24 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.05.18 21:55:17 | 000,000,826 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.ghura.pl
O1 - Hosts: 127.0.0.1 ircgalaxy.pl
O1 - Hosts: 127.0.0.1 ru.brans.pl
O1 - Hosts: 127.0.0.1 zief.pl
O2 - BHO: (ADC PlugIn) - {149256D5-E103-4523-BB43-2CFB066839D6} - C:\Program Files\adc_w32.dll (ADC - AntiSpyware)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll ()
O4 - HKLM..\Run: [31779] C:\Documents and Settings\magdalena\Local Settings\Temp\nrktcvy.exe ()
O4 - Startup: C:\Documents and Settings\magdalena\Nabídka Start\Programy\Po spuštění\algeki32.exe (eSXi)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Microsoft Driver Setup = C:\WINDOWS\wndrive32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: rtw9ws = C:\DOCUME~1\MAGDAL~1\LOCALS~1\Temp\jo2lej.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: consentpromptbehavioradmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: enableinstallerdetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: enablelua = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zam.koop.int
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-1981917028-6495068474-523282379-4824\mgrls32.exe) - C:\RECYCLER\S-1-5-21-1981917028-6495068474-523282379-4824\mgrls32.exe ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O21 - SSODL: GootkitSSO - {1237A933-7692-47F7-8FF6-61673696BAFA} - C:\WINDOWS\system32\msxsltsso.dll ()
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (TivoliAP) - C:\WINDOWS\System32\TivoliAP.dll (IBM Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.05 13:28:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.11.10 14:48:08 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1c324a1e-62a1-11df-bca2-0014a546bc17}\Shell\AutoRun\command - "" = F:\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{1c324a1e-62a1-11df-bca2-0014a546bc17}\Shell\open\command - "" = F:\RECYCLER\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- C:\Program Files\alggui.exe "%1" %* ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- C:\Program Files\alggui.exe "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2010.05.19 00:17:52 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\magdalena\Plocha\OTL.exe
[2010.05.18 22:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\scdata
[2010.05.18 21:56:26 | 000,238,592 | ---- | C] (ADC - AntiSpyware) -- C:\Program Files\adc_w32.dll
[2010.05.18 21:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\AKM Antivirus 2010 Pro
[2010.05.18 21:54:39 | 000,039,424 | ---- | C] (eSXi) -- C:\WINDOWS\System32\jpwrtryt.exe
[2010.05.18 21:54:39 | 000,039,424 | ---- | C] (eSXi) -- C:\Documents and Settings\magdalena\jpwrtryt.exe
[2010.05.18 21:54:37 | 000,182,784 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\regedit.exe
[2010.05.18 21:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.05.18 21:47:38 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.18 19:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2010.05.18 18:46:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.05.18 18:41:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\magdalena\Recent
[2010.05.18 18:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.05.18 18:09:04 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010.05.18 18:08:59 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2010.05.18 18:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2010.05.18 18:06:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2010.05.18 18:05:51 | 000,215,040 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM94.DLL
[2010.05.18 18:05:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2010.05.18 18:05:34 | 000,200,704 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC520L.DLL
[2010.05.18 18:05:34 | 000,188,416 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNC520O.DLL
[2010.05.18 18:05:34 | 000,098,304 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC520I.DLL
[2010.05.18 18:05:33 | 001,400,832 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC520C.DLL
[2010.05.18 18:05:19 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2010.04.20 22:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\magdalena\Local Settings\Data aplikací\Mozilla
[2010.04.20 22:16:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\magdalena\Data aplikací\Mozilla
[2010.04.20 21:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\magdalena\Local Settings\Data aplikací\Adobe
[2010.04.20 12:10:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.04.20 10:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\magdalena\Data aplikací\Macromedia
[2010.04.20 10:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\magdalena\Data aplikací\Adobe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.19 00:25:30 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\alhaooeg.sys
[2010.05.19 00:22:48 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.19 00:21:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.19 00:20:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.19 00:20:12 | 001,572,864 | ---- | M] () -- C:\Documents and Settings\magdalena\NTUSER.DAT
[2010.05.19 00:20:12 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\magdalena\ntuser.ini
[2010.05.18 22:07:51 | 000,000,003 | ---- | M] () -- C:\Program Files\wp3.dat
[2010.05.18 22:07:49 | 000,000,066 | ---- | M] () -- C:\Program Files\wp4.dat
[2010.05.18 21:59:59 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\magdalena\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010.05.18 21:56:30 | 000,032,768 | ---- | M] () -- C:\WINDOWS\System32\hgtd.ruy
[2010.05.18 21:56:29 | 000,065,024 | ---- | M] () -- C:\WINDOWS\System32\h7t.wt
[2010.05.18 21:56:29 | 000,054,784 | ---- | M] () -- C:\Program Files\alggui.exe
[2010.05.18 21:56:28 | 000,000,036 | ---- | M] () -- C:\Program Files\skynet.dat
[2010.05.18 21:56:28 | 000,000,009 | ---- | M] () -- C:\Program Files\nuar.old
[2010.05.18 21:56:27 | 000,238,592 | ---- | M] (ADC - AntiSpyware) -- C:\Program Files\adc_w32.dll
[2010.05.18 21:56:24 | 000,046,592 | ---- | M] () -- C:\Program Files\svchost.exe
[2010.05.18 21:56:20 | 000,001,726 | ---- | M] () -- C:\Documents and Settings\magdalena\Plocha\AKM Antivirus 2010 Pro.lnk
[2010.05.18 21:56:19 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010.05.18 21:56:19 | 000,098,304 | ---- | M] () -- C:\WINDOWS\System32\nmklo.dll
[2010.05.18 21:55:53 | 000,081,408 | ---- | M] () -- C:\WINDOWS\System32\drivers\zxiwwbpdk7.sys
[2010.05.18 21:55:49 | 000,228,352 | ---- | M] () -- C:\WINDOWS\System32\cooper.mine
[2010.05.18 21:55:40 | 000,000,038 | ---- | M] () -- C:\Documents and Settings\magdalena\online_{49c3c335-6a58-41c8-8034-3855ee78b887}
[2010.05.18 21:55:38 | 000,000,038 | ---- | M] () -- C:\Documents and Settings\magdalena\{49c3c335-6a58-41c8-8034-3855ee78b887}
[2010.05.18 21:55:33 | 000,042,496 | ---- | M] () -- C:\WINDOWS\System32\msxsltsso.dll
[2010.05.18 21:55:32 | 000,000,148 | ---- | M] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010.05.18 21:55:19 | 000,210,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys
[2010.05.18 21:55:19 | 000,210,816 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ndis.sys
