Logfile of random's system information tool 1.06 (written by random/random)
Run by GuGo at 2010-11-12 18:19:52
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (8%) free of 21 GB
Total RAM: 767 MB (22% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20:09, on 12.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\nvsvc32.exe
C:\DOCUME~1\GuGo\LOCALS~1\Temp\3108.exe
C:\WINDOWS\system32\wavooj.exe
C:\WINDOWS\explorer.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe
C:\QIP Infium JadrisPack1\infium.exe
F:\Infiltrácie\RSIT.exe
F:\Infiltrácie\GuGo.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googleure.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: NewLockerz.com Toolbar - {44658024-1a78-446b-90c0-ce912bf6f44b} - C:\Program Files\LOCKERZ_Restock\tbLOC0.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: NewLockerz.com Toolbar - {44658024-1a78-446b-90c0-ce912bf6f44b} - C:\Program Files\LOCKERZ_Restock\tbLOC0.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NVIDIA driver monitor] C:\WINDOWS\nvsvc32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NVIDIA driver monitor] C:\WINDOWS\nvsvc32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} - C:\Documents and Settings\GuGo\AppData\LocalLow\Microńoft\redir.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
--
End of file - 8076 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-PC-GUGO-GuGo.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1060284298-1343024091-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1060284298-1343024091-1003UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-10-18 3908192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44658024-1a78-446b-90c0-ce912bf6f44b}]
NewLockerz.com Toolbar - C:\Program Files\LOCKERZ_Restock\tbLOC0.dll [2010-10-18 3908192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - C:\Program Files\Get Styles\enlbrdr.dll [2010-02-11 185856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-03 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-06-01 500208]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2010-03-09 15872]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-11-11 61440]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-02-20 135664]
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-11-11 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared files\brs.exe [2010-03-13 75048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MX Skype Recorder]
C:\Documents and Settings\All Users\Data aplikací\MXSkypeRecorder\MXSkypeRecorder.exe [2010-01-30 581272]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [2010-02-02 87336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
C:\Documents and Settings\GuGo\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoSMMyPictures"=1
"NoUserNameInStartMenu"=1
"NoSMHelp"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HideRunAsVerb"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"
"C:\Documents and Settings\GuGo\Dokumenty\Downloads\P1876832.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======File associations======
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
======List of files/folders created in the last 2 months======
2010-11-12 18:19:52 ----D---- C:\rsit
2010-11-12 14:56:06 ----A---- C:\WINDOWS\system32\besar.exe
2010-11-12 14:55:41 ----A---- C:\WINDOWS\system32\luquetookek.exe
2010-11-12 14:54:37 ----RSH---- C:\Documents and Settings\GuGo\Data aplikací\juzjf.exe
2010-11-12 14:54:02 ----A---- C:\QuickTime1.exe
2010-11-11 20:26:00 ----D---- C:\Program Files\ConduitEngine
2010-11-11 20:26:00 ----A---- C:\WINDOWS\system32\ConduitEngine.tmp
2010-11-11 20:24:52 ----RSH---- C:\WINDOWS\nvsvc32.exe
2010-10-29 14:20:22 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-10-25 19:10:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\MXSkypeRecorder
2010-10-24 19:27:25 ----D---- C:\Documents and Settings\GuGo\Data aplikací\COWON
2010-10-24 19:25:22 ----D---- C:\Program Files\Common Files\COWON
2010-10-24 19:25:19 ----D---- C:\Program Files\JetAudio
2010-10-24 19:25:00 ----D---- C:\Documents and Settings\GuGo\Data aplikací\InstallShield
2010-10-20 14:02:15 ----A---- C:\gr.txt
2010-10-14 20:03:14 ----A---- C:\aj.txt
2010-10-12 19:39:44 ----D---- C:\Documents and Settings\GuGo\Data aplikací\Nokia Ovi Suite
2010-10-12 17:28:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nokia
2010-10-12 17:25:24 ----D---- C:\Program Files\PC Connectivity Solution
2010-10-12 17:24:53 ----A---- C:\WINDOWS\system32\wdfcoinstaller01009.dll
2010-10-12 17:24:53 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2010-10-12 17:18:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2010-10-12 17:14:35 ----A---- C:\NokiaSoftwareUpdaterSetup_SK.exe
2010-10-12 16:12:42 ----D---- C:\UCPlayer
2010-10-12 15:29:15 ----D---- C:\CrazyHamster_fullS60v5
2010-10-11 15:54:31 ----D---- C:\QIP Infium JadrisPack1
2010-10-02 15:07:46 ----A---- C:\vtipy.txt
2010-09-25 12:19:51 ----D---- C:\Documents and Settings\GuGo\Data aplikací\CyberLink
2010-09-25 12:18:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2010-09-25 12:18:02 ----D---- C:\Program Files\Common Files\CyberLink
2010-09-25 12:11:30 ----D---- C:\Program Files\CyberLink
2010-09-25 12:11:30 ----A---- C:\WINDOWS\system32\msxml3a.dll
2010-09-19 18:00:27 ----D---- C:\Program Files\DVD Decrypter
======List of files/folders modified in the last 2 months======
2010-11-12 18:12:39 ----AD---- C:\WINDOWS\Temp
2010-11-12 18:07:47 ----D---- C:\WINDOWS\system32
2010-11-12 17:35:51 ----RSHD---- C:\RECYCLER
2010-11-12 17:35:32 ----A---- C:\WINDOWS\wincmd.ini
2010-11-12 14:44:41 ----A---- C:\WINDOWS\system32\LOCALSERVICE.INI
2010-11-12 14:44:33 ----A---- C:\WINDOWS\system32\bscs.ini
2010-11-12 13:49:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-12 09:38:45 ----SHD---- C:\WINDOWS\Installer
2010-11-11 20:26:00 ----RD---- C:\Program Files
2010-11-11 20:25:57 ----D---- C:\Program Files\LOCKERZ_Restock
2010-11-11 20:24:52 ----D---- C:\WINDOWS
2010-11-11 15:59:40 ----SD---- C:\WINDOWS\Tasks
2010-11-09 16:11:00 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-11-08 14:59:40 ----D---- C:\WINDOWS\Prefetch
2010-11-07 19:03:31 ----D---- C:\Documents and Settings\GuGo\Data aplikací\Skype
2010-11-07 18:05:17 ----D---- C:\Documents and Settings\GuGo\Data aplikací\skypePM
2010-11-07 10:46:54 ----D---- C:\Program Files\JDownloader 0.5.917
2010-10-31 09:23:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-28 14:47:27 ----D---- C:\Documents and Settings\GuGo\Data aplikací\uTorrent
2010-10-27 15:41:21 ----SH---- C:\boot.ini
2010-10-27 15:41:21 ----A---- C:\WINDOWS\win.ini
2010-10-27 15:41:21 ----A---- C:\WINDOWS\system.ini
2010-10-24 19:25:18 ----HD---- C:\Program Files\InstallShield Installation Information
2010-10-20 13:39:34 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-17 17:52:44 ----D---- C:\Program Files\Opera
2010-10-12 19:39:42 ----D---- C:\Documents and Settings\GuGo\Data aplikací\Nokia
2010-10-12 18:23:48 ----D---- C:\Documents and Settings\GuGo\Data aplikací\PC Suite
2010-10-12 17:52:16 ----D---- C:\WINDOWS\system32\drivers
2010-10-12 17:51:45 ----HD---- C:\WINDOWS\inf
2010-10-12 17:25:34 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-10-12 17:24:42 ----D---- C:\Program Files\Nokia
2010-10-12 17:22:02 ----D---- C:\WINDOWS\WinSxS
2010-10-11 16:42:33 ----A---- C:\WINDOWS\system32\REMOTEDEVICE.INI
2010-10-11 16:42:24 ----A---- C:\WINDOWS\system32\LOCALDEVICE.INI
2010-10-11 16:01:11 ----D---- C:\QIP Infium JadrisPack
2010-10-10 08:12:36 ----D---- C:\WINDOWS\pss
2010-10-09 13:27:51 ----D---- C:\Documents and Settings\GuGo\Data aplikací\Thinstall
2010-10-09 08:41:19 ----D---- C:\Program Files\uTorrent
2010-10-07 19:54:18 ----D---- C:\Documents and Settings\GuGo\Data aplikací\Opera
2010-10-06 12:51:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-10-06 12:51:04 ----D---- C:\Program Files\Adobe
2010-10-06 12:50:34 ----D---- C:\Program Files\Common Files\Adobe
2010-10-02 09:36:24 ----D---- C:\Documents and Settings\GuGo\Data aplikací\vlc
2010-10-02 09:31:01 ----D---- C:\Program Files\VideoLAN
2010-09-25 12:18:02 ----D---- C:\Program Files\Common Files
2010-09-25 12:11:17 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-09-25 12:11:08 ----A---- C:\WINDOWS\system32\msxml3r.dll
2010-09-19 14:46:34 ----D---- C:\Documents and Settings\GuGo\Data aplikací\DivX
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/09/25 13:18:26]; \??\C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl []
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-08-01 659228]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-05-04 60800]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2008-12-07 14088]
