Security Tool
Napsal: 16 črc 2010 16:11
dostal se mi do PC Security Tool, projel jsem jej Combofixem, vytvořil se mi log, ale nevím, co s ním
Log z combofixu vložte zde
.A přečtěte si varování o použití combofixu v mém podpise.
Stránka 1 z 1
Re: Security Tool
Napsal: 16 črc 2010 16:28
Hezké odpoledne
Log z combofixu vložte zde .
A přečtěte si varování o použití combofixu v mém podpise.
Log z combofixu vložte zde
.A přečtěte si varování o použití combofixu v mém podpise.
Re: Security Tool
Napsal: 16 črc 2010 16:41
jestli je lepší způsob, jak se toho viru zbavit, rád to udělám, díky
**********************************************************
ComboFix 10-07-15.03 - Pavka 16.07.2010 16:34:35.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2826 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavka\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100716-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-16 do 2010-07-16 )))))))))))))))))))))))))))))))
.
2010-07-14 15:42 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-17 09:15 . 2010-06-17 09:19 -------- d-----w- c:\program files\ICQ7.2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 17:02 . 2007-08-11 22:29 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-15 17:02 . 2007-08-11 22:29 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-11 23:16 . 2007-12-13 18:18 -------- d-----w- c:\program files\AstraScan Scanner
2010-07-11 22:23 . 2010-06-14 22:27 412035648 ----a-w- C:\sam.tmp
2010-07-11 20:02 . 2007-08-11 14:57 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-06-27 15:52 . 2001-10-25 12:00 505816 ----a-w- c:\windows\system32\perfh005.dat
2010-06-27 15:52 . 2001-10-25 12:00 109466 ----a-w- c:\windows\system32\perfc005.dat
2010-06-17 13:42 . 2009-01-26 12:16 -------- d-----w- c:\program files\ICQ6Toolbar
2010-06-17 09:15 . 2007-08-11 14:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-15 21:02 . 2008-08-04 15:18 -------- d-----w- c:\program files\Avast4
2010-06-14 14:31 . 2007-08-11 14:29 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-10 23:36 . 2010-06-10 23:33 -------- d-----w- c:\program files\MediaCoder
2010-06-06 14:34 . 2010-06-06 14:34 -------- d-----w- c:\program files\MSECache
2010-06-06 14:08 . 2009-07-10 15:20 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-17 20:30 . 2007-08-12 00:03 -------- d-----w- c:\program files\Google
2010-05-17 16:11 . 2008-10-22 14:40 -------- d-----w- c:\program files\DreamCom
2010-05-17 15:43 . 2007-08-12 00:03 -------- d-----w- c:\program files\IrfanView
2010-05-06 10:35 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-17 13:44 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2004-08-17 13:48 285696 ----a-w- c:\windows\system32\atmfd.dll
2004-10-01 14:00 . 2007-08-14 14:48 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2008-03-09 14:29 . 2008-03-09 14:29 0 --sh--w- c:\windows\S32096763.tmp
.
((((((((((((((((((((((((((((( SnapShot@2010-07-14_12.36.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-16 14:46 . 2010-07-16 14:46 16384 c:\windows\Temp\Perflib_Perfdata_970.dat
+ 2010-07-16 14:46 . 2010-07-16 14:46 16384 c:\windows\Temp\Perflib_Perfdata_888.dat
+ 2010-07-16 14:46 . 2010-07-16 14:46 16384 c:\windows\Temp\Perflib_Perfdata_704.dat
+ 2007-08-12 18:43 . 2010-07-14 15:48 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-04-19 12:01 . 2007-04-19 12:01 238424 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL
+ 2007-01-16 18:32 . 2007-01-16 18:32 136032 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSAEXP30.DLL
+ 2007-04-19 11:54 . 2007-04-19 11:54 169312 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\ACCWIZ.DLL
+ 2010-05-25 09:45 . 2010-05-25 09:45 8445440 c:\windows\Installer\6e0c5.msp
+ 2010-06-11 15:55 . 2010-06-11 15:55 1827328 c:\windows\Installer\6e0ad.msp
+ 2010-06-30 20:52 . 2010-06-30 20:52 5522944 c:\windows\Installer\6e093.msp
+ 2007-05-10 11:43 . 2007-05-10 11:43 6688096 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSACCESS.EXE
+ 2007-08-11 15:41 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe
+ 2010-06-11 15:52 . 2010-06-11 15:52 45542912 c:\windows\Installer\6e0ae.msp
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-14 68856]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-06-17 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"nwiz"="nwiz.exe" [2007-04-12 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
"GamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 380928]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-06-19 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-05-12 831488]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Pavka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
syscron.exe [2008-4-14 83456]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe [2003-7-17 217180]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-12 113664]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbk68.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Action Manager 32.lnk]
backup=c:\windows\pss\Action Manager 32.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Pavka^Nabídka Start^Programy^Po spuštění^Picture Motion Browser Media Check Tool.lnk]
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-11-03 19:53 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2007-08-02 14:30 3096576 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
2004-04-21 09:26 86016 ------w- c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 14:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 09:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-14 19:29 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"au"=c:\program files\Dealio\DealioAU.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\YouTube Batch Downloader\\bin\\utdman.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Eurekr.com\\1-Click YouTube Batch Downloader\\bin\\utdman.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4.8.2008 17:18 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.8.2008 17:18 20560]
R2 extradrv;Extra Driver;c:\windows\system32\drivers\extradrv.sys [5.11.2005 13:44 36352]
R2 FortiSslvpnDaemon;FortiClient SSL VPN;c:\windows\system32\FortiSSLVPNdaemon.exe [9.3.2009 16:07 518688]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [26.1.2009 14:16 246520]
R3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys [3.2.2009 12:43 36384]
S0 Winbk68;Winbk68;c:\windows\system32\Drivers\Winbk68.sys --> c:\windows\system32\Drivers\Winbk68.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\i:\ntglm7x.sys --> i:\NTGLM7X.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.10.2007 14:26 639224]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 13:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-06-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 12:17]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = 127.0.0.1:81
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Compare Prices with &Dealio - c:\documents and settings\Pavka\Data aplikací\Dealio\kb124\res\DealioSearch.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://asp08.photoprintit.de/microsite/4860/defaults/activex/ips/IPSUploader4.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp01.photoprintit.de/microsite/4860/defaults/activex/IPSUploader.cab
DPF: {F9740CE7-2A72-46DA-ACC3-E819FA57F3E1} - hxxps://www.vzp.cz/IISIPortal/docroot/podatelna ... Signer.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-16 16:47
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0xFCD4FEC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf616bf28
\Driver\ACPI -> ACPI.sys @ 0xf60becb8
\Driver\atapi -> atapi.sys @ 0xf6050852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0xe0c9810a
ParseProcedure -> ntoskrnl.exe @ 0xe0c29f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0xe0c9810a
ParseProcedure -> ntoskrnl.exe @ 0xe0c29f7a
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf5f49bb0
PacketIndicateHandler -> NDIS.sys @ 0xf5f56a21
SendHandler -> NDIS.sys @ 0xf5f3487b
user & kernel MBR OK
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3908)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avast4\aswUpdSv.exe
c:\program files\Avast4\ashServ.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Avast4\ashMaiSv.exe
c:\program files\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2010-07-16 16:56:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-16 14:56
ComboFix2.txt 2010-07-15 16:27
ComboFix3.txt 2010-07-14 12:38
Před spuštěním: Volných bajtů: 23 575 760 896
Po spuštění: Volných bajtů: 23 587 061 760
- - End Of File - - 0FB9A3F9E7E0D2B54556D2D3217F2CF5
**********************************************************
ComboFix 10-07-15.03 - Pavka 16.07.2010 16:34:35.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2826 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavka\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100716-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-16 do 2010-07-16 )))))))))))))))))))))))))))))))
.
2010-07-14 15:42 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-17 09:15 . 2010-06-17 09:19 -------- d-----w- c:\program files\ICQ7.2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 17:02 . 2007-08-11 22:29 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-15 17:02 . 2007-08-11 22:29 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-11 23:16 . 2007-12-13 18:18 -------- d-----w- c:\program files\AstraScan Scanner
2010-07-11 22:23 . 2010-06-14 22:27 412035648 ----a-w- C:\sam.tmp
2010-07-11 20:02 . 2007-08-11 14:57 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-06-27 15:52 . 2001-10-25 12:00 505816 ----a-w- c:\windows\system32\perfh005.dat
2010-06-27 15:52 . 2001-10-25 12:00 109466 ----a-w- c:\windows\system32\perfc005.dat
2010-06-17 13:42 . 2009-01-26 12:16 -------- d-----w- c:\program files\ICQ6Toolbar
2010-06-17 09:15 . 2007-08-11 14:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-15 21:02 . 2008-08-04 15:18 -------- d-----w- c:\program files\Avast4
2010-06-14 14:31 . 2007-08-11 14:29 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-10 23:36 . 2010-06-10 23:33 -------- d-----w- c:\program files\MediaCoder
2010-06-06 14:34 . 2010-06-06 14:34 -------- d-----w- c:\program files\MSECache
2010-06-06 14:08 . 2009-07-10 15:20 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-17 20:30 . 2007-08-12 00:03 -------- d-----w- c:\program files\Google
2010-05-17 16:11 . 2008-10-22 14:40 -------- d-----w- c:\program files\DreamCom
2010-05-17 15:43 . 2007-08-12 00:03 -------- d-----w- c:\program files\IrfanView
2010-05-06 10:35 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-17 13:44 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2004-08-17 13:48 285696 ----a-w- c:\windows\system32\atmfd.dll
2004-10-01 14:00 . 2007-08-14 14:48 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2008-03-09 14:29 . 2008-03-09 14:29 0 --sh--w- c:\windows\S32096763.tmp
.