[2010.05.18 21:55:18 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\magdalena\Data aplikací\avdrn.dat
[2010.05.18 21:54:40 | 000,039,424 | ---- | M] (eSXi) -- C:\Documents and Settings\magdalena\jpwrtryt.exe
[2010.05.18 21:54:39 | 000,039,424 | ---- | M] (eSXi) -- C:\WINDOWS\System32\jpwrtryt.exe
[2010.05.18 21:54:35 | 000,182,784 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\regedit.exe
[2010.05.18 21:54:27 | 000,025,088 | ---- | M] () -- C:\lsass.exe
[2010.05.18 21:46:14 | 000,094,208 | RHS- | M] () -- C:\WINDOWS\wndrive32.exe
[2010.05.18 20:42:22 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\magdalena\Plocha\OTL.exe
[2010.05.18 19:35:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\magdalena\Plocha\SpeedFan.lnk
[2010.05.18 19:35:29 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2010.05.18 18:48:06 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.05.18 18:48:06 | 000,000,320 | -HS- | M] () -- C:\boot.ini
[2010.05.18 18:48:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.05.18 18:44:17 | 000,087,886 | ---- | M] () -- C:\Documents and Settings\magdalena\Dokumenty\cc_20100518_184407.reg
[2010.05.18 18:24:15 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\magdalena\Plocha\CCleaner.lnk
[2010.05.18 18:02:05 | 060,116,395 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.05.17 10:28:00 | 000,824,681 | ---- | M] () -- C:\Documents and Settings\magdalena\Plocha\RSIT.exe
[2010.05.17 07:37:16 | 005,361,386 | -H-- | M] () -- C:\Documents and Settings\magdalena\Local Settings\Data aplikací\IconCache.db
[2010.05.13 10:08:55 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.05.13 10:08:55 | 000,432,516 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.05.13 10:08:55 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.05.13 10:08:54 | 000,079,440 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.05.13 10:08:53 | 001,028,848 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.20 21:52:00 | 000,148,480 | ---- | M] () -- C:\Documents and Settings\magdalena\Plocha\Spolupráce IMPOL TRADE_Slovensko.xls
[2010.04.20 21:35:15 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\magdalena\Plocha\Spolupráce s IMPOL TRADE_Slovensko.doc
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.18 21:59:58 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\magdalena\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010.05.18 21:56:30 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\hgtd.ruy
[2010.05.18 21:56:29 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\h7t.wt
[2010.05.18 21:56:29 | 000,054,784 | ---- | C] () -- C:\Program Files\alggui.exe
[2010.05.18 21:56:28 | 000,000,009 | ---- | C] () -- C:\Program Files\nuar.old
[2010.05.18 21:56:24 | 000,046,592 | ---- | C] () -- C:\Program Files\svchost.exe
[2010.05.18 21:56:24 | 000,000,066 | ---- | C] () -- C:\Program Files\wp4.dat
[2010.05.18 21:56:24 | 000,000,036 | ---- | C] () -- C:\Program Files\skynet.dat
[2010.05.18 21:56:24 | 000,000,003 | ---- | C] () -- C:\Program Files\wp3.dat
[2010.05.18 21:56:20 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\magdalena\Plocha\AKM Antivirus 2010 Pro.lnk
[2010.05.18 21:56:19 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nmklo.dll
[2010.05.18 21:56:16 | 000,228,352 | ---- | C] () -- C:\WINDOWS\System32\cooper.mine
[2010.05.18 21:55:40 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\magdalena\online_{49c3c335-6a58-41c8-8034-3855ee78b887}
[2010.05.18 21:55:38 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\magdalena\{49c3c335-6a58-41c8-8034-3855ee78b887}
[2010.05.18 21:55:33 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\msxsltsso.dll
[2010.05.18 21:55:32 | 000,000,148 | ---- | C] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010.05.18 21:55:18 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\magdalena\Data aplikací\avdrn.dat
[2010.05.18 21:55:12 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\alhaooeg.sys
[2010.05.18 21:54:35 | 000,081,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\zxiwwbpdk7.sys
[2010.05.18 21:54:27 | 000,025,088 | ---- | C] () -- C:\lsass.exe
[2010.05.18 21:47:32 | 000,824,681 | ---- | C] () -- C:\Documents and Settings\magdalena\Plocha\RSIT.exe
[2010.05.18 21:46:21 | 000,094,208 | RHS- | C] () -- C:\WINDOWS\wndrive32.exe
[2010.05.18 19:35:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\magdalena\Plocha\SpeedFan.lnk
[2010.05.18 19:35:26 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2010.05.18 18:44:12 | 000,087,886 | ---- | C] () -- C:\Documents and Settings\magdalena\Dokumenty\cc_20100518_184407.reg
[2010.05.18 18:24:13 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\magdalena\Plocha\CCleaner.lnk
[2010.04.20 21:52:00 | 000,148,480 | ---- | C] () -- C:\Documents and Settings\magdalena\Plocha\Spolupráce IMPOL TRADE_Slovensko.xls
[2010.04.20 10:26:44 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\magdalena\Plocha\Spolupráce s IMPOL TRADE_Slovensko.doc
[2009.05.10 19:20:56 | 000,491,520 | ---- | C] () -- C:\WINDOWS\WebIE.dll
[2009.05.10 19:20:53 | 000,200,704 | ---- | C] () -- C:\WINDOWS\TRNOET.DLL
[2009.05.10 19:20:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\TRNOEH.DLL
[2009.05.10 19:20:31 | 000,000,033 | ---- | C] () -- C:\WINDOWS\WTRDCTM.INI
[2009.05.10 19:19:57 | 000,002,753 | ---- | C] () -- C:\WINDOWS\UN32P.INI
[2009.05.10 19:18:36 | 000,002,476 | ---- | C] () -- C:\WINDOWS\TRNCOM.INI
[2009.05.10 19:18:27 | 000,002,192 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2009.05.10 19:18:26 | 000,004,578 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2009.04.22 15:06:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EQNRCMAI.INI
[2009.04.22 14:55:33 | 000,008,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\TGRAB.SYS
[2009.04.22 14:55:30 | 000,000,712 | ---- | C] () -- C:\WINDOWS\REMCON.INI
[2009.04.02 15:57:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS71.DLL
[2009.03.24 12:48:18 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\CITMDRV.SYS
[2009.03.24 12:48:04 | 000,000,319 | ---- | C] () -- C:\WINDOWS\swdis.ini
[2009.03.05 15:45:57 | 000,000,221 | ---- | C] () -- C:\WINDOWS\multi.ini
[2009.03.05 14:04:11 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2009.03.05 14:00:22 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009.03.05 14:00:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008.04.14 14:00:00 | 000,210,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndis.sys
[2005.04.07 13:33:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2005.04.07 13:33:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2005.04.07 13:33:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2005.04.07 13:33:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2005.04.07 13:33:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2005.04.07 13:32:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2005.04.07 13:32:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2005.04.07 13:32:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2005.04.07 13:32:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
< End of report >