R3 btnetBUs;Bluetooth PAN Bus Service; C:\WINDOWS\System32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2006-09-22 92160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-05-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-26 81408]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2008-01-21 14856]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2009-01-08 31880]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2009-01-03 39304]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys []
S3 DrvAgent32;DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apache2.2;Apache2.2; C:\AppServ\Apache2.2\bin\httpd.exe [2008-01-17 24635]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 mysql;mysql; C:\AppServ\MySQL\bin\mysqld-nt --defaults-file=C:\AppServ\MySQL\my.ini mysql []
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2009-02-27 98407]
S2 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2009-02-27 850432]
S2 BsMobileCS;BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]
S2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-02-22 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 x27uoaa1;C-DillaSrv; C:\WINDOWS\system32\besar.exe [2010-11-12 201216]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2010-11-12 18:20:33
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Dreamweaver CS5-->C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{C79312BD-3E76-4474-A10C-1435D1856A4B}"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop CS5-->C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{15FEDA5F-141C-4127-8D7E-B962D1742728}"
Adobe Reader 9.4.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Alien Skin Blow Up-->C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\BLOWUP~1\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\BLOWUP~1\INSTALL.LOG
Alien Skin Eye Candy 5 Nature-->C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~1\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~1\INSTALL.LOG
AppServ 2.5.10 (remove only)-->C:\AppServ\Uninstall-AppServ2.5.10.exe
Audacity 1.3.12 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5-->MsiExec.exe /I{E031338C-839D-4EDD-9537-99B653C39D81}
Avance AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
AVI to 3GP 1.4-->"C:\Program Files\AVI to 3GP\unins000.exe"
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Balík Compatibility Pack pre systém Office 2007-->MsiExec.exe /X{90120000-0020-041B-0000-0000000FF1CE}
Bluesoleil 6.4.249.0-->MsiExec.exe /X{C0A871F9-D580-4404-9A69-A02CF3078C87}
BS.Player PRO-->"C:\Program Files\BSplayerPro\uninstall.exe"
Cool Edit Pro 2.1-->C:\Program Files\coolpro2\cep2unin.exe
CyberLink PowerDVD 10-->"C:\Program Files\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall
CyberLink PowerDVD 10-->"C:\Program Files\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall
DivX Setup-->C:\Documents and Settings\All Users\Data aplikací\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
DriverAgent by eSupport.com-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
FormatFactory 2.45-->C:\Program Files\FreeTime\FormatFactory\uninst.exe
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\Setup.exe"
Get Styles-->C:\Program Files\Get Styles\uninstall.exe
HijackThis 2.0.2-->"F:\Infiltrácie\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Image Grabber II-->"C:\Program Files\Image Grabber II\uninstall.exe"
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216019FF}
jetAudio Plus VX-->C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe -runfromtemp -l0x0005 -removeonly
K-Lite Mega Codec Pack 5.7.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LOCKERZ Restock Toolbar-->C:\PROGRA~1\LOCKER~1\UNWISE.EXE /U C:\PROGRA~1\LOCKER~1\INSTALL.LOG
MagicDisc 2.5.74-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Language Pack - CSY-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - CSY\install.exe
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY-->MsiExec.exe /I{A2C9CD1B-2551-3AED-B244-6698FB929FA6}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Czech Language Pack-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 Czech Language Pack\setup.exe
Microsoft .NET Framework 3.0 Czech Language Pack-->MsiExec.exe /X{FB09515C-8E3E-4E0F-A1F2-032F38DEC185}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY-->MsiExec.exe /I{546C143E-68DC-314D-97BC-1E454E3BA429}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - csy-->MsiExec.exe /I{DD73CA82-EA82-38AA-863D-9A24A018DC96}
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - csy\setup.exe
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Chart Controls for Microsoft .NET Framework 3.5-->MsiExec.exe /X{41785C66-90F2-40CE-8CB5-1C94BFC97280}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170405-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011041B-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (3.1)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{F1FDAA01-988C-423F-AC12-0D8F333943FD}
Nokia Music-->MsiExec.exe /I{BEC99D86-1D70-4AB8-8D15-E116392F9B7D}
Nokia Ovi Suite Software Updater-->MsiExec.exe /X{A0D65C73-F2C5-432F-8788-90F8A2E99B98}
Nokia Ovi Suite-->C:\Documents and Settings\All Users\Data aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
Nokia Ovi Suite-->MsiExec.exe /X{7B01FD07-1790-4EE9-B5E0-149527D70C7D}
Nokia Photos-->MsiExec.exe /I{D3656CE3-0F62-447F-AEF3-9BF29B6197D9}
Nokia Software Updater-->MsiExec.exe /X{7239A06F-235B-43B1-970D-7A411FD95683}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Opera 10.63-->MsiExec.exe /X{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}
Ovi Desktop Sync Engine-->MsiExec.exe /X{2D10FC46-1D96-44C4-8855-85F21B9B011E}
OviMPlatform-->MsiExec.exe /I{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}
PC Connectivity Solution-->MsiExec.exe /I{D0A858BE-A665-4C0D-BC5F-C37E534B7669}
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
PSPad editor-->"C:\Program Files\PSPad editor\Uninst\unins000.exe"
QIP Infium JadrisPack 3.1.1-->C:\QIP Infium JadrisPack\Uninstall.exe
QIP Infium JadrisPack 4.1.1-->C:\QIP Infium JadrisPack\Uninstall.exe
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sony Vegas Pro 8.0-->MsiExec.exe /X{1246FF64-3035-4A92-8FE6-A968275495EB}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamViewer 5-->C:\Program Files\TeamViewer\Version5\uninstall.exe
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Total Video Converter 3.20 090104-->"C:\Program Files\Total Video Converter\unins000.exe"
Unlocker 1.8.9-->C:\Program Files\Unlocker\uninst.exe
USB EHCI Driver-->C:\WINDOWS\UnSiSUSB.exe PCI\VEN_1039&DEV_7002
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server-->MsiExec.exe /X{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
Videora Nokia 5800 XpressMusic Converter 5.04-->C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
VirtualDubMOD 1.5.10.3 US-->"C:\Program Files\VirtualDubMOD\unins000.exe"
VLC media player 1.1.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation Language Pack (CSY)-->MsiExec.exe /X{AAB6D0F8-02B3-4E89-B24C-0BB153C21445}
Windows Workflow Foundation CS Language Pack-->MsiExec.exe /I{6EF72FC6-842E-4FE6-BF88-BFBF03C9DA74}
WinRAR archivátor-->C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Zoner GIF Animator 5-->MsiExec.exe /I{2EE90F26-20B3-4423-81DE-E57E5D2E4FEF}
=====HijackThis Backups=====
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-04-11]
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) [2010-11-12]
O3 - Toolbar: NewLockerz.com Toolbar - {44658024-1a78-446b-90c0-ce912bf6f44b} - C:\Program Files\LOCKERZ_Restock\tbLOC0.dll [2010-11-12]
O4 - HKLM\..\Run: [kimmoo] C:\WINDOWS\system32\luquetookek.exe [2010-11-12]
O4 - HKLM\..\Run: [Windows Firewall] C:\DOCUME~1\GuGo\LOCALS~1\Temp\lsass.exe [2010-11-12]
O4 - HKCU\..\Run: [Windows Firewall] C:\DOCUME~1\GuGo\LOCALS~1\Temp\lsass.exe [2010-11-12]
O4 - Startup: 0fjavrw.exe [2010-11-12]
O4 - Startup: 556exdk.exe [2010-11-12]
[2010-11-12]
O4 - Startup: AutorunsDisabled [2010-11-12]
O4 - Startup: bnecf56kh.exe [2010-11-12]
O4 - Startup: bsqd56qfth.exe [2010-11-12]
O4 - Startup: k0vwkdhsc56.exe [2010-11-12]
O4 - Startup: lbqrnsc5.exe [2010-11-12]
O4 - Startup: pbkgj56ui.exe [2010-11-12]
O4 - Startup: pegppwct.exe [2010-11-12]
O4 - Startup: sfdmm55so.exe [2010-11-12]
O15 - Trusted Zone: http://software.kuaiche.com [2010-11-12]
O23 - Service: C-DillaSrv (x27uoaa1) - Unknown owner - C:\WINDOWS\system32\besar.exe [2010-11-12]
O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\GuGo\hifyli.exe \u [2010-11-12]
======Hosts File======
127.0.0.1 activate.adobe.com
Securitycenter WMI appears to be broken
======System event log======
Computer Name: PC-GUGO
Event Code: 7023
Message: Služba Prohledávání počítačů byla ukončena s následující chybou:
Zadaná služba není nainstalovaná služba.