((((((((((((((((((((((((((((( SnapShot@2010-07-14_12.36.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-16 14:46 . 2010-07-16 14:46 16384 c:\windows\Temp\Perflib_Perfdata_970.dat
+ 2010-07-16 14:46 . 2010-07-16 14:46 16384 c:\windows\Temp\Perflib_Perfdata_888.dat
+ 2010-07-16 14:46 . 2010-07-16 14:46 16384 c:\windows\Temp\Perflib_Perfdata_704.dat
+ 2007-08-12 18:43 . 2010-07-14 15:48 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-04-19 12:01 . 2007-04-19 12:01 238424 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL
+ 2007-01-16 18:32 . 2007-01-16 18:32 136032 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSAEXP30.DLL
+ 2007-04-19 11:54 . 2007-04-19 11:54 169312 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\ACCWIZ.DLL
+ 2010-05-25 09:45 . 2010-05-25 09:45 8445440 c:\windows\Installer\6e0c5.msp
+ 2010-06-11 15:55 . 2010-06-11 15:55 1827328 c:\windows\Installer\6e0ad.msp
+ 2010-06-30 20:52 . 2010-06-30 20:52 5522944 c:\windows\Installer\6e093.msp
+ 2007-05-10 11:43 . 2007-05-10 11:43 6688096 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSACCESS.EXE
+ 2007-08-11 15:41 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe
+ 2010-06-11 15:52 . 2010-06-11 15:52 45542912 c:\windows\Installer\6e0ae.msp
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-14 68856]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-06-17 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"nwiz"="nwiz.exe" [2007-04-12 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
"GamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 380928]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-06-19 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-05-12 831488]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Pavka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
syscron.exe [2008-4-14 83456]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe [2003-7-17 217180]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-12 113664]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbk68.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Action Manager 32.lnk]
backup=c:\windows\pss\Action Manager 32.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Pavka^Nabídka Start^Programy^Po spuštění^Picture Motion Browser Media Check Tool.lnk]
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-11-03 19:53 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2007-08-02 14:30 3096576 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
2004-04-21 09:26 86016 ------w- c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 14:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 09:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-14 19:29 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"au"=c:\program files\Dealio\DealioAU.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\YouTube Batch Downloader\\bin\\utdman.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Eurekr.com\\1-Click YouTube Batch Downloader\\bin\\utdman.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4.8.2008 17:18 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.8.2008 17:18 20560]
R2 extradrv;Extra Driver;c:\windows\system32\drivers\extradrv.sys [5.11.2005 13:44 36352]
R2 FortiSslvpnDaemon;FortiClient SSL VPN;c:\windows\system32\FortiSSLVPNdaemon.exe [9.3.2009 16:07 518688]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [26.1.2009 14:16 246520]
R3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys [3.2.2009 12:43 36384]
S0 Winbk68;Winbk68;c:\windows\system32\Drivers\Winbk68.sys --> c:\windows\system32\Drivers\Winbk68.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\i:\ntglm7x.sys --> i:\NTGLM7X.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.10.2007 14:26 639224]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 13:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-06-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 12:17]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = 127.0.0.1:81
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Compare Prices with &Dealio - c:\documents and settings\Pavka\Data aplikací\Dealio\kb124\res\DealioSearch.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://asp08.photoprintit.de/microsite/4860/defaults/activex/ips/IPSUploader4.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp01.photoprintit.de/microsite/4860/defaults/activex/IPSUploader.cab
DPF: {F9740CE7-2A72-46DA-ACC3-E819FA57F3E1} - hxxps://www.vzp.cz/IISIPortal/docroot/podatelna ... Signer.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-16 16:47
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0xFCD4FEC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf616bf28
\Driver\ACPI -> ACPI.sys @ 0xf60becb8
\Driver\atapi -> atapi.sys @ 0xf6050852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0xe0c9810a
ParseProcedure -> ntoskrnl.exe @ 0xe0c29f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0xe0c9810a
ParseProcedure -> ntoskrnl.exe @ 0xe0c29f7a
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf5f49bb0
PacketIndicateHandler -> NDIS.sys @ 0xf5f56a21
SendHandler -> NDIS.sys @ 0xf5f3487b
user & kernel MBR OK
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3908)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avast4\aswUpdSv.exe
c:\program files\Avast4\ashServ.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Avast4\ashMaiSv.exe
c:\program files\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2010-07-16 16:56:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-16 14:56
ComboFix2.txt 2010-07-15 16:27
ComboFix3.txt 2010-07-14 12:38
Před spuštěním: Volných bajtů: 23 575 760 896
Po spuštění: Volných bajtů: 23 587 061 760
- - End Of File - - 0FB9A3F9E7E0D2B54556D2D3217F2CF5
Re: Security Tool
Napsal: 16 črc 2010 16:50
Ještě Vás poprosím o log ze Rsitu, viz můj podpis a pak něco domažeme.
Nejde o to, že combofix je výborný skener, ale nemá se používat bez dozoru osoby, která tomu rozumí. Automaticky sice maže známé soubory, ale ty které nemá v databázi, nesmaže. Navíc může mít nějaké bugy, nedávno mazal důležitý systémový soubor a po restartu už počítač nenabootoval. Taky maže automaticky klíče v registrch, čímž mi dokonale smaže stopy v logu..prostě je spousta proti,proč combofix nepoužít hned, ale první vložit log ze Rsitu a držet se dalšího postupu rádce.
Nejde o to, že combofix je výborný skener, ale nemá se používat bez dozoru osoby, která tomu rozumí. Automaticky sice maže známé soubory, ale ty které nemá v databázi, nesmaže. Navíc může mít nějaké bugy, nedávno mazal důležitý systémový soubor a po restartu už počítač nenabootoval. Taky maže automaticky klíče v registrch, čímž mi dokonale smaže stopy v logu..prostě je spousta proti,proč combofix nepoužít hned, ale první vložit log ze Rsitu a držet se dalšího postupu rádce.
Re: Security Tool
Napsal: 16 črc 2010 19:46
klidně bych poslal log ze Rsitu, ale netuším, co to je a jak se k němu dostanu
Re: Security Tool
Napsal: 16 črc 2010 20:21
Logfile of random's system information tool 1.08 (written by random/random)
Run by Pavka at 2010-07-16 21:18:51
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 23 GB (28%) free of 81 GB
Total RAM: 3327 MB (80% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:19:03, on 16.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\FortiSSLVPNdaemon.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\tsnpstd3.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pavka\Plocha\RSIT.exe
C:\Program Files\trend micro\Pavka.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:81
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\4149\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: syscron.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Pavka\Data aplikací\Dealio\kb124\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://asp08.photoprintit.de/microsite/ ... oader4.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/4 ... oader4.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp01.photoprintit.de/microsite/ ... loader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F9740CE7-2A72-46DA-ACC3-E819FA57F3E1} (CSigner Class) - https://www.vzp.cz/IISIPortal/docroot/p ... Signer.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: FortiClient SSL VPN (FortiSslvpnDaemon) - Fortinet Inc. - C:\WINDOWS\system32\FortiSSLVPNdaemon.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 11706 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\4149\toolbaru.dll [2006-12-25 701952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-12 50376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
DealioBHO Class
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-28 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-05-17 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12 147456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2010-05-18 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2010-05-17 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-28 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-28 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-06-02 1018616]
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} -
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12 147456]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-05-17 256112]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-12 8429568]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-12 81920]
"GamerOSD"=C:\Program Files\ASUS\GamerOSD\GamerOSD.exe [2007-02-14 380928]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2006-04-29 94208]
"avast!"=C:\PROGRA~1\Avast4\ashDisp.exe [2009-11-25 81000]
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2006-06-19 262144]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-05-12 831488]
"USBToolTip"=C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2007-09-04 54576]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-03-09 26100520]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2007-09-04 95536]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-14 68856]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2010-06-17 133368]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-11-03 188416]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe [2007-08-02 3096576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe [2004-04-21 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-14 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Action Manager 32.lnk]
C:\PROGRA~1\ASTRAS~1\AM32.exe [2004-05-21 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pavka^Nabídka Start^Programy^Po spuštění^Picture Motion Browser Media Check Tool.lnk]
C:\PROGRA~1\Sony\SONYPI~1\VOLUME~1\SPUVOL~1.EXE [2007-01-15 344064]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
C:\Documents and Settings\Pavka\Nabídka Start\Programy\Po spuštění
syscron.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbk68.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winbk68.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoStartMenuPinnedList"=0
"NoStartMenuMFUprogramsList"=0
"NoUserNameInStartMenu"=0
"NoStartMenuSubFolders"=0
"NoCommonGroups"=0
"NoPrinterTabs"=0
"NoDeletePrinter"=0
"NoAddPrinter"=0
"NoPrinters"=0
"NoFavoritesMenu"=0
"NoDrives"=0
"NoRecentDocsNetHood"=0
"NoChangeAnimation"=0
"NoChangeKeyboardNavigationIndicators"=0
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\YouTube Batch Downloader\bin\utdman.exe"="C:\Program Files\YouTube Batch Downloader\bin\utdman.exe:*:Enabled:utdman"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Eurekr.com\1-Click YouTube Batch Downloader\bin\utdman.exe"="C:\Program Files\Eurekr.com\1-Click YouTube Batch Downloader\bin\utdman.exe:*:Enabled:utdman"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2010-07-16 21:18:51 ----D---- C:\rsit
2010-07-16 21:18:51 ----D---- C:\Program Files\trend micro
2010-07-16 21:15:22 ----SHD---- C:\RECYCLER
2010-07-16 16:56:29 ----A---- C:\ComboFix.txt
2010-07-14 21:50:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\delete
2010-07-14 17:48:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-14 14:21:03 ----A---- C:\WINDOWS\zip.exe
2010-07-14 14:21:03 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-07-14 14:21:03 ----A---- C:\WINDOWS\SWSC.exe
2010-07-14 14:21:03 ----A---- C:\WINDOWS\SWREG.exe
2010-07-14 14:21:03 ----A---- C:\WINDOWS\sed.exe
2010-07-14 14:21:03 ----A---- C:\WINDOWS\PEV.exe
2010-07-14 14:21:03 ----A---- C:\WINDOWS\NIRCMD.exe
2010-07-14 14:21:03 ----A---- C:\WINDOWS\MBR.exe
2010-07-14 14:21:03 ----A---- C:\WINDOWS\grep.exe
2010-07-14 14:20:46 ----D---- C:\WINDOWS\ERDNT
2010-07-14 14:17:53 ----D---- C:\Qoobox
2010-07-14 14:10:16 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-13 22:28:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\58428431
2010-07-13 22:27:12 ----RA---- C:\Documents and Settings\Pavka\Data aplikací\IIF1i.txt
2010-06-17 11:15:09 ----D---- C:\Program Files\ICQ7.2
======List of files/folders modified in the last 1 months======
2010-07-16 21:18:51 ----D---- C:\Program Files
2010-07-16 21:18:05 ----D---- C:\WINDOWS\Prefetch
2010-07-16 21:14:53 ----D---- C:\WINDOWS\Temp
2010-07-16 19:46:51 ----D---- C:\Documents and Settings\Pavka\Data aplikací\Skype
2010-07-16 17:22:33 ----A---- C:\WINDOWS\wincmd.ini
2010-07-16 16:56:36 ----D---- C:\WINDOWS\system32\drivers
2010-07-16 16:53:43 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-16 16:49:01 ----D---- C:\WINDOWS
2010-07-16 16:49:01 ----A---- C:\WINDOWS\system.ini
2010-07-16 16:47:38 ----D---- C:\Documents and Settings\Pavka\Data aplikací\ICQ
2010-07-16 16:46:47 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-16 16:44:47 ----D---- C:\WINDOWS\system32\config
2010-07-16 16:44:02 ----D---- C:\WINDOWS\system32
2010-07-16 16:41:28 ----D---- C:\WINDOWS\AppPatch
2010-07-16 16:41:26 ----D---- C:\Program Files\Common Files
2010-07-16 16:33:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-15 19:02:09 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-07-14 17:48:26 ----SHD---- C:\WINDOWS\Installer
2010-07-14 17:48:13 ----HD---- C:\WINDOWS\inf
2010-07-14 17:48:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-14 17:47:30 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-14 17:47:18 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-13 03:05:03 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-07-12 01:16:44 ----D---- C:\Program Files\AstraScan Scanner
2010-07-12 00:23:33 ----A---- C:\sam.tmp
2010-07-02 21:39:05 ----A---- C:\WINDOWS\system32\MRT.exe
2010-07-02 00:04:32 ----A---- C:\WINDOWS\NeroDigital.ini
2010-06-27 17:52:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-25 14:30:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2010-06-24 10:12:36 ----RSD---- C:\WINDOWS\assembly