Combofix stahněte takto:
- pravým myšítkem klikněte na odkaz combofixu --uložit jako.. ,a teď ho přejmenujte na Potvora.com a uložte.


Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

ComboFix 10-05-16.01 - magdalena 20.05.2010 21:43:18.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.446.270 [GMT 2:00]
Spuštěný z: c:\documents and settings\magdalena\Plocha\cokoliv.com.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\magdalena\Dokumenty\cc_20100518_184407.reg
c:\documents and settings\magdalena\jpwrtryt.exe
c:\documents and settings\magdalena\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\mchvastekova\Local Settings\Temporary Internet Files\MAILTRAN.INI
c:\documents and settings\mchvastekova\Local Settings\Temporary Internet Files\TRNCOM.INI
c:\program files\AKM Antivirus 2010 Pro
c:\program files\AKM Antivirus 2010 Pro\AKM Antivirus 2010 Pro.exe
c:\program files\alggui.exe
c:\program files\nuar.old
c:\program files\scdata
c:\program files\scdata\dbsinit.exe
c:\program files\scdata\images\i1.gif
c:\program files\scdata\images\i2.gif
c:\program files\scdata\images\i3.gif
c:\program files\scdata\images\j1.gif
c:\program files\scdata\images\j2.gif
c:\program files\scdata\images\j3.gif
c:\program files\scdata\images\jj1.gif
c:\program files\scdata\images\jj2.gif
c:\program files\scdata\images\jj3.gif
c:\program files\scdata\images\l1.gif
c:\program files\scdata\images\l2.gif
c:\program files\scdata\images\l3.gif
c:\program files\scdata\images\pix.gif
c:\program files\scdata\images\t1.gif
c:\program files\scdata\images\t2.gif
c:\program files\scdata\images\Thumbs.db
c:\program files\scdata\images\up1.gif
c:\program files\scdata\images\up2.gif
c:\program files\scdata\images\w1.gif
c:\program files\scdata\images\w11.gif
c:\program files\scdata\images\w2.gif
c:\program files\scdata\images\w3.jpg
c:\program files\scdata\images\word.doc
c:\program files\scdata\images\wt1.gif
c:\program files\scdata\images\wt2.gif
c:\program files\scdata\images\wt3.gif
c:\program files\scdata\wispex.html
c:\program files\skynet.dat
c:\program files\wp3.dat
c:\program files\wp4.dat
c:\windows\system32\cooper.mine
c:\windows\system32\driVERs\alhaooeg.sys
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\h7t.wt
c:\windows\system32\hgtd.ruy
c:\windows\system32\msxsltsso.dll
c:\windows\system32\nmklo.dll
c:\windows\system32\regedit.exe
c:\windows\system32\wbem\grpconv.exe

----- BITS: Možné infikované stránky -----

hxxp://dcadovzam2
c:\windows\system32\grpconv.exe chyběl.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\grpconv.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ADBUPD
-------\Service_AdbUpd
-------\Legacy_alhaooeg
-------\Service_alhaooeg


((((((((((((((((((((((((( Soubory vytvořené od 2010-04-20 do 2010-05-20 )))))))))))))))))))))))))))))))
.