Record Number: 12531
Source Name: Service Control Manager
Time Written: 20101003170432.000000+120
Event Type: error
User:
Computer Name: PC-GUGO
Event Code: 7023
Message: Služba Prohledávání počítačů byla ukončena s následující chybou:
Zadaná služba není nainstalovaná služba.
Record Number: 12510
Source Name: Service Control Manager
Time Written: 20101003102021.000000+120
Event Type: error
User:
Computer Name: PC-GUGO
Event Code: 7023
Message: Služba Prohledávání počítačů byla ukončena s následující chybou:
Zadaná služba není nainstalovaná služba.
Record Number: 12489
Source Name: Service Control Manager
Time Written: 20101002190009.000000+120
Event Type: error
User:
Computer Name: PC-GUGO
Event Code: 7023
Message: Služba Prohledávání počítačů byla ukončena s následující chybou:
Zadaná služba není nainstalovaná služba.
Record Number: 12466
Source Name: Service Control Manager
Time Written: 20101002101423.000000+120
Event Type: error
User:
Computer Name: PC-GUGO
Event Code: 7023
Message: Služba Prohledávání počítačů byla ukončena s následující chybou:
Zadaná služba není nainstalovaná služba.
Record Number: 12444
Source Name: Service Control Manager
Time Written: 20101001144551.000000+120
Event Type: error
User:
=====Application event log=====
Computer Name: PC-GUGO
Event Code: 1
Message: 12/10/2010 19:20:28 (OviSuite) - ERROR - ContactsPlugin, Thread GUI, Line 161, .\Application\LocalizedStrings.cpp, CLocalizedStrings::getString(): Not correct order of ELocalizedString::eStringType = 60
Record Number: 5322
Source Name: OviSuite
Time Written: 20101012192028.000000+120
Event Type: error
User:
Computer Name: PC-GUGO
Event Code: 1
Message: 12/10/2010 19:20:28 (OviSuite) - ERROR - ContactsPlugin, Thread GUI, Line 161, .\Application\LocalizedStrings.cpp, CLocalizedStrings::getString(): Not correct order of ELocalizedString::eStringType = 58
Record Number: 5321
Source Name: OviSuite
Time Written: 20101012192028.000000+120
Event Type: error
User:
Computer Name: PC-GUGO
Event Code: 1
Message: 12/10/2010 19:20:28 (OviSuite) - ERROR - ContactsPlugin, Thread GUI, Line 161, .\Application\LocalizedStrings.cpp, CLocalizedStrings::getString(): Not correct order of ELocalizedString::eStringType = 58
Record Number: 5320
Source Name: OviSuite
Time Written: 20101012192028.000000+120
Event Type: error
User:
Computer Name: PC-GUGO
Event Code: 1
Message: 12/10/2010 19:20:28 (OviSuite) - ERROR - ContactsPlugin, Thread GUI, Line 161, .\Application\LocalizedStrings.cpp, CLocalizedStrings::getString(): Not correct order of ELocalizedString::eStringType = 55
Record Number: 5319
Source Name: OviSuite
Time Written: 20101012192028.000000+120
Event Type: error
User:
Computer Name: PC-GUGO
Event Code: 1
Message: 12/10/2010 19:20:28 (OviSuite) - ERROR - ContactsPlugin, Thread GUI, Line 161, .\Application\LocalizedStrings.cpp, CLocalizedStrings::getString(): Not correct order of ELocalizedString::eStringType = 54
Record Number: 5318
Source Name: OviSuite
Time Written: 20101012192028.000000+120
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\IVT Corporation\BlueSoleil\Mobile;C:\WINDOWS\system32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Vďaka.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Nejaké sračky + RSIT
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119428
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nejaké sračky + RSIT
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Nejaké sračky + RSIT
ComboFix 10-11-12.01 - GuGo 12.11.2010 18:47:43.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.767.246 [GMT 1:00]
Running from: c:\documents and settings\GuGo\Plocha\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\GuGo\Data aplikací\BITS
c:\documents and settings\GuGo\Data aplikací\BITS\BITS.ini
c:\documents and settings\GuGo\Data aplikací\BITS\DHTTable.dat
c:\documents and settings\GuGo\Data aplikací\BITS\ProxyList.ini
c:\documents and settings\GuGo\Data aplikací\FlashGetBHO
c:\documents and settings\GuGo\Data aplikací\FlashGetBHO\FlashGetBHO3.dll
c:\documents and settings\GuGo\Data aplikací\FlashGetBHO\FlashGetHook.dll
c:\documents and settings\GuGo\Data aplikací\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\GuGo\Data aplikací\FlashGetBHO\GetUrl.htm
c:\documents and settings\GuGo\secupdat.dat
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\domain_url_list_en.zip
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.ini
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_blue.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_classic.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_white.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\statdata\statinfo.dat
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet 3\perf.ini
c:\program files\FlashGet Network\FlashGet 3\pstat.dat
c:\program files\FlashGet Network\FlashGet 3\pup.dat
c:\recycler\S-1-5-21-2562833177-8757352006-495355468-4798\yv8g67.exe
c:\windows\libem.INI
c:\windows\nvsvc32.exe
c:\windows\system32\detoured.dll
c:\windows\system32\Drivers\wiycbnmr.sys
c:\windows\system32\secupdat.dat
c:\windows\system32\secustat.dat
c:\windows\system32\srsvc.dll . . . is infected!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_wiycbnmr
-------\Service_wiycbnmr
((((((((((((((((((((((((( Files Created from 2010-10-12 to 2010-11-12 )))))))))))))))))))))))))))))))
.
2010-11-12 17:34 . 2010-11-12 17:34 41 ----a-w- C:\min32.exe
2010-11-12 17:19 . 2010-11-12 17:20 -------- d-----w- C:\rsit
2010-11-12 13:56 . 2010-11-12 13:55 201216 ----a-w- c:\windows\system32\besar.exe
2010-11-12 13:55 . 2010-11-12 13:55 201216 ----a-w- c:\windows\system32\luquetookek.exe
2010-11-12 13:54 . 2010-11-12 13:54 91136 --sh--r- c:\documents and settings\GuGo\Data aplikací\juzjf.exe
2010-11-12 13:54 . 2010-11-12 14:14 91136 ----a-w- C:\QuickTime1.exe
2010-11-11 19:26 . 2010-11-11 19:26 -------- d-----w- c:\documents and settings\GuGo\Local Settings\Data aplikací\ConduitEngine
2010-11-11 19:26 . 2010-11-12 17:23 -------- d-----w- c:\program files\ConduitEngine
2010-11-11 19:26 . 2010-11-11 19:26 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-07 09:49 . 2010-11-07 09:50 -------- d-----w- c:\documents and settings\GuGo\Local Settings\Data aplikací\Deployment
2010-10-29 13:20 . 2010-10-29 13:20 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-10-25 18:10 . 2010-10-25 18:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MXSkypeRecorder
2010-10-24 18:27 . 2010-10-24 18:27 -------- d-----w- c:\documents and settings\GuGo\Data aplikací\COWON
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\program files\Common Files\COWON
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\program files\JetAudio
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\documents and settings\GuGo\Data aplikací\InstallShield
2010-10-24 14:22 . 2010-10-24 14:22 -------- d-----w- c:\documents and settings\GuGo\dwhelper
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-12 16:16 . 2010-10-12 16:14 36539336 ----a-w- C:\NokiaSoftwareUpdaterSetup_SK.exe
2010-10-12 15:00 . 2010-10-12 15:00 683158 ----a-w- C:\f-i-n-g-e-r_s-c-a-n.zip
2010-10-09 14:42 . 2010-10-09 14:42 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-09-25 11:11 . 2010-09-25 11:11 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-09-25 11:11 . 2001-10-25 14:00 49448 ----a-w- c:\windows\system32\msxml3r.dll
.
------- Sigcheck -------
[-] 2008-05-04 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
c:\windows\System32\srsvc.dll ... is missing !!