2010-06-24 10:12:25 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-24 10:09:27 ----D---- C:\WINDOWS\WinSxS
2010-06-22 00:43:36 ----A---- C:\WINDOWS\MovingPicture.ini
2010-06-21 22:59:39 ----A---- C:\WINDOWS\DreamCom.INI
2010-06-17 15:42:19 ----D---- C:\Program Files\ICQ6Toolbar
2010-06-17 11:15:39 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-17 11:15:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 12416]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2007-02-14 11136]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2007-06-16 31616]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 extradrv;Extra Driver; C:\WINDOWS\system32\DRIVERS\extradrv.sys [2005-11-05 36352]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-04 4258496]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pppop;PPPoP WAN Adapter; C:\WINDOWS\system32\DRIVERS\pppop.sys [2009-02-03 36384]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2006-09-29 10752]
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-10-21 639224]
S0 Winbk68;Winbk68; C:\WINDOWS\System32\Drivers\Winbk68.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 GMSIPCI;GMSIPCI; \??\I:\INSTALL\GMSIPCI.SYS []
S3 mbr;mbr; \??\C:\DOCUME~1\Pavka\LOCALS~1\Temp\mbr.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSICPL;MSICPL; \??\I:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 NTACCESS;NTACCESS; \??\I:\NTACCESS.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-12 6738656]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-11-07 47360]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\I:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNPSTD3;StarCam Clip; C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2006-06-27 10148480]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-11-15 258560]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Avast4\ashServ.exe [2009-11-25 138680]
R2 FortiSslvpnDaemon;FortiClient SSL VPN; C:\WINDOWS\system32\FortiSSLVPNdaemon.exe [2009-03-09 518688]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-28 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-11-20 73728]
R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [2008-12-18 9158656]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-11 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-07-15 214520]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 UxTuneUp;TuneUp Design Expansion; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-12 163908]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-02-06 79360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-17 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-02-08 212480]
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [2005-05-03 323584]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
-----------------EOF-----------------
Run by Pavka at 2010-07-16 21:18:51
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 23 GB (28%) free of 81 GB
Total RAM: 3327 MB (80% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:19:03, on 16.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\FortiSSLVPNdaemon.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\tsnpstd3.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pavka\Plocha\RSIT.exe
C:\Program Files\trend micro\Pavka.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:81
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\4149\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: syscron.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Pavka\Data aplikací\Dealio\kb124\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://asp08.photoprintit.de/microsite/ ... oader4.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/4 ... oader4.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp01.photoprintit.de/microsite/ ... loader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F9740CE7-2A72-46DA-ACC3-E819FA57F3E1} (CSigner Class) - https://www.vzp.cz/IISIPortal/docroot/p ... Signer.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: FortiClient SSL VPN (FortiSslvpnDaemon) - Fortinet Inc. - C:\WINDOWS\system32\FortiSSLVPNdaemon.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 11706 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\4149\toolbaru.dll [2006-12-25 701952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-12 50376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
DealioBHO Class
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-28 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-05-17 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12 147456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2010-05-18 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2010-05-17 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-28 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-28 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-06-02 1018616]
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} -
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12 147456]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-05-17 256112]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-12 8429568]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-12 81920]
"GamerOSD"=C:\Program Files\ASUS\GamerOSD\GamerOSD.exe [2007-02-14 380928]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2006-04-29 94208]
"avast!"=C:\PROGRA~1\Avast4\ashDisp.exe [2009-11-25 81000]
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2006-06-19 262144]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-05-12 831488]
"USBToolTip"=C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2007-09-04 54576]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-03-09 26100520]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2007-09-04 95536]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-14 68856]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2010-06-17 133368]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-11-03 188416]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe [2007-08-02 3096576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe [2004-04-21 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-14 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Action Manager 32.lnk]
C:\PROGRA~1\ASTRAS~1\AM32.exe [2004-05-21 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pavka^Nabídka Start^Programy^Po spuštění^Picture Motion Browser Media Check Tool.lnk]
C:\PROGRA~1\Sony\SONYPI~1\VOLUME~1\SPUVOL~1.EXE [2007-01-15 344064]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
C:\Documents and Settings\Pavka\Nabídka Start\Programy\Po spuštění
syscron.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbk68.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winbk68.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoStartMenuPinnedList"=0
"NoStartMenuMFUprogramsList"=0
"NoUserNameInStartMenu"=0
"NoStartMenuSubFolders"=0
"NoCommonGroups"=0
"NoPrinterTabs"=0
"NoDeletePrinter"=0
"NoAddPrinter"=0
"NoPrinters"=0
"NoFavoritesMenu"=0
"NoDrives"=0
"NoRecentDocsNetHood"=0
"NoChangeAnimation"=0
"NoChangeKeyboardNavigationIndicators"=0
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\YouTube Batch Downloader\bin\utdman.exe"="C:\Program Files\YouTube Batch Downloader\bin\utdman.exe:*:Enabled:utdman"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Eurekr.com\1-Click YouTube Batch Downloader\bin\utdman.exe"="C:\Program Files\Eurekr.com\1-Click YouTube Batch Downloader\bin\utdman.exe:*:Enabled:utdman"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2010-07-16 21:18:51 ----D---- C:\rsit
2010-07-16 21:18:51 ----D---- C:\Program Files\trend micro
2010-07-16 21:15:22 ----SHD---- C:\RECYCLER
2010-07-16 16:56:29 ----A---- C:\ComboFix.txt
2010-07-14 21:50:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\delete
2010-07-14 17:48:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-14 14:21:03 ----A---- C:\WINDOWS\zip.exe
2010-07-14 14:21:03 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-07-14 14:21:03 ----A---- C:\WINDOWS\SWSC.exe
2010-07-14 14:21:03 ----A---- C:\WINDOWS\SWREG.exe
2010-07-14 14:21:03 ----A---- C:\WINDOWS\sed.exe
2010-07-14 14:21:03 ----A---- C:\WINDOWS\PEV.exe
2010-07-14 14:21:03 ----A---- C:\WINDOWS\NIRCMD.exe
2010-07-14 14:21:03 ----A---- C:\WINDOWS\MBR.exe
2010-07-14 14:21:03 ----A---- C:\WINDOWS\grep.exe
2010-07-14 14:20:46 ----D---- C:\WINDOWS\ERDNT
2010-07-14 14:17:53 ----D---- C:\Qoobox
2010-07-14 14:10:16 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-13 22:28:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\58428431
2010-07-13 22:27:12 ----RA---- C:\Documents and Settings\Pavka\Data aplikací\IIF1i.txt
2010-06-17 11:15:09 ----D---- C:\Program Files\ICQ7.2
======List of files/folders modified in the last 1 months======
2010-07-16 21:18:51 ----D---- C:\Program Files
2010-07-16 21:18:05 ----D---- C:\WINDOWS\Prefetch
2010-07-16 21:14:53 ----D---- C:\WINDOWS\Temp
2010-07-16 19:46:51 ----D---- C:\Documents and Settings\Pavka\Data aplikací\Skype
2010-07-16 17:22:33 ----A---- C:\WINDOWS\wincmd.ini
2010-07-16 16:56:36 ----D---- C:\WINDOWS\system32\drivers
2010-07-16 16:53:43 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-16 16:49:01 ----D---- C:\WINDOWS
2010-07-16 16:49:01 ----A---- C:\WINDOWS\system.ini
2010-07-16 16:47:38 ----D---- C:\Documents and Settings\Pavka\Data aplikací\ICQ
2010-07-16 16:46:47 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-16 16:44:47 ----D---- C:\WINDOWS\system32\config
2010-07-16 16:44:02 ----D---- C:\WINDOWS\system32
2010-07-16 16:41:28 ----D---- C:\WINDOWS\AppPatch
2010-07-16 16:41:26 ----D---- C:\Program Files\Common Files
2010-07-16 16:33:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-15 19:02:09 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-07-14 17:48:26 ----SHD---- C:\WINDOWS\Installer
2010-07-14 17:48:13 ----HD---- C:\WINDOWS\inf
2010-07-14 17:48:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-14 17:47:30 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-14 17:47:18 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-13 03:05:03 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-07-12 01:16:44 ----D---- C:\Program Files\AstraScan Scanner
2010-07-12 00:23:33 ----A---- C:\sam.tmp
2010-07-02 21:39:05 ----A---- C:\WINDOWS\system32\MRT.exe
2010-07-02 00:04:32 ----A---- C:\WINDOWS\NeroDigital.ini
2010-06-27 17:52:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-25 14:30:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2010-06-24 10:12:36 ----RSD---- C:\WINDOWS\assembly
2010-06-24 10:12:25 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-24 10:09:27 ----D---- C:\WINDOWS\WinSxS
2010-06-22 00:43:36 ----A---- C:\WINDOWS\MovingPicture.ini
2010-06-21 22:59:39 ----A---- C:\WINDOWS\DreamCom.INI
2010-06-17 15:42:19 ----D---- C:\Program Files\ICQ6Toolbar
2010-06-17 11:15:39 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-17 11:15:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 12416]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2007-02-14 11136]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2007-06-16 31616]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 extradrv;Extra Driver; C:\WINDOWS\system32\DRIVERS\extradrv.sys [2005-11-05 36352]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-04 4258496]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pppop;PPPoP WAN Adapter; C:\WINDOWS\system32\DRIVERS\pppop.sys [2009-02-03 36384]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2006-09-29 10752]
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-10-21 639224]
S0 Winbk68;Winbk68; C:\WINDOWS\System32\Drivers\Winbk68.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 GMSIPCI;GMSIPCI; \??\I:\INSTALL\GMSIPCI.SYS []
S3 mbr;mbr; \??\C:\DOCUME~1\Pavka\LOCALS~1\Temp\mbr.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSICPL;MSICPL; \??\I:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 NTACCESS;NTACCESS; \??\I:\NTACCESS.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-12 6738656]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-11-07 47360]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\I:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNPSTD3;StarCam Clip; C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2006-06-27 10148480]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-11-15 258560]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Avast4\ashServ.exe [2009-11-25 138680]
R2 FortiSslvpnDaemon;FortiClient SSL VPN; C:\WINDOWS\system32\FortiSSLVPNdaemon.exe [2009-03-09 518688]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-28 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-11-20 73728]
R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [2008-12-18 9158656]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-11 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-07-15 214520]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 UxTuneUp;TuneUp Design Expansion; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-12 163908]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-02-06 79360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-17 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-02-08 212480]
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [2005-05-03 323584]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
-----------------EOF-----------------
Re: Security Tool
Napsal: 16 črc 2010 21:42
to, co jsem poslal, je OK
Re: Security Tool
Napsal: 17 črc 2010 00:04
Ano, je. Omlouvám se, ale vypadl mi net 
.
Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Otestujte na http://www.virustotal.com
c:\windows\system32\dllcache\helpsvc.exe
c:\windows\system32\drivers\nStandard.bin
c:\windows\pss\Action Manager 32.lnk
c:\windows\system32\drivers\pppop.sys
-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.
Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
. Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
Collect::
c:\documents and settings\Pavka\Nabídka Start\Programy\Po spuštění\syscron.exe
C:\sam.tmp
C:\Documents and Settings\Pavka\Data aplikací\IIF1i.txt
Folder::
c:\program files\Dealio
C:\Documents and Settings\All Users\Data aplikací\58428431
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbk68.sys]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"au"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
Driver::
SetupNTGLM7X
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Otestujte na http://www.virustotal.comc:\windows\system32\dllcache\helpsvc.exe
c:\windows\system32\drivers\nStandard.bin
c:\windows\pss\Action Manager 32.lnk
c:\windows\system32\drivers\pppop.sys
-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.