2010-05-20 20:25 . 2008-04-14 06:52 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-05-20 20:25 . 2008-04-14 06:52 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-05-18 22:34 . 2010-05-18 22:51 -------- d-----w- C:\UsbFix
2010-05-18 19:56 . 2010-05-18 19:56 238592 ----a-w- c:\program files\adc_w32.dll
2010-05-18 19:54 . 2010-05-18 19:54 39424 ----a-w- c:\windows\system32\jpwrtryt.exe
2010-05-18 19:47 . 2010-05-18 19:47 -------- d-----w- c:\program files\trend micro
2010-05-18 19:47 . 2010-05-18 19:47 -------- d-----w- C:\rsit
2010-05-18 19:46 . 2010-05-18 19:46 94208 --sh--r- c:\windows\wndrive32.exe
2010-05-18 17:35 . 2010-05-18 19:55 -------- d-----w- c:\program files\SpeedFan
2010-05-18 16:23 . 2010-05-18 16:25 -------- d-----w- c:\program files\CCleaner
2010-05-18 16:09 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-18 16:09 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-05-18 16:08 . 2008-04-13 22:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-05-18 16:08 . 2008-04-13 22:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-05-18 16:08 . 2010-05-18 16:08 -------- d-----w- c:\program files\Common Files\CANON
2010-05-18 16:05 . 2007-05-21 20:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP94.DLL
2010-05-18 16:05 . 2007-05-21 20:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD94.DLL
2010-05-18 16:05 . 2007-05-21 20:00 215040 ----a-w- c:\windows\system32\CNMLM94.DLL
2010-05-18 16:05 . 2010-05-18 16:05 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2010-05-18 16:05 . 2007-03-23 07:29 98304 ----a-w- c:\windows\system32\CNC520I.DLL
2010-05-18 16:05 . 2007-03-19 01:23 200704 ----a-w- c:\windows\system32\CNC520L.DLL
2010-05-18 16:05 . 2007-03-15 05:12 188416 ----a-w- c:\windows\system32\CNC520O.DLL
2010-05-18 16:05 . 2007-03-23 07:30 1400832 ----a-w- c:\windows\system32\CNC520C.DLL
2010-05-18 16:05 . 2010-05-18 16:05 -------- d--h--w- c:\program files\CanonBJ

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 19:56 . 2008-04-14 12:00 578560 ----a-w- c:\windows\system32\user32.DLL
2010-05-18 16:10 . 2009-04-02 13:55 -------- d-----w- c:\program files\Canon
2010-05-13 08:08 . 2008-04-14 12:00 432516 ----a-w- c:\windows\system32\perfh005.dat
2010-05-13 08:08 . 2008-04-14 12:00 79440 ----a-w- c:\windows\system32\perfc005.dat
2010-05-04 06:59 . 2009-03-05 12:27 -------- d-----w- c:\program files\Kooperativa
2010-04-14 19:06 . 2009-03-05 12:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-14 19:05 . 2009-03-05 12:37 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-14 19:05 . 2009-03-05 12:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-11 12:36 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:11 . 2008-04-14 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{149256D5-E103-4523-BB43-2CFB066839D6}]
2010-05-18 19:56 238592 ----a-w- c:\program files\adc_w32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\magdalena\Nabˇdka Start\Programy\Po spuçtŘnˇ\
algeki32.exe [2008-4-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 0 (0x0)
"enableinstallerdetection"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-14 19:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 TivoliAP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Tivoli\\lcf\\bin\\w32-ix86\\mrt\\lcfd.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kooperativa\\KalkZiv\\Kalk_ziv.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows

R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-04-14 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-27 108552]
S1 TGrab;Tivoli Remote Control Text Grabber; [x]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2010-04-14 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2010-04-19 297752]
S2 CITMDRV;CITMDRV;c:\windows\System32\drivers\CITMDRV.SYS [2008-02-18 10752]
S2 InvokerUpdateService;InvokerUpdateService;c:\ais\Tahiti4\bin\InvokerService.exe [2009-03-05 176128]
S2 KoopPdfService;KoopPdfService;c:\program files\Kooperativa\Services\KoopPDFServer.exe [2010-05-10 447488]
S2 lcfd;Tivoli Endpoint;c:\tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe [2005-11-15 172032]
S2 TME10RC;Tivoli Remote Control Service;c:\windows\RCSERV.EXE [2009-04-22 77824]
S3 Eqnmirdd;Eqnmirdd;c:\windows\system32\DRIVERS\Eqnmirdd.sys [2009-04-22 6107]
S3 KeyEx2;Tivoli Remote Control Keyboard Filter; [x]
S3 MouEx2;Tivoli Remote Control Pointer Filter; [x]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\magdalena\Data aplikací\Mozilla\Firefox\Profiles\pwgf7qja.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SSODL-GootkitSSO-{16C61E83-E409-4B52-BAF2-E56DEFDE7661} - c:\windows\System32\msxsltsso.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-20 22:58
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\windows\system32\drivers\zxiwwbpdk7.sys 81408 bytes executable
c:\documents and settings\magdalena\Nabídka Start\Programy\Po spuštění\algeki32.exe 29696 bytes executable

sken byl úspešně dokončen
skryté soubory: 2

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe >>UNKNOWN [0x8436E0E0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75b3f28
\Driver\ACPI -> ACPI.sys @ 0xf7506cb8
\Driver\atapi -> atapi.sys @ 0xf747a852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac SendCompleteHandler -> NDIS.sys @ 0x842f9bb0
PacketIndicateHandler -> NDIS.sys @ 0x84306a21
SendHandler -> NDIS.sys @ 0x842e487b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zxiwwbpdk7]
"ImagePath"="system32\drivers\zxiwwbpdk7.sys"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(984)
c:\windows\system32\TivoliAP.dll

- - - - - - - > 'explorer.exe'(5132)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\Office12\1029\GrooveIntlResource.dll
c:\windows\WebIE.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\NOTEPAD.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Celkový čas: 2010-05-20 23:59:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-20 21:57

Před spuštěním: 2 254 270 464
Po spuštění: 2 324 701 184

- - End Of File - - 523F52A1D3F4888CB73A9E9214CE3216

Otestujte na http://www.virustotal.com

c:\windows\system32\user32.DLL
c:\windows\system32\DRIVERS\Eqnmirdd.sys
C:\WINDOWS\System32\drivers\ndis.sys


-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.



Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci




Znáte tyto dvě složky?
C:\Documents and Settings\magdalena\online_{49c3c335-6a58-41c8-8034-3855ee78b887}
C:\Documents and Settings\magdalena\{49c3c335-6a58-41c8-8034-3855ee78b887}



Na tomto počítači používáte vzdálenou správu?

Soubory otestovat nelze...jedině přenést do jiného PC, ale PC je zpomalené tak, že čekám 20 min. než najede prohlížeč. Asi si umíte představit kolik trvá otestování. Zkoušel jsem to, ale za hodinu to bylo na stejném místě:)

PC vzdálenou správu má.

Ty dvě složky na C:/magdalena.... neznám, můžeme smazat.

Teď se snažím o spuštění combofixu, ale vzhledem k rychlosti PC skoro uvažuji, jestli jej nejdříve nedát opravit a poté odvšivit.

Nechte nejprve pc opravit, pokud se přehřívá, nemá cenu něco dál dělat. Až bude opravený, ozvěte se

ComboFix 10-05-16.01 - magdalena 21.05.2010 17:38:12.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.446.133 [GMT 2:00]
Spuštěný z: c:\documents and settings\magdalena\Plocha\cokoliv.com.exe
Použité ovládací přepínače :: c:\documents and settings\magdalena\Plocha\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

file zipped: c:\program files\adc_w32.dll
file zipped: c:\windows\system32\jpwrtryt.exe
file zipped: c:\windows\wndrive32.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\adc_w32.dll
c:\windows\system32\jpwrtryt.exe
c:\windows\system32\msxsltsso.dll
c:\windows\wndrive32.exe

Nakažená kopie c:\windows\system32\drivers\ndis.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\ndis.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-21 do 2010-05-21 )))))))))))))))))))))))))))))))
.

2010-05-21 08:57 . 2010-05-21 09:03 -------- d-----w- C:\cokoliv.com18038c
2010-05-20 21:57 . 2010-05-20 21:57 -------- d--h--w- c:\windows\PIF
2010-05-20 20:25 . 2008-04-14 06:52 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-05-20 20:25 . 2008-04-14 06:52 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-05-20 19:17 . 2010-05-20 22:03 -------- d-----w- C:\cokoliv.com
2010-05-18 22:34 . 2010-05-18 22:51 -------- d-----w- C:\UsbFix
2010-05-18 19:47 . 2010-05-18 19:47 -------- d-----w- c:\program files\trend micro
2010-05-18 19:47 . 2010-05-18 19:47 -------- d-----w- C:\rsit
2010-05-18 17:35 . 2010-05-21 14:41 -------- d-----w- c:\program files\SpeedFan
2010-05-18 16:23 . 2010-05-18 16:25 -------- d-----w- c:\program files\CCleaner
2010-05-18 16:09 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-18 16:09 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-05-18 16:08 . 2008-04-13 22:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-05-18 16:08 . 2008-04-13 22:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-05-18 16:08 . 2010-05-18 16:08 -------- d-----w- c:\program files\Common Files\CANON
2010-05-18 16:05 . 2007-05-21 20:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP94.DLL
2010-05-18 16:05 . 2007-05-21 20:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD94.DLL
2010-05-18 16:05 . 2007-05-21 20:00 215040 ----a-w- c:\windows\system32\CNMLM94.DLL
2010-05-18 16:05 . 2010-05-18 16:05 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2010-05-18 16:05 . 2007-03-23 07:29 98304 ----a-w- c:\windows\system32\CNC520I.DLL
2010-05-18 16:05 . 2007-03-19 01:23 200704 ----a-w- c:\windows\system32\CNC520L.DLL
2010-05-18 16:05 . 2007-03-15 05:12 188416 ----a-w- c:\windows\system32\CNC520O.DLL
2010-05-18 16:05 . 2007-03-23 07:30 1400832 ----a-w- c:\windows\system32\CNC520C.DLL
2010-05-18 16:05 . 2010-05-18 16:05 -------- d--h--w- c:\program files\CanonBJ

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-21 15:43 . 2008-04-14 12:00 578560 ----a-w- c:\windows\system32\user32.dll
2010-05-18 16:10 . 2009-04-02 13:55 -------- d-----w- c:\program files\Canon
2010-05-13 08:08 . 2008-04-14 12:00 432516 ----a-w- c:\windows\system32\perfh005.dat
2010-05-13 08:08 . 2008-04-14 12:00 79440 ----a-w- c:\windows\system32\perfc005.dat
2010-05-04 06:59 . 2009-03-05 12:27 -------- d-----w- c:\program files\Kooperativa
2010-04-14 19:06 . 2009-03-05 12:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-14 19:05 . 2009-03-05 12:37 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-14 19:05 . 2009-03-05 12:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-11 12:36 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:11 . 2008-04-14 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
Infected c:\windows\system32\user32.dll hex repaired


(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\magdalena\{49c3c335-6a58-41c8-8034-3855ee78b887} ----


---- Directory of c:\documents and settings\magdalena\online_{49c3c335-6a58-41c8-8034-3855ee78b887} ----