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\GuGo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-02-20 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-06-01 500208]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 100352]
c:\documents and settings\GuGo\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-03-13 10:58 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MX Skype Recorder]
2010-01-30 14:47 581272 ----a-w- c:\documents and settings\All Users\Data aplikací\MXSkypeRecorder\MXSkypeRecorder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\GuGo\\Dokumenty\\Downloads\\P1876832.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 22:39 20744]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/09/25 13:18];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [13.3.2010 11:58 87536]
R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [17.1.2008 18:37 24635]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27.2.2009 15:40 143467]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [11.2.2010 12:42 172328]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 11:44 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 13:58 26248]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [9.10.2010 15:42 23456]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
S4 x27uoaa1;C-DillaSrv;c:\windows\system32\besar.exe [12.11.2010 14:56 201216]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - IPNAT
*NewlyCreated* - SECLOGON
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
SENS
Tapisrv
Themes
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
Contents of the 'Scheduled Tasks' folder
2010-08-05 c:\windows\Tasks\AdobeAAMUpdater-1.0-PC-GUGO-GuGo.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-01 14:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://googleure.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
FF - ProfilePath - c:\documents and settings\GuGo\Data aplikací\Mozilla\Firefox\Profiles\k3vlghf7.default\
FF - prefs.js: browser.startup.homepage - hxxp://ahoolly.com
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{44658024-1a78-446b-90c0-ce912bf6f44b} - (no file)
WebBrowser-{44658024-1A78-446B-90C0-CE912BF6F44B} - (no file)
SafeBoot-wiycbnmr.sys
AddRemove-HijackThis - f:\infiltrácie\HijackThis.exe
AddRemove-SiS7002 - c:\windows\UnSiSUSB.exe PCI\VEN_1039&DEV_7002
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-12 18:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2780)
c:\program files\TeamViewer\Version5\tv.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\appserv\MySQL\bin\mysqld-nt.exe
c:\windows\system32\nvsvc32.exe
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\RUNDLL32.EXE
c:\documents and settings\GuGo\Local Settings\Data aplikací\Google\Update\1.2.183.39\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2010-11-12 19:01:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-12 18:01
Pre-Run: 1 923 440 640
Post-Run: 1 834 237 952
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - DD4D3C18537FE055FAF8DA3202D8D414
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.767.246 [GMT 1:00]
Running from: c:\documents and settings\GuGo\Plocha\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\GuGo\Data aplikací\BITS
c:\documents and settings\GuGo\Data aplikací\BITS\BITS.ini
c:\documents and settings\GuGo\Data aplikací\BITS\DHTTable.dat
c:\documents and settings\GuGo\Data aplikací\BITS\ProxyList.ini
c:\documents and settings\GuGo\Data aplikací\FlashGetBHO
c:\documents and settings\GuGo\Data aplikací\FlashGetBHO\FlashGetBHO3.dll
c:\documents and settings\GuGo\Data aplikací\FlashGetBHO\FlashGetHook.dll
c:\documents and settings\GuGo\Data aplikací\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\GuGo\Data aplikací\FlashGetBHO\GetUrl.htm
c:\documents and settings\GuGo\secupdat.dat
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\domain_url_list_en.zip
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.ini
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_blue.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_classic.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_white.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\statdata\statinfo.dat
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet 3\perf.ini
c:\program files\FlashGet Network\FlashGet 3\pstat.dat
c:\program files\FlashGet Network\FlashGet 3\pup.dat
c:\recycler\S-1-5-21-2562833177-8757352006-495355468-4798\yv8g67.exe
c:\windows\libem.INI
c:\windows\nvsvc32.exe
c:\windows\system32\detoured.dll
c:\windows\system32\Drivers\wiycbnmr.sys
c:\windows\system32\secupdat.dat
c:\windows\system32\secustat.dat
c:\windows\system32\srsvc.dll . . . is infected!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_wiycbnmr
-------\Service_wiycbnmr
((((((((((((((((((((((((( Files Created from 2010-10-12 to 2010-11-12 )))))))))))))))))))))))))))))))
.
2010-11-12 17:34 . 2010-11-12 17:34 41 ----a-w- C:\min32.exe
2010-11-12 17:19 . 2010-11-12 17:20 -------- d-----w- C:\rsit
2010-11-12 13:56 . 2010-11-12 13:55 201216 ----a-w- c:\windows\system32\besar.exe
2010-11-12 13:55 . 2010-11-12 13:55 201216 ----a-w- c:\windows\system32\luquetookek.exe
2010-11-12 13:54 . 2010-11-12 13:54 91136 --sh--r- c:\documents and settings\GuGo\Data aplikací\juzjf.exe
2010-11-12 13:54 . 2010-11-12 14:14 91136 ----a-w- C:\QuickTime1.exe
2010-11-11 19:26 . 2010-11-11 19:26 -------- d-----w- c:\documents and settings\GuGo\Local Settings\Data aplikací\ConduitEngine
2010-11-11 19:26 . 2010-11-12 17:23 -------- d-----w- c:\program files\ConduitEngine
2010-11-11 19:26 . 2010-11-11 19:26 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-07 09:49 . 2010-11-07 09:50 -------- d-----w- c:\documents and settings\GuGo\Local Settings\Data aplikací\Deployment
2010-10-29 13:20 . 2010-10-29 13:20 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-10-25 18:10 . 2010-10-25 18:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MXSkypeRecorder
2010-10-24 18:27 . 2010-10-24 18:27 -------- d-----w- c:\documents and settings\GuGo\Data aplikací\COWON
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\program files\Common Files\COWON
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\program files\JetAudio
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\documents and settings\GuGo\Data aplikací\InstallShield
2010-10-24 14:22 . 2010-10-24 14:22 -------- d-----w- c:\documents and settings\GuGo\dwhelper
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-12 16:16 . 2010-10-12 16:14 36539336 ----a-w- C:\NokiaSoftwareUpdaterSetup_SK.exe
2010-10-12 15:00 . 2010-10-12 15:00 683158 ----a-w- C:\f-i-n-g-e-r_s-c-a-n.zip
2010-10-09 14:42 . 2010-10-09 14:42 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-09-25 11:11 . 2010-09-25 11:11 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-09-25 11:11 . 2001-10-25 14:00 49448 ----a-w- c:\windows\system32\msxml3r.dll
.
------- Sigcheck -------
[-] 2008-05-04 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
c:\windows\System32\srsvc.dll ... is missing !!
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\GuGo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-02-20 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-06-01 500208]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 100352]
c:\documents and settings\GuGo\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-03-13 10:58 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MX Skype Recorder]
2010-01-30 14:47 581272 ----a-w- c:\documents and settings\All Users\Data aplikací\MXSkypeRecorder\MXSkypeRecorder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\GuGo\\Dokumenty\\Downloads\\P1876832.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 22:39 20744]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/09/25 13:18];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [13.3.2010 11:58 87536]
R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [17.1.2008 18:37 24635]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27.2.2009 15:40 143467]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [11.2.2010 12:42 172328]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 11:44 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 13:58 26248]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [9.10.2010 15:42 23456]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
S4 x27uoaa1;C-DillaSrv;c:\windows\system32\besar.exe [12.11.2010 14:56 201216]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - IPNAT
*NewlyCreated* - SECLOGON
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
SENS
Tapisrv
Themes
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
Contents of the 'Scheduled Tasks' folder
2010-08-05 c:\windows\Tasks\AdobeAAMUpdater-1.0-PC-GUGO-GuGo.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-01 14:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://googleure.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
FF - ProfilePath - c:\documents and settings\GuGo\Data aplikací\Mozilla\Firefox\Profiles\k3vlghf7.default\
FF - prefs.js: browser.startup.homepage - hxxp://ahoolly.com
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{44658024-1a78-446b-90c0-ce912bf6f44b} - (no file)
WebBrowser-{44658024-1A78-446B-90C0-CE912BF6F44B} - (no file)
SafeBoot-wiycbnmr.sys
AddRemove-HijackThis - f:\infiltrácie\HijackThis.exe
AddRemove-SiS7002 - c:\windows\UnSiSUSB.exe PCI\VEN_1039&DEV_7002
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-12 18:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2780)
c:\program files\TeamViewer\Version5\tv.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\appserv\MySQL\bin\mysqld-nt.exe
c:\windows\system32\nvsvc32.exe
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\RUNDLL32.EXE
c:\documents and settings\GuGo\Local Settings\Data aplikací\Google\Update\1.2.183.39\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2010-11-12 19:01:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-12 18:01
Pre-Run: 1 923 440 640
Post-Run: 1 834 237 952
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - DD4D3C18537FE055FAF8DA3202D8D414
-
Rudy
- Site Admin
- Příspěvky: 119428
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nejaké sračky + RSIT
1 Stáhněte 2 knihovny odtud:
http://www.driverskit.com/dll/srsvc.dll/3484.html
http://www.dll4free.com/regsvc.dll.html
a rozbalte je na plochu.
2. Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
http://www.driverskit.com/dll/srsvc.dll/3484.html
http://www.dll4free.com/regsvc.dll.html
a rozbalte je na plochu.
2. Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
C:\min32.exe
c:\windows\system32\besar.exe
c:\windows\system32\luquetookek.exe
c:\documents and settings\GuGo\Data aplikací\juzjf.exe
C:\QuickTime1.exe
Driver::
x27uoaa1
FCopy::
c:\documents and settings\GuGo\Plocha\srsvc.dll | c:\windows\system32\srsvc.dll
c:\documents and settings\GuGo\Plocha\regsvc.dll | c:\windows\system32\regsvc.dll
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Nejaké sračky + RSIT
Chcelo to CD s Windowsom, ale nechal som tam nakopírovať tie 2 knižnice čo som stiahol (nie z CD).
ComboFix 10-11-12.01 - GuGo 12.11.2010 19:28:50.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.767.210 [GMT 1:00]
Running from: c:\documents and settings\GuGo\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\GuGo\Plocha\CFScript.txt
* Created a new restore point
file zipped: c:\documents and settings\GuGo\Data aplikací\juzjf.exe
file zipped: C:\min32.exe
file zipped: C:\QuickTime1.exe
file zipped: c:\windows\system32\besar.exe
file zipped: c:\windows\system32\luquetookek.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\min32.exe
C:\QuickTime1.exe
c:\windows\system32\besar.exe
c:\windows\system32\luquetookek.exe
c:\windows\system32\srsvc.dll . . . is infected!!
.
--------------- FCopy ---------------
c:\documents and settings\GuGo\Plocha\srsvc.dll --> c:\windows\system32\srsvc.dll
c:\documents and settings\GuGo\Plocha\regsvc.dll --> c:\windows\system32\regsvc.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_X27UOAA1
-------\Service_x27uoaa1
((((((((((((((((((((((((( Files Created from 2010-10-12 to 2010-11-12 )))))))))))))))))))))))))))))))
.
2010-11-12 18:28 . 2010-11-12 18:24 75281 ----a-w- c:\windows\system32\srsvc.dll
2010-11-12 18:28 . 2004-05-13 16:19 51712 ----a-w- c:\windows\system32\regsvc.dll
2010-11-12 17:19 . 2010-11-12 17:20 -------- d-----w- C:\rsit
2010-11-12 13:54 . 2010-11-12 13:54 91136 --sha-r- c:\documents and settings\GuGo\Data aplikací\juzjf.exe
2010-11-11 19:26 . 2010-11-11 19:26 -------- d-----w- c:\documents and settings\GuGo\Local Settings\Data aplikací\ConduitEngine
2010-11-11 19:26 . 2010-11-12 17:23 -------- d-----w- c:\program files\ConduitEngine
2010-11-11 19:26 . 2010-11-11 19:26 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-07 09:49 . 2010-11-07 09:50 -------- d-----w- c:\documents and settings\GuGo\Local Settings\Data aplikací\Deployment
2010-10-29 13:20 . 2010-10-29 13:20 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-10-25 18:10 . 2010-10-25 18:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MXSkypeRecorder
2010-10-24 18:27 . 2010-10-24 18:27 -------- d-----w- c:\documents and settings\GuGo\Data aplikací\COWON
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\program files\Common Files\COWON
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\program files\JetAudio
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\documents and settings\GuGo\Data aplikací\InstallShield
2010-10-24 14:22 . 2010-10-24 14:22 -------- d-----w- c:\documents and settings\GuGo\dwhelper
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-12 16:16 . 2010-10-12 16:14 36539336 ----a-w- C:\NokiaSoftwareUpdaterSetup_SK.exe
2010-10-12 15:00 . 2010-10-12 15:00 683158 ----a-w- C:\f-i-n-g-e-r_s-c-a-n.zip
2010-10-09 14:42 . 2010-10-09 14:42 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-09-25 11:11 . 2010-09-25 11:11 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-09-25 11:11 . 2001-10-25 14:00 49448 ----a-w- c:\windows\system32\msxml3r.dll
.
------- Sigcheck -------
[-] 2008-05-04 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2010-11-12 18:24 . A3D13E85753D8090A97A09F5A700E8CB . 75281 . . [------] . . c:\windows\system32\srsvc.dll
[-] 2004-05-13 . 9DF4527D53613601D3F79946EAA1DCB1 . 51712 . . [5.1.2600.0] . . c:\windows\system32\regsvc.dll
c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2010-11-12_17.57.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-12 18:42 . 2010-11-12 18:42 16384 c:\windows\Temp\Perflib_Perfdata_544.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 65872 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2010-11-12 18:00 65872 c:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 75656 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2010-11-12 18:00 75656 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2010-11-12 18:00 424834 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 424834 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 421458 c:\windows\system32\perfh005.dat
+ 2001-10-25 14:00 . 2010-11-12 18:00 421458 c:\windows\system32\perfh005.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\GuGo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-02-20 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-06-01 500208]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 100352]
c:\documents and settings\GuGo\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-03-13 10:58 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MX Skype Recorder]
2010-01-30 14:47 581272 ----a-w- c:\documents and settings\All Users\Data aplikací\MXSkypeRecorder\MXSkypeRecorder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\GuGo\\Dokumenty\\Downloads\\P1876832.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 22:39 20744]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/09/25 13:18];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [13.3.2010 11:58 87536]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 11:44 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 13:58 26248]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [9.10.2010 15:42 23456]
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
SENS
Tapisrv
Themes
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
Contents of the 'Scheduled Tasks' folder
2010-08-05 c:\windows\Tasks\AdobeAAMUpdater-1.0-PC-GUGO-GuGo.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-01 14:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://googleure.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
FF - ProfilePath - c:\documents and settings\GuGo\Data aplikací\Mozilla\Firefox\Profiles\k3vlghf7.default\
FF - prefs.js: browser.startup.homepage - hxxp://ahoolly.com
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-12 19:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3760)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\appserv\Apache2.2\bin\httpd.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe
c:\appserv\Apache2.2\bin\httpd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\TeamViewer\Version5\TeamViewer_Service.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\RUNDLL32.EXE
c:\documents and settings\GuGo\Local Settings\Data aplikací\Google\Update\1.2.183.39\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2010-11-12 19:50:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-12 18:50
ComboFix2.txt 2010-11-12 18:01
Pre-Run: 1 840 070 656
Post-Run: 1 836 646 400
- - End Of File - - 53CA7596E80B0F3FF13CD0DB6ACC9E77
Upload was successful
ComboFix 10-11-12.01 - GuGo 12.11.2010 19:28:50.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.767.210 [GMT 1:00]
Running from: c:\documents and settings\GuGo\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\GuGo\Plocha\CFScript.txt
* Created a new restore point
file zipped: c:\documents and settings\GuGo\Data aplikací\juzjf.exe
file zipped: C:\min32.exe
file zipped: C:\QuickTime1.exe
file zipped: c:\windows\system32\besar.exe
file zipped: c:\windows\system32\luquetookek.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\min32.exe
C:\QuickTime1.exe
c:\windows\system32\besar.exe
c:\windows\system32\luquetookek.exe
c:\windows\system32\srsvc.dll . . . is infected!!
.
--------------- FCopy ---------------
c:\documents and settings\GuGo\Plocha\srsvc.dll --> c:\windows\system32\srsvc.dll
c:\documents and settings\GuGo\Plocha\regsvc.dll --> c:\windows\system32\regsvc.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_X27UOAA1
-------\Service_x27uoaa1
((((((((((((((((((((((((( Files Created from 2010-10-12 to 2010-11-12 )))))))))))))))))))))))))))))))
.