Stahněte MBAM z mého podpisu-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Re: Security Tool
Napsal: 17 črc 2010 10:17
ComboFix 10-07-15.05 - Pavka 17.07.2010 10:48:42.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2837 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavka\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100716-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
file zipped: c:\documents and settings\Pavka\Data aplikací\IIF1i.txt
file zipped: c:\documents and settings\Pavka\Nabídka Start\Programy\Po spuštění\syscron.exe
file zipped: C:\sam.tmp
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\58428431
c:\documents and settings\Pavka\Data aplikací\IIF1i.txt
c:\documents and settings\Pavka\Nabídka Start\Programy\Po spuštění\syscron.exe
c:\program files\Dealio
c:\program files\Dealio\DealioAU.exe
c:\program files\Dealio\kb124\Dealio Deskbar.exe
c:\program files\Dealio\kb124\res\as_sidebar.html
c:\program files\Dealio\kb124\res\blank.gif
c:\program files\Dealio\kb124\res\deal_report.jpg
c:\program files\Dealio\kb124\res\DealioSearch.html
c:\program files\Dealio\kb124\res\deals-endcap.gif
c:\program files\Dealio\kb124\res\deals-leftcap.gif
c:\program files\Dealio\kb124\res\ebay_login.jpg
c:\program files\Dealio\kb124\res\endcap22-bg.png
c:\program files\Dealio\kb124\res\endcap22-left.png
c:\program files\Dealio\kb124\res\endcap22-right-arrow.png
c:\program files\Dealio\kb124\res\endcap22-right.png
c:\program files\Dealio\kb124\res\err_mainwindow.html
c:\program files\Dealio\kb124\res\err_sidebar.html
c:\program files\Dealio\kb124\res\err_toolbar.html
c:\program files\Dealio\kb124\res\ErrorPageTemplate.css
c:\program files\Dealio\kb124\res\global_scripts.js
c:\program files\Dealio\kb124\res\headerbgthin.jpg
c:\program files\Dealio\kb124\res\help.gif
c:\program files\Dealio\kb124\res\logo.png
c:\program files\Dealio\kb124\res\logo_over.png
c:\program files\Dealio\kb124\res\man_toolbar.html
c:\program files\Dealio\kb124\res\man_toolbar.js
c:\program files\Dealio\kb124\res\pill_bg.gif
c:\program files\Dealio\kb124\res\post-this-deal.gif
c:\program files\Dealio\kb124\res\post-this-deal_over.gif
c:\program files\Dealio\kb124\res\scripts.js
c:\program files\Dealio\kb124\res\scroller.js
c:\program files\Dealio\kb124\res\search-chevron.gif
c:\program files\Dealio\kb124\res\search_bg_blink.gif
c:\program files\Dealio\kb124\res\separator.gif
c:\program files\Dealio\kb124\res\settings.gif
c:\program files\Dealio\kb124\res\settings_over.gif
c:\program files\Dealio\kb124\res\sidebar.html
c:\program files\Dealio\kb124\res\steals_bg.gif
c:\program files\Dealio\kb124\res\tab_icon.png
c:\program files\Dealio\kb124\res\tabdata.js
c:\program files\Dealio\kb124\res\tablib.js
c:\program files\Dealio\kb124\res\tabwelcome_en.html
c:\program files\Dealio\kb124\res\toolbar_background.gif
c:\program files\Dealio\kb124\res\yahoo_search.gif
c:\program files\Dealio\kb124\rules\index.1.80.39
c:\program files\Dealio\kb124\rules\rules.1.10.76
c:\program files\Dealio\kb124\rules\rules.1.109.43
c:\program files\Dealio\kb124\rules\rules.1.110.43
c:\program files\Dealio\kb124\rules\rules.1.12.52
c:\program files\Dealio\kb124\rules\rules.1.13.58
c:\program files\Dealio\kb124\rules\rules.1.130.58
c:\program files\Dealio\kb124\rules\rules.1.135.50
c:\program files\Dealio\kb124\rules\rules.1.153.44
c:\program files\Dealio\kb124\rules\rules.1.155.43
c:\program files\Dealio\kb124\rules\rules.1.156.49
c:\program files\Dealio\kb124\rules\rules.1.16.60
c:\program files\Dealio\kb124\rules\rules.1.161.52
c:\program files\Dealio\kb124\rules\rules.1.178.66
c:\program files\Dealio\kb124\rules\rules.1.184.55
c:\program files\Dealio\kb124\rules\rules.1.188.52
c:\program files\Dealio\kb124\rules\rules.1.189.45
c:\program files\Dealio\kb124\rules\rules.1.196.43
c:\program files\Dealio\kb124\rules\rules.1.198.56
c:\program files\Dealio\kb124\rules\rules.1.199.43
c:\program files\Dealio\kb124\rules\rules.1.200.53
c:\program files\Dealio\kb124\rules\rules.1.201.43
c:\program files\Dealio\kb124\rules\rules.1.202.43
c:\program files\Dealio\kb124\rules\rules.1.203.71
c:\program files\Dealio\kb124\rules\rules.1.205.62
c:\program files\Dealio\kb124\rules\rules.1.213.71
c:\program files\Dealio\kb124\rules\rules.1.214.49
c:\program files\Dealio\kb124\rules\rules.1.215.43
c:\program files\Dealio\kb124\rules\rules.1.216.67
c:\program files\Dealio\kb124\rules\rules.1.217.67
c:\program files\Dealio\kb124\rules\rules.1.218.52
c:\program files\Dealio\kb124\rules\rules.1.219.43
c:\program files\Dealio\kb124\rules\rules.1.220.43
c:\program files\Dealio\kb124\rules\rules.1.221.57
c:\program files\Dealio\kb124\rules\rules.1.222.43
c:\program files\Dealio\kb124\rules\rules.1.223.68
c:\program files\Dealio\kb124\rules\rules.1.226.68
c:\program files\Dealio\kb124\rules\rules.1.227.43
c:\program files\Dealio\kb124\rules\rules.1.228.62
c:\program files\Dealio\kb124\rules\rules.1.229.76
c:\program files\Dealio\kb124\rules\rules.1.23.63
c:\program files\Dealio\kb124\rules\rules.1.239.43
c:\program files\Dealio\kb124\rules\rules.1.24.43
c:\program files\Dealio\kb124\rules\rules.1.240.43
c:\program files\Dealio\kb124\rules\rules.1.241.43
c:\program files\Dealio\kb124\rules\rules.1.242.43
c:\program files\Dealio\kb124\rules\rules.1.243.77
c:\program files\Dealio\kb124\rules\rules.1.244.63
c:\program files\Dealio\kb124\rules\rules.1.245.43
c:\program files\Dealio\kb124\rules\rules.1.247.43
c:\program files\Dealio\kb124\rules\rules.1.248.43
c:\program files\Dealio\kb124\rules\rules.1.249.43
c:\program files\Dealio\kb124\rules\rules.1.250.43
c:\program files\Dealio\kb124\rules\rules.1.251.43
c:\program files\Dealio\kb124\rules\rules.1.252.43
c:\program files\Dealio\kb124\rules\rules.1.253.43
c:\program files\Dealio\kb124\rules\rules.1.254.43
c:\program files\Dealio\kb124\rules\rules.1.255.43
c:\program files\Dealio\kb124\rules\rules.1.256.43
c:\program files\Dealio\kb124\rules\rules.1.257.43
c:\program files\Dealio\kb124\rules\rules.1.279.43
c:\program files\Dealio\kb124\rules\rules.1.28.58
c:\program files\Dealio\kb124\rules\rules.1.282.75
c:\program files\Dealio\kb124\rules\rules.1.283.43
c:\program files\Dealio\kb124\rules\rules.1.284.43
c:\program files\Dealio\kb124\rules\rules.1.289.67
c:\program files\Dealio\kb124\rules\rules.1.290.62
c:\program files\Dealio\kb124\rules\rules.1.291.61
c:\program files\Dealio\kb124\rules\rules.1.296.43
c:\program files\Dealio\kb124\rules\rules.1.297.43
c:\program files\Dealio\kb124\rules\rules.1.304.43
c:\program files\Dealio\kb124\rules\rules.1.307.43
c:\program files\Dealio\kb124\rules\rules.1.308.75
c:\program files\Dealio\kb124\rules\rules.1.31.47
c:\program files\Dealio\kb124\rules\rules.1.310.46
c:\program files\Dealio\kb124\rules\rules.1.311.43
c:\program files\Dealio\kb124\rules\rules.1.315.43
c:\program files\Dealio\kb124\rules\rules.1.316.43
c:\program files\Dealio\kb124\rules\rules.1.317.43
c:\program files\Dealio\kb124\rules\rules.1.318.43
c:\program files\Dealio\kb124\rules\rules.1.319.49
c:\program files\Dealio\kb124\rules\rules.1.32.48
c:\program files\Dealio\kb124\rules\rules.1.334.44
c:\program files\Dealio\kb124\rules\rules.1.335.60
c:\program files\Dealio\kb124\rules\rules.1.336.44
c:\program files\Dealio\kb124\rules\rules.1.337.44
c:\program files\Dealio\kb124\rules\rules.1.338.75
c:\program files\Dealio\kb124\rules\rules.1.339.47
c:\program files\Dealio\kb124\rules\rules.1.34.43
c:\program files\Dealio\kb124\rules\rules.1.340.47
c:\program files\Dealio\kb124\rules\rules.1.341.47
c:\program files\Dealio\kb124\rules\rules.1.349.50
c:\program files\Dealio\kb124\rules\rules.1.35.48
c:\program files\Dealio\kb124\rules\rules.1.350.50
c:\program files\Dealio\kb124\rules\rules.1.351.51
c:\program files\Dealio\kb124\rules\rules.1.352.77
c:\program files\Dealio\kb124\rules\rules.1.353.51
c:\program files\Dealio\kb124\rules\rules.1.354.51
c:\program files\Dealio\kb124\rules\rules.1.357.62
c:\program files\Dealio\kb124\rules\rules.1.358.52
c:\program files\Dealio\kb124\rules\rules.1.359.52
c:\program files\Dealio\kb124\rules\rules.1.360.53
c:\program files\Dealio\kb124\rules\rules.1.361.54
c:\program files\Dealio\kb124\rules\rules.1.362.68
c:\program files\Dealio\kb124\rules\rules.1.363.58
c:\program files\Dealio\kb124\rules\rules.1.364.54
c:\program files\Dealio\kb124\rules\rules.1.365.53
c:\program files\Dealio\kb124\rules\rules.1.367.56
c:\program files\Dealio\kb124\rules\rules.1.368.58
c:\program files\Dealio\kb124\rules\rules.1.369.55
c:\program files\Dealio\kb124\rules\rules.1.370.80
c:\program files\Dealio\kb124\rules\rules.1.371.56
c:\program files\Dealio\kb124\rules\rules.1.372.57
c:\program files\Dealio\kb124\rules\rules.1.373.55
c:\program files\Dealio\kb124\rules\rules.1.375.56
c:\program files\Dealio\kb124\rules\rules.1.376.57
c:\program files\Dealio\kb124\rules\rules.1.377.55
c:\program files\Dealio\kb124\rules\rules.1.378.65
c:\program files\Dealio\kb124\rules\rules.1.384.58
c:\program files\Dealio\kb124\rules\rules.1.386.71
c:\program files\Dealio\kb124\rules\rules.1.387.59
c:\program files\Dealio\kb124\rules\rules.1.388.59
c:\program files\Dealio\kb124\rules\rules.1.389.59