(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\magdalena\Nabˇdka Start\Programy\Po spuçtŘnˇ\
algeki32.exe [2008-4-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 0 (0x0)
"enableinstallerdetection"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-14 19:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 TivoliAP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Tivoli\\lcf\\bin\\w32-ix86\\mrt\\lcfd.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kooperativa\\KalkZiv\\Kalk_ziv.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5.3.2009 14:37 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5.3.2009 14:37 108552]
R1 TGrab;Tivoli Remote Control Text Grabber;c:\windows\system32\drivers\TGRAB.SYS [22.4.2009 14:55 8288]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5.3.2009 14:37 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5.3.2009 14:37 297752]
R2 CITMDRV;CITMDRV;c:\windows\system32\drivers\CITMDRV.SYS [24.3.2009 12:48 10752]
R2 InvokerUpdateService;InvokerUpdateService;c:\ais\Tahiti4\bin\InvokerService.exe [5.3.2009 14:42 176128]
R2 KoopPdfService;KoopPdfService;c:\program files\Kooperativa\Services\KoopPDFServer.exe [6.4.2010 15:39 447488]
R2 lcfd;Tivoli Endpoint;c:\tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe [5.3.2009 15:45 172032]
R2 TME10RC;Tivoli Remote Control Service;c:\windows\RCSERV.EXE [22.4.2009 14:55 77824]
R3 Eqnmirdd;Eqnmirdd;c:\windows\system32\drivers\Eqnmirdd.sys [22.4.2009 14:55 6107]
R3 KeyEx2;Tivoli Remote Control Keyboard Filter;c:\windows\system32\drivers\KEYEX2.SYS [22.4.2009 14:55 5837]
R3 MouEx2;Tivoli Remote Control Pointer Filter;c:\windows\system32\drivers\MOUEX2.SYS [22.4.2009 14:55 4638]
S1 zxiwwbpdk7;zxiwwbpdk7.sys;c:\windows\system32\drivers\zxiwwbpdk7.sys --> c:\windows\system32\drivers\zxiwwbpdk7.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14.4.2008 14:00 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\magdalena\Data aplikací\Mozilla\Firefox\Profiles\pwgf7qja.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{149256D5-E103-4523-BB43-2CFB066839D6} - c:\program files\adc_w32.dll
SSODL-GootkitSSO-{22265131-B348-4FAB-889F-5B9BFF82AB7C} - c:\windows\System32\msxsltsso.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-21 17:49
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\documents and settings\magdalena\Nabídka Start\Programy\Po spuštění\algeki32.exe 29696 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(892)
c:\windows\system32\TivoliAP.dll

- - - - - - - > 'explorer.exe'(3328)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
.
**************************************************************************
.
Celkový čas: 2010-05-21 18:07:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-21 16:07
ComboFix2.txt 2010-05-20 21:59

Před spuštěním: 2 428 542 976
Po spuštění: 2 422 390 784

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - D05E8F42EC4E72E5DA2BDE590E0ADB1F

Stáhněte Avenger
http://swandog46.geekstogo.com/avenger.exe

-spustíte program a potvrdíte kliknutím na ok,tím potvrzujete, že všechny činnosti s tím spojené činíte na vlastní riziko.
-Po odkliknutí se objeví hlavní okno programu,do bílého okna něj zkopírujte tento skript:
-zaškrtněte políčko scan for rootkits

a klikněte na tlačítko Execute.
-Potom se objeví okno,kde kliknutím Yes potvrdíte spuštění skriptu. Pak znovu tlačítkem yes potvrdíte restart počítače.
-Po restartu by se měl otevřít poznámkový blok s logem o vykonání skriptu, bude také uložený v C:\avenger.txt.
-Log vložte sem



Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.


Otestujte na http://www.virustotal.com
c:\windows\system32\user32.DLL
c:\windows\system32\DRIVERS\Eqnmirdd.sys
C:\WINDOWS\System32\drivers\ndis.sys


Složky smažte
C:\Documents and Settings\magdalena\online_{49c3c335-6a58-41c8-8034-3855ee78b887}
C:\Documents and Settings\magdalena\{49c3c335-6a58-41c8-8034-3855ee78b887}

Tak PC to bohužel neustálo. Nenajelo ani přes nouzák. Kurzor blikal na monitoru přes 40 min.

Vrátil jsem jej do "poslední fungující verze".

Soubor user32.dll přijatý 2010.03.13 15:37:34 (UTC)
Současný stav: Dokončeno
Výsledek: 0/42 (0.00%)
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.13 -
AhnLab-V3 5.0.0.2 2010.03.12 -
AntiVir 8.2.1.180 2010.03.12 -
Antiy-AVL 2.0.3.7 2010.03.12 -
Authentium 5.2.0.5 2010.03.13 -
Avast 4.8.1351.0 2010.03.13 -
Avast5 5.0.332.0 2010.03.13 -
AVG 9.0.0.787 2010.03.13 -
BitDefender 7.2 2010.03.13 -
CAT-QuickHeal 10.00 2010.03.13 -
ClamAV 0.96.0.0-git 2010.03.13 -
Comodo 4248 2010.03.13 -
DrWeb 5.0.1.12222 2010.03.13 -
eSafe 7.0.17.0 2010.03.11 -
eTrust-Vet 35.2.7359 2010.03.12 -
F-Prot 4.5.1.85 2010.03.12 -
F-Secure 9.0.15370.0 2010.03.13 -
Fortinet 4.0.14.0 2010.03.13 -
GData 19 2010.03.13 -
Ikarus T3.1.1.80.0 2010.03.13 -
Jiangmin 13.0.900 2010.03.13 -
K7AntiVirus 7.10.996 2010.03.12 -
Kaspersky 7.0.0.125 2010.03.13 -
McAfee 5918 2010.03.12 -
McAfee+Artemis 5918 2010.03.12 -
McAfee-GW-Edition 6.8.5 2010.03.13 -
Microsoft 1.5502 2010.03.12 -
NOD32 4940 2010.03.12 -
Norman 6.04.08 2010.03.13 -
nProtect 2009.1.8.0 2010.03.13 -
Panda 10.0.2.2 2010.03.13 -
PCTools 7.0.3.5 2010.03.13 -
Prevx 3.0 2010.03.13 -
Rising 22.38.04.03 2010.03.12 -
Sophos 4.51.0 2010.03.13 -
Sunbelt 5856 2010.03.13 -
Symantec 20091.2.0.41 2010.03.13 -
TheHacker 6.5.2.0.232 2010.03.13 -
TrendMicro 9.120.0.1004 2010.03.13 -
VBA32 3.12.12.2 2010.03.12 -
ViRobot 2010.3.13.2226 2010.03.13 -
VirusBuster 5.0.27.0 2010.03.13 -
Rozšiřující informace
File size: 578560 bytes
MD5 : e16e0990967374e76f3e40cacafd3d53
SHA1 : ba27aea7ff2fc295a04d1f3c43b8153c3da91992
SHA256: 1e80fa123c1d2557e1dc519d72b3fba6113dd1d8933efe0b96581cd067f0fa70
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xB217
timedatestamp.....: 0x4802CD7A (Mon Apr 14 05:20:26 2008)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5F283 0x5F400 6.65 6d8251c614bd1d941a7e50353a1b314c
.data 0x61000 0x1180 0xC00 2.37 775119e98796af9b8a849dd1f6e4f377
.rsrc 0x63000 0x2A10C 0x2A200 5.01 ebe666284220151c4d9906a1ef1cff9e
.reloc 0x8E000 0x2DE4 0x2E00 6.77 68ebe5a2d822be0663a3e935b39d0bae