2010-11-12 18:28 . 2010-11-12 18:24 75281 ----a-w- c:\windows\system32\srsvc.dll
2010-11-12 18:28 . 2004-05-13 16:19 51712 ----a-w- c:\windows\system32\regsvc.dll
2010-11-12 17:19 . 2010-11-12 17:20 -------- d-----w- C:\rsit
2010-11-12 13:54 . 2010-11-12 13:54 91136 --sha-r- c:\documents and settings\GuGo\Data aplikací\juzjf.exe
2010-11-11 19:26 . 2010-11-11 19:26 -------- d-----w- c:\documents and settings\GuGo\Local Settings\Data aplikací\ConduitEngine
2010-11-11 19:26 . 2010-11-12 17:23 -------- d-----w- c:\program files\ConduitEngine
2010-11-11 19:26 . 2010-11-11 19:26 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-07 09:49 . 2010-11-07 09:50 -------- d-----w- c:\documents and settings\GuGo\Local Settings\Data aplikací\Deployment
2010-10-29 13:20 . 2010-10-29 13:20 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-10-25 18:10 . 2010-10-25 18:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MXSkypeRecorder
2010-10-24 18:27 . 2010-10-24 18:27 -------- d-----w- c:\documents and settings\GuGo\Data aplikací\COWON
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\program files\Common Files\COWON
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\program files\JetAudio
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\documents and settings\GuGo\Data aplikací\InstallShield
2010-10-24 14:22 . 2010-10-24 14:22 -------- d-----w- c:\documents and settings\GuGo\dwhelper
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-12 16:16 . 2010-10-12 16:14 36539336 ----a-w- C:\NokiaSoftwareUpdaterSetup_SK.exe
2010-10-12 15:00 . 2010-10-12 15:00 683158 ----a-w- C:\f-i-n-g-e-r_s-c-a-n.zip
2010-10-09 14:42 . 2010-10-09 14:42 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-09-25 11:11 . 2010-09-25 11:11 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-09-25 11:11 . 2001-10-25 14:00 49448 ----a-w- c:\windows\system32\msxml3r.dll
.
------- Sigcheck -------
[-] 2008-05-04 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2010-11-12 18:24 . A3D13E85753D8090A97A09F5A700E8CB . 75281 . . [------] . . c:\windows\system32\srsvc.dll
[-] 2004-05-13 . 9DF4527D53613601D3F79946EAA1DCB1 . 51712 . . [5.1.2600.0] . . c:\windows\system32\regsvc.dll
c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2010-11-12_17.57.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-12 18:42 . 2010-11-12 18:42 16384 c:\windows\Temp\Perflib_Perfdata_544.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 65872 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2010-11-12 18:00 65872 c:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 75656 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2010-11-12 18:00 75656 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2010-11-12 18:00 424834 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 424834 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 421458 c:\windows\system32\perfh005.dat
+ 2001-10-25 14:00 . 2010-11-12 18:00 421458 c:\windows\system32\perfh005.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\GuGo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-02-20 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-06-01 500208]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 100352]
c:\documents and settings\GuGo\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-03-13 10:58 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MX Skype Recorder]
2010-01-30 14:47 581272 ----a-w- c:\documents and settings\All Users\Data aplikací\MXSkypeRecorder\MXSkypeRecorder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\GuGo\\Dokumenty\\Downloads\\P1876832.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 22:39 20744]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/09/25 13:18];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [13.3.2010 11:58 87536]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 11:44 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 13:58 26248]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [9.10.2010 15:42 23456]
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
SENS
Tapisrv
Themes
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
Contents of the 'Scheduled Tasks' folder
2010-08-05 c:\windows\Tasks\AdobeAAMUpdater-1.0-PC-GUGO-GuGo.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-01 14:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://googleure.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
FF - ProfilePath - c:\documents and settings\GuGo\Data aplikací\Mozilla\Firefox\Profiles\k3vlghf7.default\
FF - prefs.js: browser.startup.homepage - hxxp://ahoolly.com
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-12 19:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3760)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\appserv\Apache2.2\bin\httpd.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe
c:\appserv\Apache2.2\bin\httpd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\TeamViewer\Version5\TeamViewer_Service.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\RUNDLL32.EXE
c:\documents and settings\GuGo\Local Settings\Data aplikací\Google\Update\1.2.183.39\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2010-11-12 19:50:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-12 18:50
ComboFix2.txt 2010-11-12 18:01
Pre-Run: 1 840 070 656
Post-Run: 1 836 646 400
- - End Of File - - 53CA7596E80B0F3FF13CD0DB6ACC9E77
Upload was successful
-
Rudy
- Site Admin
- Příspěvky: 119428
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nejaké sračky + RSIT
Ještě jednou spusťte CF tímto skriptem:
Mám obavy, že bude poškozen systém.Collect::
c:\documents and settings\GuGo\Data aplikací\juzjf.exe
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Nejaké sračky + RSIT
Vymazal som to cez Avenger. 
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "c:\documents and settings\GuGo\Data aplikací\juzjf.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "c:\documents and settings\GuGo\Data aplikací\juzjf.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
-
Rudy
- Site Admin
- Příspěvky: 119428
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nejaké sračky + RSIT
Ano, vymazáno. Poukud máte ještě nějaký problém (obávám se, že tam stále ještě něco je) udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Nejaké sračky + RSIT
Nič nenašiel.
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:52, on 13.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Virus Removal Tool\setup_9.0.0.722_13.11.2010_12-14\setup_9.0.0.722_13.11.2010_12-14.exe
C:\QIP Infium JadrisPack1\infium.exe
C:\totalcmd\TOTALCMD.EXE
F:\Infiltrácie\GuGo.exe
C:\DOCUME~1\GuGo\LOCALS~1\Temp\lsass.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googleure.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Firewall] C:\DOCUME~1\GuGo\LOCALS~1\Temp\lsass.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Windows Firewall] C:\DOCUME~1\GuGo\LOCALS~1\Temp\lsass.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: setup_9.0.0.722_13.11.2010_12-14.lnk = D:\Virus Removal Tool\setup_9.0.0.722_13.11.2010_12-14\startup.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: ClipSrv - Unknown owner - C:\WINDOWS\system32\clipsrv.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
--
End of file - 7340 bytes
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:52, on 13.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Virus Removal Tool\setup_9.0.0.722_13.11.2010_12-14\setup_9.0.0.722_13.11.2010_12-14.exe
C:\QIP Infium JadrisPack1\infium.exe
C:\totalcmd\TOTALCMD.EXE
F:\Infiltrácie\GuGo.exe
C:\DOCUME~1\GuGo\LOCALS~1\Temp\lsass.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googleure.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Firewall] C:\DOCUME~1\GuGo\LOCALS~1\Temp\lsass.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Windows Firewall] C:\DOCUME~1\GuGo\LOCALS~1\Temp\lsass.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: setup_9.0.0.722_13.11.2010_12-14.lnk = D:\Virus Removal Tool\setup_9.0.0.722_13.11.2010_12-14\startup.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: ClipSrv - Unknown owner - C:\WINDOWS\system32\clipsrv.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
--
End of file - 7340 bytes
-
Rudy
- Site Admin
- Příspěvky: 119428
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nejaké sračky + RSIT
Vrátíme se k ComboFixu. Spusťte jej ještě jednou s tímto skriptem:
Collect::
C:\DOCUME~1\GuGo\LOCALS~1\Temp\lsass.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Firewall"=-
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Nejaké sračky + RSIT
ComboFix 10-11-12.01 - GuGo 14.11.2010 10:07:29.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.767.495 [GMT 1:00]
Running from: c:\documents and settings\GuGo\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\GuGo\Plocha\CFScript.txt
* Created a new restore point
file zipped: c:\docume~1\GuGo\LOCALS~1\Temp\lsass.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\GuGo\LOCALS~1\Temp\lsass.exe
c:\documents and settings\GuGo\QGVLBQGWMC.exe
c:\documents and settings\GuGo\RHWMWWHCRC.exe
c:\documents and settings\GuGo\VLVLBBQGVL.exe
c:\documents and settings\GuGo\YOFUKAKAAP.exe
c:\windows\system32\srsvc.dll . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.
2010-11-14 07:37 . 2010-11-14 07:37 -------- d-----w- c:\windows\LastGood
2010-11-12 18:28 . 2010-11-12 18:24 75281 ----a-w- c:\windows\system32\srsvc.dll
2010-11-12 18:28 . 2004-05-13 16:19 51712 ----a-w- c:\windows\system32\regsvc.dll
2010-11-12 17:19 . 2010-11-12 17:20 -------- d-----w- C:\rsit
2010-11-11 19:26 . 2010-11-11 19:26 -------- d-----w- c:\documents and settings\GuGo\Local Settings\Data aplikací\ConduitEngine
2010-11-11 19:26 . 2010-11-12 17:23 -------- d-----w- c:\program files\ConduitEngine
2010-11-11 19:26 . 2010-11-11 19:26 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-07 09:49 . 2010-11-07 09:50 -------- d-----w- c:\documents and settings\GuGo\Local Settings\Data aplikací\Deployment
2010-10-29 13:20 . 2010-10-29 13:20 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-10-25 18:10 . 2010-10-25 18:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MXSkypeRecorder
2010-10-24 18:27 . 2010-10-24 18:27 -------- d-----w- c:\documents and settings\GuGo\Data aplikací\COWON
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\program files\Common Files\COWON
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\program files\JetAudio
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\documents and settings\GuGo\Data aplikací\InstallShield
2010-10-24 14:22 . 2010-10-24 14:22 -------- d-----w- c:\documents and settings\GuGo\dwhelper
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-12 16:16 . 2010-10-12 16:14 36539336 ----a-w- C:\NokiaSoftwareUpdaterSetup_SK.exe
2010-10-12 15:00 . 2010-10-12 15:00 683158 ----a-w- C:\f-i-n-g-e-r_s-c-a-n.zip
2010-10-09 14:42 . 2010-10-09 14:42 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-09-25 11:11 . 2010-09-25 11:11 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-09-25 11:11 . 2001-10-25 14:00 49448 ----a-w- c:\windows\system32\msxml3r.dll
.