c:\program files\Dealio\kb124\rules\rules.1.390.60
c:\program files\Dealio\kb124\rules\rules.1.391.78
c:\program files\Dealio\kb124\rules\rules.1.392.60
c:\program files\Dealio\kb124\rules\rules.1.393.60
c:\program files\Dealio\kb124\rules\rules.1.394.60
c:\program files\Dealio\kb124\rules\rules.1.396.61
c:\program files\Dealio\kb124\rules\rules.1.397.61
c:\program files\Dealio\kb124\rules\rules.1.398.60
c:\program files\Dealio\kb124\rules\rules.1.399.60
c:\program files\Dealio\kb124\rules\rules.1.403.61
c:\program files\Dealio\kb124\rules\rules.1.404.63
c:\program files\Dealio\kb124\rules\rules.1.405.61
c:\program files\Dealio\kb124\rules\rules.1.406.61
c:\program files\Dealio\kb124\rules\rules.1.407.76
c:\program files\Dealio\kb124\rules\rules.1.408.63
c:\program files\Dealio\kb124\rules\rules.1.409.61
c:\program files\Dealio\kb124\rules\rules.1.412.62
c:\program files\Dealio\kb124\rules\rules.1.413.62
c:\program files\Dealio\kb124\rules\rules.1.414.62
c:\program files\Dealio\kb124\rules\rules.1.415.62
c:\program files\Dealio\kb124\rules\rules.1.416.62
c:\program files\Dealio\kb124\rules\rules.1.417.62
c:\program files\Dealio\kb124\rules\rules.1.418.62
c:\program files\Dealio\kb124\rules\rules.1.419.62
c:\program files\Dealio\kb124\rules\rules.1.420.62
c:\program files\Dealio\kb124\rules\rules.1.421.62
c:\program files\Dealio\kb124\rules\rules.1.423.77
c:\program files\Dealio\kb124\rules\rules.1.424.63
c:\program files\Dealio\kb124\rules\rules.1.425.63
c:\program files\Dealio\kb124\rules\rules.1.426.63
c:\program files\Dealio\kb124\rules\rules.1.427.63
c:\program files\Dealio\kb124\rules\rules.1.428.65
c:\program files\Dealio\kb124\rules\rules.1.429.63
c:\program files\Dealio\kb124\rules\rules.1.430.63
c:\program files\Dealio\kb124\rules\rules.1.432.65
c:\program files\Dealio\kb124\rules\rules.1.433.64
c:\program files\Dealio\kb124\rules\rules.1.434.65
c:\program files\Dealio\kb124\rules\rules.1.435.64
c:\program files\Dealio\kb124\rules\rules.1.436.76
c:\program files\Dealio\kb124\rules\rules.1.437.64
c:\program files\Dealio\kb124\rules\rules.1.438.71
c:\program files\Dealio\kb124\rules\rules.1.439.71
c:\program files\Dealio\kb124\rules\rules.1.440.75
c:\program files\Dealio\kb124\rules\rules.1.442.73
c:\program files\Dealio\kb124\rules\rules.1.443.73
c:\program files\Dealio\kb124\rules\rules.1.444.73
c:\program files\Dealio\kb124\rules\rules.1.445.68
c:\program files\Dealio\kb124\rules\rules.1.446.69
c:\program files\Dealio\kb124\rules\rules.1.450.67
c:\program files\Dealio\kb124\rules\rules.1.451.67
c:\program files\Dealio\kb124\rules\rules.1.452.68
c:\program files\Dealio\kb124\rules\rules.1.453.68
c:\program files\Dealio\kb124\rules\rules.1.454.69
c:\program files\Dealio\kb124\rules\rules.1.456.69
c:\program files\Dealio\kb124\rules\rules.1.457.75
c:\program files\Dealio\kb124\rules\rules.1.458.70
c:\program files\Dealio\kb124\rules\rules.1.459.70
c:\program files\Dealio\kb124\rules\rules.1.460.69
c:\program files\Dealio\kb124\rules\rules.1.462.74
c:\program files\Dealio\kb124\rules\rules.1.463.69
c:\program files\Dealio\kb124\rules\rules.1.464.70
c:\program files\Dealio\kb124\rules\rules.1.465.68
c:\program files\Dealio\kb124\rules\rules.1.468.70
c:\program files\Dealio\kb124\rules\rules.1.469.70
c:\program files\Dealio\kb124\rules\rules.1.470.70
c:\program files\Dealio\kb124\rules\rules.1.471.73
c:\program files\Dealio\kb124\rules\rules.1.472.70
c:\program files\Dealio\kb124\rules\rules.1.478.74
c:\program files\Dealio\kb124\rules\rules.1.479.73
c:\program files\Dealio\kb124\rules\rules.1.480.68
c:\program files\Dealio\kb124\rules\rules.1.481.71
c:\program files\Dealio\kb124\rules\rules.1.482.74
c:\program files\Dealio\kb124\rules\rules.1.49.67
c:\program files\Dealio\kb124\rules\rules.1.50.43
c:\program files\Dealio\kb124\rules\rules.1.500.71
c:\program files\Dealio\kb124\rules\rules.1.501.74
c:\program files\Dealio\kb124\rules\rules.1.502.71
c:\program files\Dealio\kb124\rules\rules.1.51.69
c:\program files\Dealio\kb124\rules\rules.1.52.72
c:\program files\Dealio\kb124\rules\rules.1.520.76
c:\program files\Dealio\kb124\rules\rules.1.521.76
c:\program files\Dealio\kb124\rules\rules.1.522.76
c:\program files\Dealio\kb124\rules\rules.1.53.51
c:\program files\Dealio\kb124\rules\rules.1.531.76
c:\program files\Dealio\kb124\rules\rules.1.532.75
c:\program files\Dealio\kb124\rules\rules.1.533.77
c:\program files\Dealio\kb124\rules\rules.1.534.75
c:\program files\Dealio\kb124\rules\rules.1.54.47
c:\program files\Dealio\kb124\rules\rules.1.55.45
c:\program files\Dealio\kb124\rules\rules.1.56.69
c:\program files\Dealio\kb124\rules\rules.1.57.43
c:\program files\Dealio\kb124\rules\rules.1.58.47
c:\program files\Dealio\kb124\rules\rules.1.591.79
c:\program files\Dealio\kb124\rules\rules.1.592.79
c:\program files\Dealio\kb124\rules\rules.1.593.76
c:\program files\Dealio\kb124\rules\rules.1.594.77
c:\program files\Dealio\kb124\rules\rules.1.595.76
c:\program files\Dealio\kb124\rules\rules.1.608.78
c:\program files\Dealio\kb124\rules\rules.1.610.80
c:\program files\Dealio\kb124\rules\rules.1.611.79
c:\program files\Dealio\kb124\rules\rules.1.614.79
c:\program files\Dealio\kb124\rules\rules.1.617.79
c:\program files\Dealio\kb124\rules\rules.1.624.80
c:\program files\Dealio\kb124\rules\rules.1.63.57
c:\program files\Dealio\kb124\rules\rules.1.640.80
c:\program files\Dealio\kb124\rules\rules.1.641.80
c:\program files\Dealio\kb124\rules\rules.1.66.47
c:\program files\Dealio\kb124\rules\rules.1.70.75
c:\program files\Dealio\kb124\rules\rules.1.71.43
C:\sam.tmp
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SETUPNTGLM7X
-------\Service_SetupNTGLM7X
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-17 do 2010-07-17 )))))))))))))))))))))))))))))))
.
2010-07-16 20:50 . 2010-07-16 20:50 217180 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-16 20:50 . 2010-07-16 20:50 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-16 20:50 . 2010-07-16 20:50 217180 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-16 20:50 . 2010-07-16 20:51 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-16 20:50 . 2010-06-07 23:57 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-16 20:50 . 2010-06-07 23:57 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-16 20:50 . 2010-06-07 23:57 2165352 ----a-w- c:\windows\system32\nvcuvid.dll
2010-07-16 20:50 . 2010-06-07 23:57 4554752 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-16 20:50 . 2010-06-07 23:57 2186342 ----a-w- c:\windows\system32\nvdata.bin
2010-07-16 20:50 . 2010-06-07 23:57 10256384 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-16 20:49 . 2010-07-16 20:49 -------- d-----w- C:\NVIDIA
2010-07-16 19:18 . 2010-07-16 21:53 -------- d-----w- C:\rsit
2010-07-16 19:18 . 2010-07-16 19:19 -------- d-----w- c:\program files\trend micro
2010-07-14 15:42 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-17 09:15 . 2010-06-17 09:19 -------- d-----w- c:\program files\ICQ7.2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 17:02 . 2007-08-11 22:29 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-15 17:02 . 2007-08-11 22:29 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-11 23:16 . 2007-12-13 18:18 -------- d-----w- c:\program files\AstraScan Scanner
2010-07-11 20:02 . 2007-08-11 14:57 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-06-27 15:52 . 2001-10-25 12:00 505816 ----a-w- c:\windows\system32\perfh005.dat
2010-06-27 15:52 . 2001-10-25 12:00 109466 ----a-w- c:\windows\system32\perfc005.dat
2010-06-17 13:42 . 2009-01-26 12:16 -------- d-----w- c:\program files\ICQ6Toolbar
2010-06-17 09:15 . 2007-08-11 14:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-15 21:02 . 2008-08-04 15:18 -------- d-----w- c:\program files\Avast4
2010-06-14 14:31 . 2007-08-11 14:29 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-10 23:36 . 2010-06-10 23:33 -------- d-----w- c:\program files\MediaCoder
2010-06-07 23:57 . 2007-08-11 14:56 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-06-07 23:57 . 2007-04-12 15:44 6300544 ----a-w- c:\windows\system32\nv4_disp.dll
2010-06-07 23:57 . 2007-04-12 15:44 232040 ----a-w- c:\windows\system32\nvcodins.dll
2010-06-07 23:57 . 2007-04-12 15:44 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-07 23:57 . 2007-04-12 15:44 15192064 ----a-w- c:\windows\system32\nvoglnt.dll
2010-06-07 23:57 . 2007-04-12 15:44 1359872 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 23:57 . 2007-04-12 15:44 10531200 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-06-06 14:34 . 2010-06-06 14:34 -------- d-----w- c:\program files\MSECache
2010-06-06 14:08 . 2009-07-10 15:20 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-28 10:58 . 2007-08-11 14:55 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-06 10:35 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-17 13:44 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2004-08-17 13:48 285696 ----a-w- c:\windows\system32\atmfd.dll
2004-10-01 14:00 . 2007-08-14 14:48 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2008-03-09 14:29 . 2008-03-09 14:29 0 --sh--w- c:\windows\S32096763.tmp
.