( 0 imports )


( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ssdeep: 6144:QMtUG2qbvmfPYjo6QK86tQGdscawPX10BhTruuGVuKtNYmLlLyUTuyGEDSu3ZmDk:b2++fsZ86q5caW0VhG86xxcEPZmzn
sigcheck: publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
product......: Opera_n_ syst_m Microsoft_ Windows_
description..: Windows XP USER API Client DLL
original name: user32
internal name: user32
file version.: 5.1.2600.5512 (xpsp.080413-2105)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
CWSandbox: http://research.sunbelt-software.com/pa ... cacafd3d53
RDS : NSRL Reference Data Set
-

VAROVÁNÍ VAROVÁNÍ: VirusTotal je služba poskytovaná zdarma společnosti Hispasec

Soubor Eqnmirdd.sys přijatý 2010.05.21 18:00:34 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/40 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.21.00 2010.05.20 -
AntiVir 8.2.1.242 2010.05.21 -
Antiy-AVL 2.0.3.7 2010.05.21 -
Authentium 5.2.0.5 2010.05.21 -
Avast 4.8.1351.0 2010.05.21 -
Avast5 5.0.332.0 2010.05.21 -
AVG 9.0.0.787 2010.05.21 -
BitDefender 7.2 2010.05.21 -
CAT-QuickHeal 10.00 2010.05.21 -
ClamAV 0.96.0.3-git 2010.05.21 -
Comodo 4900 2010.05.21 -
DrWeb 5.0.2.03300 2010.05.21 -
eSafe 7.0.17.0 2010.05.20 -
eTrust-Vet 35.2.7502 2010.05.21 -
F-Prot 4.6.0.103 2010.05.20 -
F-Secure 9.0.15370.0 2010.05.21 -
Fortinet 4.1.133.0 2010.05.21 -
GData 21 2010.05.21 -
Ikarus T3.1.1.84.0 2010.05.21 -
Jiangmin 13.0.900 2010.05.21 -
Kaspersky 7.0.0.125 2010.05.21 -
McAfee 5.400.0.1158 2010.05.21 -
McAfee-GW-Edition 2010.1 2010.05.21 -
Microsoft 1.5802 2010.05.21 -
NOD32 5136 2010.05.21 -
Norman 6.04.12 2010.05.21 -
nProtect 2010-05-21.01 2010.05.21 -
Panda 10.0.2.7 2010.05.21 -
PCTools 7.0.3.5 2010.05.21 -
Rising 22.48.04.04 2010.05.21 -
Sophos 4.53.0 2010.05.21 -
Sunbelt 6334 2010.05.21 -
Symantec 20101.1.0.89 2010.05.21 -
TheHacker 6.5.2.0.284 2010.05.20 -
TrendMicro 9.120.0.1004 2010.05.21 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.21 -
VBA32 3.12.12.5 2010.05.21 -
ViRobot 2010.5.20.2326 2010.05.21 -
VirusBuster 5.0.27.0 2010.05.21 -
Rozšiřující informace
File size: 6107 bytes
MD5...: 9dfcb051e3f5c897961421225240d2e6
SHA1..: 093e61bd28293a76c474c1a70564b6f22178dcf0
SHA256: 280fc2570b8950b930c418f5a32fb4ce7dd188f1738e5409ae1f55939ebc7f79
ssdeep: 96:weUJ6xAnNNdNV5+jhehmv9Jpg8YX3QjJ3qZ3t43LXRl4T/GqbLmjuTWd:wf6x
And0npBYQjhqZ3SwCPd
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x52c
timedatestamp.....: 0x429c2733 (Tue May 31 08:58:27 2005)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2c0 0xa84 0xaa0 5.85 dfccd05f8070bf13935848ef76e8535b
.rdata 0xd60 0xb4 0xc0 2.47 55b3156905170df8d0b9e4a11b28006d
.data 0xe20 0xc 0x20 0.00 70bc8f4b72a86921468bf8e8441dce51
INIT 0xe40 0x222 0x240 4.88 eb0e42ea2ef9002d70667778a0d85f8a
.rsrc 0x1080 0x3c8 0x3e0 3.21 0f0c6963a769b25d1f2b71309899be44
.reloc 0x1460 0xc6 0xe0 3.67 e2a320b574d379eec6b4f2174059c3da