------- Sigcheck -------
[-] 2008-05-04 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2010-11-12 18:24 . A3D13E85753D8090A97A09F5A700E8CB . 75281 . . [------] . . c:\windows\system32\srsvc.dll
[-] 2004-05-13 . 9DF4527D53613601D3F79946EAA1DCB1 . 51712 . . [5.1.2600.0] . . c:\windows\system32\regsvc.dll
c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2010-11-12_17.57.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-14 07:29 . 2010-11-14 07:29 16384 c:\windows\Temp\Perflib_Perfdata_524.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 65872 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2010-11-12 18:00 65872 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2010-11-12 18:00 75656 c:\windows\system32\perfc005.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 75656 c:\windows\system32\perfc005.dat
+ 2010-11-14 07:37 . 2009-10-22 11:54 37392 c:\windows\LastGood\system32\DRIVERS\25623262.sys
+ 2001-10-25 14:00 . 2010-11-12 18:00 424834 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 424834 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 421458 c:\windows\system32\perfh005.dat
+ 2001-10-25 14:00 . 2010-11-12 18:00 421458 c:\windows\system32\perfh005.dat
+ 2010-11-14 07:37 . 2009-09-25 15:59 128016 c:\windows\LastGood\system32\DRIVERS\25623261.sys
+ 2010-11-14 07:37 . 2009-10-09 21:31 315408 c:\windows\LastGood\system32\DRIVERS\2562326.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\GuGo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-02-20 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-06-01 500208]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 100352]
c:\documents and settings\GuGo\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-03-13 10:58 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MX Skype Recorder]
2010-01-30 14:47 581272 ----a-w- c:\documents and settings\All Users\Data aplikací\MXSkypeRecorder\MXSkypeRecorder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\GuGo\\Dokumenty\\Downloads\\P1876832.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 22:39 20744]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/09/25 13:18];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [13.3.2010 11:58 87536]
R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [17.1.2008 18:37 24635]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27.2.2009 15:40 143467]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [11.2.2010 12:42 172328]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 11:44 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 13:58 26248]
R4 25623261;25623261;c:\windows\system32\DRIVERS\25623261.sys --> c:\windows\system32\DRIVERS\25623261.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [9.10.2010 15:42 23456]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
SENS
Tapisrv
Themes
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
Contents of the 'Scheduled Tasks' folder
2010-08-05 c:\windows\Tasks\AdobeAAMUpdater-1.0-PC-GUGO-GuGo.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-01 14:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://googleure.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
FF - ProfilePath - c:\documents and settings\GuGo\Data aplikací\Mozilla\Firefox\Profiles\k3vlghf7.default\
FF - prefs.js: browser.startup.homepage - hxxp://ahoolly.com
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 10:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
Completion time: 2010-11-14 10:20:17
ComboFix-quarantined-files.txt 2010-11-14 09:20
ComboFix2.txt 2010-11-12 18:51
ComboFix3.txt 2010-11-12 18:01
Pre-Run: 1 752 625 152
Post-Run: 1 750 138 880
- - End Of File - - 46834FBD5F12495F8A0A6E5A5A5C9361
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.767.495 [GMT 1:00]
Running from: c:\documents and settings\GuGo\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\GuGo\Plocha\CFScript.txt
* Created a new restore point
file zipped: c:\docume~1\GuGo\LOCALS~1\Temp\lsass.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\GuGo\LOCALS~1\Temp\lsass.exe
c:\documents and settings\GuGo\QGVLBQGWMC.exe
c:\documents and settings\GuGo\RHWMWWHCRC.exe
c:\documents and settings\GuGo\VLVLBBQGVL.exe
c:\documents and settings\GuGo\YOFUKAKAAP.exe
c:\windows\system32\srsvc.dll . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.
2010-11-14 07:37 . 2010-11-14 07:37 -------- d-----w- c:\windows\LastGood
2010-11-12 18:28 . 2010-11-12 18:24 75281 ----a-w- c:\windows\system32\srsvc.dll
2010-11-12 18:28 . 2004-05-13 16:19 51712 ----a-w- c:\windows\system32\regsvc.dll
2010-11-12 17:19 . 2010-11-12 17:20 -------- d-----w- C:\rsit
2010-11-11 19:26 . 2010-11-11 19:26 -------- d-----w- c:\documents and settings\GuGo\Local Settings\Data aplikací\ConduitEngine
2010-11-11 19:26 . 2010-11-12 17:23 -------- d-----w- c:\program files\ConduitEngine
2010-11-11 19:26 . 2010-11-11 19:26 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-07 09:49 . 2010-11-07 09:50 -------- d-----w- c:\documents and settings\GuGo\Local Settings\Data aplikací\Deployment
2010-10-29 13:20 . 2010-10-29 13:20 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-10-25 18:10 . 2010-10-25 18:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MXSkypeRecorder
2010-10-24 18:27 . 2010-10-24 18:27 -------- d-----w- c:\documents and settings\GuGo\Data aplikací\COWON
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\program files\Common Files\COWON
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\program files\JetAudio
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\documents and settings\GuGo\Data aplikací\InstallShield
2010-10-24 14:22 . 2010-10-24 14:22 -------- d-----w- c:\documents and settings\GuGo\dwhelper
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-12 16:16 . 2010-10-12 16:14 36539336 ----a-w- C:\NokiaSoftwareUpdaterSetup_SK.exe
2010-10-12 15:00 . 2010-10-12 15:00 683158 ----a-w- C:\f-i-n-g-e-r_s-c-a-n.zip
2010-10-09 14:42 . 2010-10-09 14:42 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-09-25 11:11 . 2010-09-25 11:11 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-09-25 11:11 . 2001-10-25 14:00 49448 ----a-w- c:\windows\system32\msxml3r.dll
.
------- Sigcheck -------
[-] 2008-05-04 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2010-11-12 18:24 . A3D13E85753D8090A97A09F5A700E8CB . 75281 . . [------] . . c:\windows\system32\srsvc.dll
[-] 2004-05-13 . 9DF4527D53613601D3F79946EAA1DCB1 . 51712 . . [5.1.2600.0] . . c:\windows\system32\regsvc.dll
c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2010-11-12_17.57.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-14 07:29 . 2010-11-14 07:29 16384 c:\windows\Temp\Perflib_Perfdata_524.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 65872 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2010-11-12 18:00 65872 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2010-11-12 18:00 75656 c:\windows\system32\perfc005.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 75656 c:\windows\system32\perfc005.dat
+ 2010-11-14 07:37 . 2009-10-22 11:54 37392 c:\windows\LastGood\system32\DRIVERS\25623262.sys
+ 2001-10-25 14:00 . 2010-11-12 18:00 424834 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 424834 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 421458 c:\windows\system32\perfh005.dat
+ 2001-10-25 14:00 . 2010-11-12 18:00 421458 c:\windows\system32\perfh005.dat
+ 2010-11-14 07:37 . 2009-09-25 15:59 128016 c:\windows\LastGood\system32\DRIVERS\25623261.sys
+ 2010-11-14 07:37 . 2009-10-09 21:31 315408 c:\windows\LastGood\system32\DRIVERS\2562326.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\GuGo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-02-20 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-06-01 500208]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 100352]
c:\documents and settings\GuGo\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-03-13 10:58 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MX Skype Recorder]
2010-01-30 14:47 581272 ----a-w- c:\documents and settings\All Users\Data aplikací\MXSkypeRecorder\MXSkypeRecorder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\GuGo\\Dokumenty\\Downloads\\P1876832.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 22:39 20744]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/09/25 13:18];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [13.3.2010 11:58 87536]
R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [17.1.2008 18:37 24635]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27.2.2009 15:40 143467]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [11.2.2010 12:42 172328]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 11:44 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 13:58 26248]
R4 25623261;25623261;c:\windows\system32\DRIVERS\25623261.sys --> c:\windows\system32\DRIVERS\25623261.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [9.10.2010 15:42 23456]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
SENS
Tapisrv
Themes
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
Contents of the 'Scheduled Tasks' folder
2010-08-05 c:\windows\Tasks\AdobeAAMUpdater-1.0-PC-GUGO-GuGo.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-01 14:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://googleure.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
FF - ProfilePath - c:\documents and settings\GuGo\Data aplikací\Mozilla\Firefox\Profiles\k3vlghf7.default\
FF - prefs.js: browser.startup.homepage - hxxp://ahoolly.com
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 10:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
Completion time: 2010-11-14 10:20:17
ComboFix-quarantined-files.txt 2010-11-14 09:20
ComboFix2.txt 2010-11-12 18:51
ComboFix3.txt 2010-11-12 18:01
Pre-Run: 1 752 625 152
Post-Run: 1 750 138 880
- - End Of File - - 46834FBD5F12495F8A0A6E5A5A5C9361
Re: Nejaké sračky + RSIT
ComboFix 10-11-12.01 - GuGo 14.11.2010 10:07:29.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.767.495 [GMT 1:00]
Running from: c:\documents and settings\GuGo\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\GuGo\Plocha\CFScript.txt
* Created a new restore point
file zipped: c:\docume~1\GuGo\LOCALS~1\Temp\lsass.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\GuGo\LOCALS~1\Temp\lsass.exe
c:\documents and settings\GuGo\QGVLBQGWMC.exe
c:\documents and settings\GuGo\RHWMWWHCRC.exe
c:\documents and settings\GuGo\VLVLBBQGVL.exe
c:\documents and settings\GuGo\YOFUKAKAAP.exe
c:\windows\system32\srsvc.dll . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.