((((((((((((((((((((((((((((( SnapShot@2010-07-14_12.36.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-17 09:05 . 2010-07-17 09:05 16384 c:\windows\Temp\Perflib_Perfdata_b00.dat
+ 2010-07-17 09:05 . 2010-07-17 09:05 16384 c:\windows\Temp\Perflib_Perfdata_824.dat
+ 2010-07-17 09:04 . 2010-07-17 09:04 16384 c:\windows\Temp\Perflib_Perfdata_720.dat
+ 2010-06-07 15:35 . 2010-06-07 15:35 81920 c:\windows\system32\nvwddi.dll
- 2007-04-12 15:44 . 2007-04-12 15:44 81920 c:\windows\system32\nvwddi.dll
+ 2007-08-12 18:43 . 2010-07-14 15:48 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-06-07 15:35 . 2010-06-07 15:35 154728 c:\windows\system32\nvsvc32.exe
+ 2010-06-07 15:35 . 2010-06-07 15:35 126976 c:\windows\system32\nvrszht.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 229376 c:\windows\system32\nvrszhc.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 258048 c:\windows\system32\nvrstr.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 253952 c:\windows\system32\nvrsth.dll
- 2007-04-12 15:44 . 2007-04-12 15:44 253952 c:\windows\system32\nvrssv.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 253952 c:\windows\system32\nvrssv.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 258048 c:\windows\system32\nvrssl.dll
- 2007-04-12 15:44 . 2007-04-12 15:44 258048 c:\windows\system32\nvrssk.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 258048 c:\windows\system32\nvrssk.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 270336 c:\windows\system32\nvrsru.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 270336 c:\windows\system32\nvrsptb.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 274432 c:\windows\system32\nvrspt.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 258048 c:\windows\system32\nvrspl.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 253952 c:\windows\system32\nvrsno.dll
- 2007-04-12 15:44 . 2007-04-12 15:44 253952 c:\windows\system32\nvrsno.dll
- 2007-04-12 15:44 . 2007-04-12 15:44 274432 c:\windows\system32\nvrsnl.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 274432 c:\windows\system32\nvrsnl.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 266240 c:\windows\system32\nvrsko.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 270336 c:\windows\system32\nvrsja.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 282624 c:\windows\system32\nvrsit.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 262144 c:\windows\system32\nvrshu.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 331776 c:\windows\system32\nvrshe.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 286720 c:\windows\system32\nvrsfr.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 249856 c:\windows\system32\nvrsfi.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 274432 c:\windows\system32\nvrsesm.dll
- 2007-04-12 15:44 . 2007-04-12 15:44 274432 c:\windows\system32\nvrsesm.dll
- 2007-04-12 15:44 . 2007-04-12 15:44 282624 c:\windows\system32\nvrses.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 282624 c:\windows\system32\nvrses.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 249856 c:\windows\system32\nvrseng.dll
- 2007-04-12 15:44 . 2007-04-12 15:44 282624 c:\windows\system32\nvrsel.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 282624 c:\windows\system32\nvrsel.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 278528 c:\windows\system32\nvrsde.dll
- 2007-04-12 15:44 . 2007-04-12 15:44 253952 c:\windows\system32\nvrsda.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 253952 c:\windows\system32\nvrsda.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 249856 c:\windows\system32\nvrscs.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 335872 c:\windows\system32\nvrsar.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 110696 c:\windows\system32\nvmctray.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 277608 c:\windows\system32\nvmccs.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 145000 c:\windows\system32\nvcolor.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-04-19 12:01 . 2007-04-19 12:01 238424 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL
+ 2007-01-16 18:32 . 2007-01-16 18:32 136032 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSAEXP30.DLL
+ 2007-04-19 11:54 . 2007-04-19 11:54 169312 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\ACCWIZ.DLL
+ 2007-04-12 15:44 . 2010-06-07 23:57 6300544 c:\windows\system32\dllcache\nv4_disp.dll
+ 2010-05-25 09:45 . 2010-05-25 09:45 8445440 c:\windows\Installer\6e0c5.msp
+ 2010-06-11 15:55 . 2010-06-11 15:55 1827328 c:\windows\Installer\6e0ad.msp
+ 2010-06-30 20:52 . 2010-06-30 20:52 5522944 c:\windows\Installer\6e093.msp
+ 2010-07-16 20:51 . 2010-07-16 20:51 1604096 c:\windows\Installer\14e7144.msi
+ 2007-05-10 11:43 . 2007-05-10 11:43 6688096 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSACCESS.EXE
+ 2010-06-07 15:35 . 2010-06-07 15:35 13902440 c:\windows\system32\nvcpl.dll
+ 2007-08-11 15:41 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe
+ 2007-04-12 15:44 . 2010-06-07 23:57 10531200 c:\windows\system32\dllcache\nv4_mini.sys
+ 2010-06-11 15:52 . 2010-06-11 15:52 45542912 c:\windows\Installer\6e0ae.msp
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-14 68856]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-06-17 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"GamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 380928]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-06-19 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-05-12 831488]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe [2003-7-17 217180]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-12 113664]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Action Manager 32.lnk]
backup=c:\windows\pss\Action Manager 32.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Pavka^Nabídka Start^Programy^Po spuštění^Picture Motion Browser Media Check Tool.lnk]
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-11-03 19:53 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2007-08-02 14:30 3096576 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
2004-04-21 09:26 86016 ------w- c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 14:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 09:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-14 19:29 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\YouTube Batch Downloader\\bin\\utdman.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Eurekr.com\\1-Click YouTube Batch Downloader\\bin\\utdman.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4.8.2008 17:18 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.8.2008 17:18 20560]
R2 extradrv;Extra Driver;c:\windows\system32\drivers\extradrv.sys [5.11.2005 13:44 36352]
R2 FortiSslvpnDaemon;FortiClient SSL VPN;c:\windows\system32\FortiSSLVPNdaemon.exe [9.3.2009 16:07 518688]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [26.1.2009 14:16 246520]
R3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys [3.2.2009 12:43 36384]
S0 Winbk68;Winbk68;c:\windows\system32\Drivers\Winbk68.sys --> c:\windows\system32\Drivers\Winbk68.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.10.2007 14:26 639224]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 13:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-07-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 12:17]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = 127.0.0.1:81
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Compare Prices with &Dealio - c:\documents and settings\Pavka\Data aplikací\Dealio\kb124\res\DealioSearch.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://asp08.photoprintit.de/microsite/4860/defaults/activex/ips/IPSUploader4.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp01.photoprintit.de/microsite/4860/defaults/activex/IPSUploader.cab
DPF: {F9740CE7-2A72-46DA-ACC3-E819FA57F3E1} - hxxps://www.vzp.cz/IISIPortal/docroot/podatelna ... Signer.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-17 11:05
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0xFCD44EC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf616bf28
\Driver\ACPI -> ACPI.sys @ 0xf60becb8
\Driver\atapi -> atapi.sys @ 0xf6050852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0xe0c9810a
ParseProcedure -> ntoskrnl.exe @ 0xe0c29f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0xe0c9810a
ParseProcedure -> ntoskrnl.exe @ 0xe0c29f7a
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf5f49bb0
PacketIndicateHandler -> NDIS.sys @ 0xf5f56a21
SendHandler -> NDIS.sys @ 0xf5f3487b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-776561741-2139871995-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2972)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avast4\aswUpdSv.exe
c:\program files\Avast4\ashServ.exe
c:\windows\ATKKBService.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Avast4\ashMaiSv.exe
c:\program files\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2010-07-17 11:13:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-17 09:13
ComboFix2.txt 2010-07-16 14:56
ComboFix3.txt 2010-07-15 16:27
ComboFix4.txt 2010-07-14 12:38
Před spuštěním: Volných bajtů: 22 830 657 536
Po spuštění: Volných bajtů: 22 818 189 312
- - End Of File - - 9A47C1F1BCFDC7F76AB3965199B12821
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2837 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavka\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100716-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
file zipped: c:\documents and settings\Pavka\Data aplikací\IIF1i.txt
file zipped: c:\documents and settings\Pavka\Nabídka Start\Programy\Po spuštění\syscron.exe
file zipped: C:\sam.tmp
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\58428431
c:\documents and settings\Pavka\Data aplikací\IIF1i.txt
c:\documents and settings\Pavka\Nabídka Start\Programy\Po spuštění\syscron.exe
c:\program files\Dealio
c:\program files\Dealio\DealioAU.exe
c:\program files\Dealio\kb124\Dealio Deskbar.exe
c:\program files\Dealio\kb124\res\as_sidebar.html
c:\program files\Dealio\kb124\res\blank.gif
c:\program files\Dealio\kb124\res\deal_report.jpg
c:\program files\Dealio\kb124\res\DealioSearch.html
c:\program files\Dealio\kb124\res\deals-endcap.gif
c:\program files\Dealio\kb124\res\deals-leftcap.gif
c:\program files\Dealio\kb124\res\ebay_login.jpg
c:\program files\Dealio\kb124\res\endcap22-bg.png
c:\program files\Dealio\kb124\res\endcap22-left.png
c:\program files\Dealio\kb124\res\endcap22-right-arrow.png
c:\program files\Dealio\kb124\res\endcap22-right.png
c:\program files\Dealio\kb124\res\err_mainwindow.html
c:\program files\Dealio\kb124\res\err_sidebar.html
c:\program files\Dealio\kb124\res\err_toolbar.html
c:\program files\Dealio\kb124\res\ErrorPageTemplate.css
c:\program files\Dealio\kb124\res\global_scripts.js
c:\program files\Dealio\kb124\res\headerbgthin.jpg
c:\program files\Dealio\kb124\res\help.gif
c:\program files\Dealio\kb124\res\logo.png
c:\program files\Dealio\kb124\res\logo_over.png
c:\program files\Dealio\kb124\res\man_toolbar.html
c:\program files\Dealio\kb124\res\man_toolbar.js
c:\program files\Dealio\kb124\res\pill_bg.gif
c:\program files\Dealio\kb124\res\post-this-deal.gif
c:\program files\Dealio\kb124\res\post-this-deal_over.gif
c:\program files\Dealio\kb124\res\scripts.js
c:\program files\Dealio\kb124\res\scroller.js
c:\program files\Dealio\kb124\res\search-chevron.gif
c:\program files\Dealio\kb124\res\search_bg_blink.gif
c:\program files\Dealio\kb124\res\separator.gif
c:\program files\Dealio\kb124\res\settings.gif
c:\program files\Dealio\kb124\res\settings_over.gif
c:\program files\Dealio\kb124\res\sidebar.html
c:\program files\Dealio\kb124\res\steals_bg.gif
c:\program files\Dealio\kb124\res\tab_icon.png
c:\program files\Dealio\kb124\res\tabdata.js
c:\program files\Dealio\kb124\res\tablib.js
c:\program files\Dealio\kb124\res\tabwelcome_en.html
c:\program files\Dealio\kb124\res\toolbar_background.gif
c:\program files\Dealio\kb124\res\yahoo_search.gif