( 2 imports )
> ntoskrnl.exe: ExAllocatePoolWithTag, ZwSetValueKey, RtlAppendUnicodeToString, RtlInitUnicodeString, ZwEnumerateKey, MmBuildMdlForNonPagedPool, MmProbeAndLockPages, IoAllocateMdl, ZwClose, ZwOpenKey, MmUnlockPages, MmUnmapLockedPages, ZwQueryValueKey, MmMapLockedPagesSpecifyCache, ExFreePool, IoFreeMdl
> VIDEOPRT.SYS: VideoPortInt10, VideoPortZeroMemory, VideoPortInitialize

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: IBM Corp.
copyright....: (c) Copyright IBM Corp. 1996, 2004. All rights reserved.
product......: IBM Tivoli Remote Control
description..: IBM Tivoli Remote Control Miniport Driver
original name: Eqnmirdd.sys
internal name: Eqnmirdd.sys
file version.: 2.0.3.0
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned

Soubor ndis.sys přijatý 2010.05.21 02:52:10 (UTC)
Současný stav: Dokončeno
Výsledek: 0/41 (0.00%)
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.21.00 2010.05.20 -
AntiVir 8.2.1.242 2010.05.20 -
Antiy-AVL 2.0.3.7 2010.05.19 -
Authentium 5.2.0.5 2010.05.21 -
Avast 4.8.1351.0 2010.05.20 -
Avast5 5.0.332.0 2010.05.20 -
AVG 9.0.0.787 2010.05.20 -
BitDefender 7.2 2010.05.21 -
CAT-QuickHeal 10.00 2010.05.20 -
ClamAV 0.96.0.3-git 2010.05.21 -
Comodo 4897 2010.05.21 -
DrWeb 5.0.2.03300 2010.05.21 -
eSafe 7.0.17.0 2010.05.20 -
eTrust-Vet 35.2.7501 2010.05.20 -
F-Prot 4.6.0.103 2010.05.20 -
F-Secure 9.0.15370.0 2010.05.21 -
Fortinet 4.1.133.0 2010.05.20 -
GData 21 2010.05.21 -
Ikarus T3.1.1.84.0 2010.05.21 -
Jiangmin 13.0.900 2010.05.20 -
Kaspersky 7.0.0.125 2010.05.21 -
McAfee 5.400.0.1158 2010.05.21 -
McAfee-GW-Edition 2010.1 2010.05.20 -
Microsoft 1.5802 2010.05.20 -
NOD32 5133 2010.05.20 -
Norman 6.04.12 2010.05.20 -
nProtect 2010-05-20.02 2010.05.20 -
Panda 10.0.2.7 2010.05.20 -
PCTools 7.0.3.5 2010.05.21 -
Prevx 3.0 2010.05.21 -
Rising 22.48.04.01 2010.05.21 -
Sophos 4.53.0 2010.05.21 -
Sunbelt 6331 2010.05.21 -
Symantec 20101.1.0.89 2010.05.20 -
TheHacker 6.5.2.0.284 2010.05.20 -
TrendMicro 9.120.0.1004 2010.05.20 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.21 -
VBA32 3.12.12.5 2010.05.20 -
ViRobot 2010.5.20.2326 2010.05.20 -
VirusBuster 5.0.27.0 2010.05.21 -
Rozšiřující informace
File size: 182656 bytes
MD5 : 1df7f42665c94b825322fae71721130d
SHA1 : b8e7cce36011313b3b908c7ebfa598057847d340
SHA256: fe0dcb728471465b39a42a7511f4133021fba5df88f88bcb5fe2ff34cfd713f9
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x39105
timedatestamp.....: 0x48025D03 (Sun Apr 13 21:20:35 2008)
machinetype.......: 0x14C (Intel I386)

( 16 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0x56F9 0x5700 6.41 96ae3e7d4b54cdd29c0de009162eef7e
.rdata 0x5B80 0x504 0x580 5.20 041d70cc3aed48578be848dc47e39316
.data 0x6100 0xA78 0xA80 0.87 bac7845573b70c4539c4af447cb1bb75
PAGENPNP 0x6B80 0xEC0B 0xEC80 6.46 789cb7199349e9c83c0df68913fc68e4
PAGENDSP 0x15800 0x35BC 0x3600 6.37 db6587f00f71f77e939f18bfef43316f
PAGENDSM 0x18E00 0x5CCC 0x5D00 6.46 6d72571c2cc585816e8c40c7d955c3ba
PAGENDCO 0x1EB00 0x25DD 0x2600 6.37 488075e753b6887aa84713da3e15909a
PAGENDSF 0x21100 0x18DA 0x1900 6.35 c353c4eca24461e7f063cc3ff2d42ddb
PAGENDSE 0x22A00 0x12A4 0x1300 6.27 98988eaa9cee24a419c2b2f3c43ab1ae
PAGENDST 0x23D00 0xD7D 0xD80 6.49 f984580405adf4a4bddefea5c5fa137b
PAGENDSA 0x24A80 0x10C6 0x1100 6.37 10d5f5ea54fc04f6ff9ad1f9fb7ec70a
.edata 0x25B80 0x2559 0x2580 5.52 4e9be9ea659f7cea15058825f12b52f8
PAGE 0x28100 0xF98 0x1000 5.35 e490c30bdc097229eb86dd0e1b45b3a0
INIT 0x29100 0x1D14 0x1D80 6.01 c9cd4b5a9abf37c2b10a60181a3f2e15
.rsrc 0x2AE80 0x3E0 0x400 3.36 031b20e15238ac104a8c5cf753f0522c
.reloc 0x2B280 0x16F0 0x1700 6.75 8d90c4c92326950ec06264028062bbc6

( 0 imports )


( 0 exports )