c:\program files\Dealio\kb124\rules\index.1.80.39
c:\program files\Dealio\kb124\rules\rules.1.10.76
c:\program files\Dealio\kb124\rules\rules.1.109.43
c:\program files\Dealio\kb124\rules\rules.1.110.43
c:\program files\Dealio\kb124\rules\rules.1.12.52
c:\program files\Dealio\kb124\rules\rules.1.13.58
c:\program files\Dealio\kb124\rules\rules.1.130.58
c:\program files\Dealio\kb124\rules\rules.1.135.50
c:\program files\Dealio\kb124\rules\rules.1.153.44
c:\program files\Dealio\kb124\rules\rules.1.155.43
c:\program files\Dealio\kb124\rules\rules.1.156.49
c:\program files\Dealio\kb124\rules\rules.1.16.60
c:\program files\Dealio\kb124\rules\rules.1.161.52
c:\program files\Dealio\kb124\rules\rules.1.178.66
c:\program files\Dealio\kb124\rules\rules.1.184.55
c:\program files\Dealio\kb124\rules\rules.1.188.52
c:\program files\Dealio\kb124\rules\rules.1.189.45
c:\program files\Dealio\kb124\rules\rules.1.196.43
c:\program files\Dealio\kb124\rules\rules.1.198.56
c:\program files\Dealio\kb124\rules\rules.1.199.43
c:\program files\Dealio\kb124\rules\rules.1.200.53
c:\program files\Dealio\kb124\rules\rules.1.201.43
c:\program files\Dealio\kb124\rules\rules.1.202.43
c:\program files\Dealio\kb124\rules\rules.1.203.71
c:\program files\Dealio\kb124\rules\rules.1.205.62
c:\program files\Dealio\kb124\rules\rules.1.213.71
c:\program files\Dealio\kb124\rules\rules.1.214.49
c:\program files\Dealio\kb124\rules\rules.1.215.43
c:\program files\Dealio\kb124\rules\rules.1.216.67
c:\program files\Dealio\kb124\rules\rules.1.217.67
c:\program files\Dealio\kb124\rules\rules.1.218.52
c:\program files\Dealio\kb124\rules\rules.1.219.43
c:\program files\Dealio\kb124\rules\rules.1.220.43
c:\program files\Dealio\kb124\rules\rules.1.221.57
c:\program files\Dealio\kb124\rules\rules.1.222.43
c:\program files\Dealio\kb124\rules\rules.1.223.68
c:\program files\Dealio\kb124\rules\rules.1.226.68
c:\program files\Dealio\kb124\rules\rules.1.227.43
c:\program files\Dealio\kb124\rules\rules.1.228.62
c:\program files\Dealio\kb124\rules\rules.1.229.76
c:\program files\Dealio\kb124\rules\rules.1.23.63
c:\program files\Dealio\kb124\rules\rules.1.239.43
c:\program files\Dealio\kb124\rules\rules.1.24.43
c:\program files\Dealio\kb124\rules\rules.1.240.43
c:\program files\Dealio\kb124\rules\rules.1.241.43
c:\program files\Dealio\kb124\rules\rules.1.242.43
c:\program files\Dealio\kb124\rules\rules.1.243.77
c:\program files\Dealio\kb124\rules\rules.1.244.63
c:\program files\Dealio\kb124\rules\rules.1.245.43
c:\program files\Dealio\kb124\rules\rules.1.247.43
c:\program files\Dealio\kb124\rules\rules.1.248.43
c:\program files\Dealio\kb124\rules\rules.1.249.43
c:\program files\Dealio\kb124\rules\rules.1.250.43
c:\program files\Dealio\kb124\rules\rules.1.251.43
c:\program files\Dealio\kb124\rules\rules.1.252.43
c:\program files\Dealio\kb124\rules\rules.1.253.43
c:\program files\Dealio\kb124\rules\rules.1.254.43
c:\program files\Dealio\kb124\rules\rules.1.255.43
c:\program files\Dealio\kb124\rules\rules.1.256.43
c:\program files\Dealio\kb124\rules\rules.1.257.43
c:\program files\Dealio\kb124\rules\rules.1.279.43
c:\program files\Dealio\kb124\rules\rules.1.28.58
c:\program files\Dealio\kb124\rules\rules.1.282.75
c:\program files\Dealio\kb124\rules\rules.1.283.43
c:\program files\Dealio\kb124\rules\rules.1.284.43
c:\program files\Dealio\kb124\rules\rules.1.289.67
c:\program files\Dealio\kb124\rules\rules.1.290.62
c:\program files\Dealio\kb124\rules\rules.1.291.61
c:\program files\Dealio\kb124\rules\rules.1.296.43
c:\program files\Dealio\kb124\rules\rules.1.297.43
c:\program files\Dealio\kb124\rules\rules.1.304.43
c:\program files\Dealio\kb124\rules\rules.1.307.43
c:\program files\Dealio\kb124\rules\rules.1.308.75
c:\program files\Dealio\kb124\rules\rules.1.31.47
c:\program files\Dealio\kb124\rules\rules.1.310.46
c:\program files\Dealio\kb124\rules\rules.1.311.43
c:\program files\Dealio\kb124\rules\rules.1.315.43
c:\program files\Dealio\kb124\rules\rules.1.316.43
c:\program files\Dealio\kb124\rules\rules.1.317.43
c:\program files\Dealio\kb124\rules\rules.1.318.43
c:\program files\Dealio\kb124\rules\rules.1.319.49
c:\program files\Dealio\kb124\rules\rules.1.32.48
c:\program files\Dealio\kb124\rules\rules.1.334.44
c:\program files\Dealio\kb124\rules\rules.1.335.60
c:\program files\Dealio\kb124\rules\rules.1.336.44
c:\program files\Dealio\kb124\rules\rules.1.337.44
c:\program files\Dealio\kb124\rules\rules.1.338.75
c:\program files\Dealio\kb124\rules\rules.1.339.47
c:\program files\Dealio\kb124\rules\rules.1.34.43
c:\program files\Dealio\kb124\rules\rules.1.340.47
c:\program files\Dealio\kb124\rules\rules.1.341.47
c:\program files\Dealio\kb124\rules\rules.1.349.50
c:\program files\Dealio\kb124\rules\rules.1.35.48
c:\program files\Dealio\kb124\rules\rules.1.350.50
c:\program files\Dealio\kb124\rules\rules.1.351.51
c:\program files\Dealio\kb124\rules\rules.1.352.77
c:\program files\Dealio\kb124\rules\rules.1.353.51
c:\program files\Dealio\kb124\rules\rules.1.354.51
c:\program files\Dealio\kb124\rules\rules.1.357.62
c:\program files\Dealio\kb124\rules\rules.1.358.52
c:\program files\Dealio\kb124\rules\rules.1.359.52
c:\program files\Dealio\kb124\rules\rules.1.360.53
c:\program files\Dealio\kb124\rules\rules.1.361.54
c:\program files\Dealio\kb124\rules\rules.1.362.68
c:\program files\Dealio\kb124\rules\rules.1.363.58
c:\program files\Dealio\kb124\rules\rules.1.364.54
c:\program files\Dealio\kb124\rules\rules.1.365.53
c:\program files\Dealio\kb124\rules\rules.1.367.56
c:\program files\Dealio\kb124\rules\rules.1.368.58
c:\program files\Dealio\kb124\rules\rules.1.369.55
c:\program files\Dealio\kb124\rules\rules.1.370.80
c:\program files\Dealio\kb124\rules\rules.1.371.56
c:\program files\Dealio\kb124\rules\rules.1.372.57
c:\program files\Dealio\kb124\rules\rules.1.373.55
c:\program files\Dealio\kb124\rules\rules.1.375.56
c:\program files\Dealio\kb124\rules\rules.1.376.57
c:\program files\Dealio\kb124\rules\rules.1.377.55
c:\program files\Dealio\kb124\rules\rules.1.378.65
c:\program files\Dealio\kb124\rules\rules.1.384.58
c:\program files\Dealio\kb124\rules\rules.1.386.71
c:\program files\Dealio\kb124\rules\rules.1.387.59
c:\program files\Dealio\kb124\rules\rules.1.388.59
c:\program files\Dealio\kb124\rules\rules.1.389.59
c:\program files\Dealio\kb124\rules\rules.1.390.60
c:\program files\Dealio\kb124\rules\rules.1.391.78
c:\program files\Dealio\kb124\rules\rules.1.392.60
c:\program files\Dealio\kb124\rules\rules.1.393.60
c:\program files\Dealio\kb124\rules\rules.1.394.60
c:\program files\Dealio\kb124\rules\rules.1.396.61
c:\program files\Dealio\kb124\rules\rules.1.397.61
c:\program files\Dealio\kb124\rules\rules.1.398.60
c:\program files\Dealio\kb124\rules\rules.1.399.60
c:\program files\Dealio\kb124\rules\rules.1.403.61
c:\program files\Dealio\kb124\rules\rules.1.404.63
c:\program files\Dealio\kb124\rules\rules.1.405.61
c:\program files\Dealio\kb124\rules\rules.1.406.61
c:\program files\Dealio\kb124\rules\rules.1.407.76
c:\program files\Dealio\kb124\rules\rules.1.408.63
c:\program files\Dealio\kb124\rules\rules.1.409.61
c:\program files\Dealio\kb124\rules\rules.1.412.62
c:\program files\Dealio\kb124\rules\rules.1.413.62
c:\program files\Dealio\kb124\rules\rules.1.414.62
c:\program files\Dealio\kb124\rules\rules.1.415.62
c:\program files\Dealio\kb124\rules\rules.1.416.62
c:\program files\Dealio\kb124\rules\rules.1.417.62
c:\program files\Dealio\kb124\rules\rules.1.418.62
c:\program files\Dealio\kb124\rules\rules.1.419.62
c:\program files\Dealio\kb124\rules\rules.1.420.62
c:\program files\Dealio\kb124\rules\rules.1.421.62
c:\program files\Dealio\kb124\rules\rules.1.423.77
c:\program files\Dealio\kb124\rules\rules.1.424.63
c:\program files\Dealio\kb124\rules\rules.1.425.63
c:\program files\Dealio\kb124\rules\rules.1.426.63
c:\program files\Dealio\kb124\rules\rules.1.427.63
c:\program files\Dealio\kb124\rules\rules.1.428.65
c:\program files\Dealio\kb124\rules\rules.1.429.63
c:\program files\Dealio\kb124\rules\rules.1.430.63
c:\program files\Dealio\kb124\rules\rules.1.432.65
c:\program files\Dealio\kb124\rules\rules.1.433.64
c:\program files\Dealio\kb124\rules\rules.1.434.65
c:\program files\Dealio\kb124\rules\rules.1.435.64
c:\program files\Dealio\kb124\rules\rules.1.436.76
c:\program files\Dealio\kb124\rules\rules.1.437.64
c:\program files\Dealio\kb124\rules\rules.1.438.71
c:\program files\Dealio\kb124\rules\rules.1.439.71
c:\program files\Dealio\kb124\rules\rules.1.440.75
c:\program files\Dealio\kb124\rules\rules.1.442.73
c:\program files\Dealio\kb124\rules\rules.1.443.73
c:\program files\Dealio\kb124\rules\rules.1.444.73
c:\program files\Dealio\kb124\rules\rules.1.445.68
c:\program files\Dealio\kb124\rules\rules.1.446.69
c:\program files\Dealio\kb124\rules\rules.1.450.67
c:\program files\Dealio\kb124\rules\rules.1.451.67
c:\program files\Dealio\kb124\rules\rules.1.452.68
c:\program files\Dealio\kb124\rules\rules.1.453.68
c:\program files\Dealio\kb124\rules\rules.1.454.69
c:\program files\Dealio\kb124\rules\rules.1.456.69
c:\program files\Dealio\kb124\rules\rules.1.457.75
c:\program files\Dealio\kb124\rules\rules.1.458.70
c:\program files\Dealio\kb124\rules\rules.1.459.70
c:\program files\Dealio\kb124\rules\rules.1.460.69
c:\program files\Dealio\kb124\rules\rules.1.462.74
c:\program files\Dealio\kb124\rules\rules.1.463.69
c:\program files\Dealio\kb124\rules\rules.1.464.70
c:\program files\Dealio\kb124\rules\rules.1.465.68
c:\program files\Dealio\kb124\rules\rules.1.468.70
c:\program files\Dealio\kb124\rules\rules.1.469.70
c:\program files\Dealio\kb124\rules\rules.1.470.70
c:\program files\Dealio\kb124\rules\rules.1.471.73
c:\program files\Dealio\kb124\rules\rules.1.472.70
c:\program files\Dealio\kb124\rules\rules.1.478.74
c:\program files\Dealio\kb124\rules\rules.1.479.73
c:\program files\Dealio\kb124\rules\rules.1.480.68
c:\program files\Dealio\kb124\rules\rules.1.481.71
c:\program files\Dealio\kb124\rules\rules.1.482.74
c:\program files\Dealio\kb124\rules\rules.1.49.67
c:\program files\Dealio\kb124\rules\rules.1.50.43
c:\program files\Dealio\kb124\rules\rules.1.500.71
c:\program files\Dealio\kb124\rules\rules.1.501.74
c:\program files\Dealio\kb124\rules\rules.1.502.71
c:\program files\Dealio\kb124\rules\rules.1.51.69
c:\program files\Dealio\kb124\rules\rules.1.52.72
c:\program files\Dealio\kb124\rules\rules.1.520.76
c:\program files\Dealio\kb124\rules\rules.1.521.76
c:\program files\Dealio\kb124\rules\rules.1.522.76
c:\program files\Dealio\kb124\rules\rules.1.53.51
c:\program files\Dealio\kb124\rules\rules.1.531.76
c:\program files\Dealio\kb124\rules\rules.1.532.75
c:\program files\Dealio\kb124\rules\rules.1.533.77
c:\program files\Dealio\kb124\rules\rules.1.534.75
c:\program files\Dealio\kb124\rules\rules.1.54.47
c:\program files\Dealio\kb124\rules\rules.1.55.45
c:\program files\Dealio\kb124\rules\rules.1.56.69
c:\program files\Dealio\kb124\rules\rules.1.57.43
c:\program files\Dealio\kb124\rules\rules.1.58.47
c:\program files\Dealio\kb124\rules\rules.1.591.79
c:\program files\Dealio\kb124\rules\rules.1.592.79
c:\program files\Dealio\kb124\rules\rules.1.593.76
c:\program files\Dealio\kb124\rules\rules.1.594.77
c:\program files\Dealio\kb124\rules\rules.1.595.76
c:\program files\Dealio\kb124\rules\rules.1.608.78
c:\program files\Dealio\kb124\rules\rules.1.610.80
c:\program files\Dealio\kb124\rules\rules.1.611.79
c:\program files\Dealio\kb124\rules\rules.1.614.79
c:\program files\Dealio\kb124\rules\rules.1.617.79
c:\program files\Dealio\kb124\rules\rules.1.624.80
c:\program files\Dealio\kb124\rules\rules.1.63.57
c:\program files\Dealio\kb124\rules\rules.1.640.80
c:\program files\Dealio\kb124\rules\rules.1.641.80
c:\program files\Dealio\kb124\rules\rules.1.66.47
c:\program files\Dealio\kb124\rules\rules.1.70.75
c:\program files\Dealio\kb124\rules\rules.1.71.43
C:\sam.tmp
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SETUPNTGLM7X
-------\Service_SetupNTGLM7X
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-17 do 2010-07-17 )))))))))))))))))))))))))))))))
.
2010-07-16 20:50 . 2010-07-16 20:50 217180 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-16 20:50 . 2010-07-16 20:50 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-16 20:50 . 2010-07-16 20:50 217180 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-16 20:50 . 2010-07-16 20:51 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-16 20:50 . 2010-06-07 23:57 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-16 20:50 . 2010-06-07 23:57 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-16 20:50 . 2010-06-07 23:57 2165352 ----a-w- c:\windows\system32\nvcuvid.dll
2010-07-16 20:50 . 2010-06-07 23:57 4554752 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-16 20:50 . 2010-06-07 23:57 2186342 ----a-w- c:\windows\system32\nvdata.bin
2010-07-16 20:50 . 2010-06-07 23:57 10256384 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-16 20:49 . 2010-07-16 20:49 -------- d-----w- C:\NVIDIA
2010-07-16 19:18 . 2010-07-16 21:53 -------- d-----w- C:\rsit
2010-07-16 19:18 . 2010-07-16 19:19 -------- d-----w- c:\program files\trend micro
2010-07-14 15:42 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-17 09:15 . 2010-06-17 09:19 -------- d-----w- c:\program files\ICQ7.2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 17:02 . 2007-08-11 22:29 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-15 17:02 . 2007-08-11 22:29 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-11 23:16 . 2007-12-13 18:18 -------- d-----w- c:\program files\AstraScan Scanner
2010-07-11 20:02 . 2007-08-11 14:57 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-06-27 15:52 . 2001-10-25 12:00 505816 ----a-w- c:\windows\system32\perfh005.dat
2010-06-27 15:52 . 2001-10-25 12:00 109466 ----a-w- c:\windows\system32\perfc005.dat
2010-06-17 13:42 . 2009-01-26 12:16 -------- d-----w- c:\program files\ICQ6Toolbar
2010-06-17 09:15 . 2007-08-11 14:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-15 21:02 . 2008-08-04 15:18 -------- d-----w- c:\program files\Avast4
2010-06-14 14:31 . 2007-08-11 14:29 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-10 23:36 . 2010-06-10 23:33 -------- d-----w- c:\program files\MediaCoder
2010-06-07 23:57 . 2007-08-11 14:56 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-06-07 23:57 . 2007-04-12 15:44 6300544 ----a-w- c:\windows\system32\nv4_disp.dll
2010-06-07 23:57 . 2007-04-12 15:44 232040 ----a-w- c:\windows\system32\nvcodins.dll
2010-06-07 23:57 . 2007-04-12 15:44 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-07 23:57 . 2007-04-12 15:44 15192064 ----a-w- c:\windows\system32\nvoglnt.dll
2010-06-07 23:57 . 2007-04-12 15:44 1359872 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 23:57 . 2007-04-12 15:44 10531200 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-06-06 14:34 . 2010-06-06 14:34 -------- d-----w- c:\program files\MSECache
2010-06-06 14:08 . 2009-07-10 15:20 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-28 10:58 . 2007-08-11 14:55 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-06 10:35 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-17 13:44 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2004-08-17 13:48 285696 ----a-w- c:\windows\system32\atmfd.dll
2004-10-01 14:00 . 2007-08-14 14:48 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2008-03-09 14:29 . 2008-03-09 14:29 0 --sh--w- c:\windows\S32096763.tmp
.
((((((((((((((((((((((((((((( SnapShot@2010-07-14_12.36.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-17 09:05 . 2010-07-17 09:05 16384 c:\windows\Temp\Perflib_Perfdata_b00.dat
+ 2010-07-17 09:05 . 2010-07-17 09:05 16384 c:\windows\Temp\Perflib_Perfdata_824.dat
+ 2010-07-17 09:04 . 2010-07-17 09:04 16384 c:\windows\Temp\Perflib_Perfdata_720.dat
+ 2010-06-07 15:35 . 2010-06-07 15:35 81920 c:\windows\system32\nvwddi.dll
- 2007-04-12 15:44 . 2007-04-12 15:44 81920 c:\windows\system32\nvwddi.dll
+ 2007-08-12 18:43 . 2010-07-14 15:48 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-06-07 15:35 . 2010-06-07 15:35 154728 c:\windows\system32\nvsvc32.exe
+ 2010-06-07 15:35 . 2010-06-07 15:35 126976 c:\windows\system32\nvrszht.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 229376 c:\windows\system32\nvrszhc.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 258048 c:\windows\system32\nvrstr.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 253952 c:\windows\system32\nvrsth.dll
- 2007-04-12 15:44 . 2007-04-12 15:44 253952 c:\windows\system32\nvrssv.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 253952 c:\windows\system32\nvrssv.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 258048 c:\windows\system32\nvrssl.dll
- 2007-04-12 15:44 . 2007-04-12 15:44 258048 c:\windows\system32\nvrssk.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 258048 c:\windows\system32\nvrssk.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 270336 c:\windows\system32\nvrsru.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 270336 c:\windows\system32\nvrsptb.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 274432 c:\windows\system32\nvrspt.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 258048 c:\windows\system32\nvrspl.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 253952 c:\windows\system32\nvrsno.dll
- 2007-04-12 15:44 . 2007-04-12 15:44 253952 c:\windows\system32\nvrsno.dll
- 2007-04-12 15:44 . 2007-04-12 15:44 274432 c:\windows\system32\nvrsnl.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 274432 c:\windows\system32\nvrsnl.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 266240 c:\windows\system32\nvrsko.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 270336 c:\windows\system32\nvrsja.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 282624 c:\windows\system32\nvrsit.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 262144 c:\windows\system32\nvrshu.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 331776 c:\windows\system32\nvrshe.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 286720 c:\windows\system32\nvrsfr.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 249856 c:\windows\system32\nvrsfi.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 274432 c:\windows\system32\nvrsesm.dll
- 2007-04-12 15:44 . 2007-04-12 15:44 274432 c:\windows\system32\nvrsesm.dll
- 2007-04-12 15:44 . 2007-04-12 15:44 282624 c:\windows\system32\nvrses.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 282624 c:\windows\system32\nvrses.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 249856 c:\windows\system32\nvrseng.dll
- 2007-04-12 15:44 . 2007-04-12 15:44 282624 c:\windows\system32\nvrsel.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 282624 c:\windows\system32\nvrsel.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 278528 c:\windows\system32\nvrsde.dll
- 2007-04-12 15:44 . 2007-04-12 15:44 253952 c:\windows\system32\nvrsda.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 253952 c:\windows\system32\nvrsda.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 249856 c:\windows\system32\nvrscs.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 335872 c:\windows\system32\nvrsar.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 110696 c:\windows\system32\nvmctray.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 277608 c:\windows\system32\nvmccs.dll
+ 2010-06-07 15:35 . 2010-06-07 15:35 145000 c:\windows\system32\nvcolor.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-08-12 18:43 . 2010-06-13 01:00 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-08-12 18:43 . 2010-07-14 15:48 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-04-19 12:01 . 2007-04-19 12:01 238424 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL
+ 2007-01-16 18:32 . 2007-01-16 18:32 136032 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSAEXP30.DLL
+ 2007-04-19 11:54 . 2007-04-19 11:54 169312 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\ACCWIZ.DLL
+ 2007-04-12 15:44 . 2010-06-07 23:57 6300544 c:\windows\system32\dllcache\nv4_disp.dll
+ 2010-05-25 09:45 . 2010-05-25 09:45 8445440 c:\windows\Installer\6e0c5.msp
+ 2010-06-11 15:55 . 2010-06-11 15:55 1827328 c:\windows\Installer\6e0ad.msp
+ 2010-06-30 20:52 . 2010-06-30 20:52 5522944 c:\windows\Installer\6e093.msp
+ 2010-07-16 20:51 . 2010-07-16 20:51 1604096 c:\windows\Installer\14e7144.msi
+ 2007-05-10 11:43 . 2007-05-10 11:43 6688096 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSACCESS.EXE
+ 2010-06-07 15:35 . 2010-06-07 15:35 13902440 c:\windows\system32\nvcpl.dll
+ 2007-08-11 15:41 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe
+ 2007-04-12 15:44 . 2010-06-07 23:57 10531200 c:\windows\system32\dllcache\nv4_mini.sys
+ 2010-06-11 15:52 . 2010-06-11 15:52 45542912 c:\windows\Installer\6e0ae.msp
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-14 68856]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-06-17 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"GamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 380928]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-06-19 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-05-12 831488]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe [2003-7-17 217180]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-12 113664]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Action Manager 32.lnk]
backup=c:\windows\pss\Action Manager 32.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Pavka^Nabídka Start^Programy^Po spuštění^Picture Motion Browser Media Check Tool.lnk]
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-11-03 19:53 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2007-08-02 14:30 3096576 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
2004-04-21 09:26 86016 ------w- c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 14:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 09:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-14 19:29 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\YouTube Batch Downloader\\bin\\utdman.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Eurekr.com\\1-Click YouTube Batch Downloader\\bin\\utdman.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4.8.2008 17:18 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.8.2008 17:18 20560]
R2 extradrv;Extra Driver;c:\windows\system32\drivers\extradrv.sys [5.11.2005 13:44 36352]
R2 FortiSslvpnDaemon;FortiClient SSL VPN;c:\windows\system32\FortiSSLVPNdaemon.exe [9.3.2009 16:07 518688]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [26.1.2009 14:16 246520]
R3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys [3.2.2009 12:43 36384]
S0 Winbk68;Winbk68;c:\windows\system32\Drivers\Winbk68.sys --> c:\windows\system32\Drivers\Winbk68.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.10.2007 14:26 639224]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 13:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-07-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 12:17]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = 127.0.0.1:81
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Compare Prices with &Dealio - c:\documents and settings\Pavka\Data aplikací\Dealio\kb124\res\DealioSearch.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://asp08.photoprintit.de/microsite/4860/defaults/activex/ips/IPSUploader4.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp01.photoprintit.de/microsite/4860/defaults/activex/IPSUploader.cab
DPF: {F9740CE7-2A72-46DA-ACC3-E819FA57F3E1} - hxxps://www.vzp.cz/IISIPortal/docroot/podatelna ... Signer.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-17 11:05
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0xFCD44EC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf616bf28
\Driver\ACPI -> ACPI.sys @ 0xf60becb8
\Driver\atapi -> atapi.sys @ 0xf6050852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0xe0c9810a
ParseProcedure -> ntoskrnl.exe @ 0xe0c29f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0xe0c9810a
ParseProcedure -> ntoskrnl.exe @ 0xe0c29f7a
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf5f49bb0
PacketIndicateHandler -> NDIS.sys @ 0xf5f56a21
SendHandler -> NDIS.sys @ 0xf5f3487b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-776561741-2139871995-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2972)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avast4\aswUpdSv.exe
c:\program files\Avast4\ashServ.exe
c:\windows\ATKKBService.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Avast4\ashMaiSv.exe
c:\program files\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2010-07-17 11:13:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-17 09:13
ComboFix2.txt 2010-07-16 14:56
ComboFix3.txt 2010-07-15 16:27
ComboFix4.txt 2010-07-14 12:38
Před spuštěním: Volných bajtů: 22 830 657 536
Po spuštění: Volných bajtů: 22 818 189 312
- - End Of File - - 9A47C1F1BCFDC7F76AB3965199B12821
Re: Security Tool
Napsal: 17 črc 2010 11:36
Pokračujte mbamem a virustotalem