2010-11-14 07:37 . 2010-11-14 07:37 -------- d-----w- c:\windows\LastGood
2010-11-12 18:28 . 2010-11-12 18:24 75281 ----a-w- c:\windows\system32\srsvc.dll
2010-11-12 18:28 . 2004-05-13 16:19 51712 ----a-w- c:\windows\system32\regsvc.dll
2010-11-12 17:19 . 2010-11-12 17:20 -------- d-----w- C:\rsit
2010-11-11 19:26 . 2010-11-11 19:26 -------- d-----w- c:\documents and settings\GuGo\Local Settings\Data aplikací\ConduitEngine
2010-11-11 19:26 . 2010-11-12 17:23 -------- d-----w- c:\program files\ConduitEngine
2010-11-11 19:26 . 2010-11-11 19:26 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-07 09:49 . 2010-11-07 09:50 -------- d-----w- c:\documents and settings\GuGo\Local Settings\Data aplikací\Deployment
2010-10-29 13:20 . 2010-10-29 13:20 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-10-25 18:10 . 2010-10-25 18:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MXSkypeRecorder
2010-10-24 18:27 . 2010-10-24 18:27 -------- d-----w- c:\documents and settings\GuGo\Data aplikací\COWON
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\program files\Common Files\COWON
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\program files\JetAudio
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\documents and settings\GuGo\Data aplikací\InstallShield
2010-10-24 14:22 . 2010-10-24 14:22 -------- d-----w- c:\documents and settings\GuGo\dwhelper
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-12 16:16 . 2010-10-12 16:14 36539336 ----a-w- C:\NokiaSoftwareUpdaterSetup_SK.exe
2010-10-12 15:00 . 2010-10-12 15:00 683158 ----a-w- C:\f-i-n-g-e-r_s-c-a-n.zip
2010-10-09 14:42 . 2010-10-09 14:42 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-09-25 11:11 . 2010-09-25 11:11 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-09-25 11:11 . 2001-10-25 14:00 49448 ----a-w- c:\windows\system32\msxml3r.dll
.
------- Sigcheck -------
[-] 2008-05-04 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2010-11-12 18:24 . A3D13E85753D8090A97A09F5A700E8CB . 75281 . . [------] . . c:\windows\system32\srsvc.dll
[-] 2004-05-13 . 9DF4527D53613601D3F79946EAA1DCB1 . 51712 . . [5.1.2600.0] . . c:\windows\system32\regsvc.dll
c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2010-11-12_17.57.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-14 07:29 . 2010-11-14 07:29 16384 c:\windows\Temp\Perflib_Perfdata_524.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 65872 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2010-11-12 18:00 65872 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2010-11-12 18:00 75656 c:\windows\system32\perfc005.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 75656 c:\windows\system32\perfc005.dat
+ 2010-11-14 07:37 . 2009-10-22 11:54 37392 c:\windows\LastGood\system32\DRIVERS\25623262.sys
+ 2001-10-25 14:00 . 2010-11-12 18:00 424834 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 424834 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 421458 c:\windows\system32\perfh005.dat
+ 2001-10-25 14:00 . 2010-11-12 18:00 421458 c:\windows\system32\perfh005.dat
+ 2010-11-14 07:37 . 2009-09-25 15:59 128016 c:\windows\LastGood\system32\DRIVERS\25623261.sys
+ 2010-11-14 07:37 . 2009-10-09 21:31 315408 c:\windows\LastGood\system32\DRIVERS\2562326.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\GuGo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-02-20 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-06-01 500208]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 100352]
c:\documents and settings\GuGo\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-03-13 10:58 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MX Skype Recorder]
2010-01-30 14:47 581272 ----a-w- c:\documents and settings\All Users\Data aplikací\MXSkypeRecorder\MXSkypeRecorder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\GuGo\\Dokumenty\\Downloads\\P1876832.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 22:39 20744]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/09/25 13:18];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [13.3.2010 11:58 87536]
R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [17.1.2008 18:37 24635]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27.2.2009 15:40 143467]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [11.2.2010 12:42 172328]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 11:44 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 13:58 26248]
R4 25623261;25623261;c:\windows\system32\DRIVERS\25623261.sys --> c:\windows\system32\DRIVERS\25623261.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [9.10.2010 15:42 23456]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
SENS
Tapisrv
Themes
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
Contents of the 'Scheduled Tasks' folder
2010-08-05 c:\windows\Tasks\AdobeAAMUpdater-1.0-PC-GUGO-GuGo.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-01 14:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://googleure.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
FF - ProfilePath - c:\documents and settings\GuGo\Data aplikací\Mozilla\Firefox\Profiles\k3vlghf7.default\
FF - prefs.js: browser.startup.homepage - hxxp://ahoolly.com
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 10:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
Completion time: 2010-11-14 10:20:17
ComboFix-quarantined-files.txt 2010-11-14 09:20
ComboFix2.txt 2010-11-12 18:51
ComboFix3.txt 2010-11-12 18:01
Pre-Run: 1 752 625 152
Post-Run: 1 750 138 880
- - End Of File - - 46834FBD5F12495F8A0A6E5A5A5C9361
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.767.495 [GMT 1:00]
Running from: c:\documents and settings\GuGo\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\GuGo\Plocha\CFScript.txt
* Created a new restore point
file zipped: c:\docume~1\GuGo\LOCALS~1\Temp\lsass.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\GuGo\LOCALS~1\Temp\lsass.exe
c:\documents and settings\GuGo\QGVLBQGWMC.exe
c:\documents and settings\GuGo\RHWMWWHCRC.exe
c:\documents and settings\GuGo\VLVLBBQGVL.exe
c:\documents and settings\GuGo\YOFUKAKAAP.exe
c:\windows\system32\srsvc.dll . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.
2010-11-14 07:37 . 2010-11-14 07:37 -------- d-----w- c:\windows\LastGood
2010-11-12 18:28 . 2010-11-12 18:24 75281 ----a-w- c:\windows\system32\srsvc.dll
2010-11-12 18:28 . 2004-05-13 16:19 51712 ----a-w- c:\windows\system32\regsvc.dll
2010-11-12 17:19 . 2010-11-12 17:20 -------- d-----w- C:\rsit
2010-11-11 19:26 . 2010-11-11 19:26 -------- d-----w- c:\documents and settings\GuGo\Local Settings\Data aplikací\ConduitEngine
2010-11-11 19:26 . 2010-11-12 17:23 -------- d-----w- c:\program files\ConduitEngine
2010-11-11 19:26 . 2010-11-11 19:26 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-07 09:49 . 2010-11-07 09:50 -------- d-----w- c:\documents and settings\GuGo\Local Settings\Data aplikací\Deployment
2010-10-29 13:20 . 2010-10-29 13:20 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-10-25 18:10 . 2010-10-25 18:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MXSkypeRecorder
2010-10-24 18:27 . 2010-10-24 18:27 -------- d-----w- c:\documents and settings\GuGo\Data aplikací\COWON
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\program files\Common Files\COWON
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\program files\JetAudio
2010-10-24 18:25 . 2010-10-24 18:25 -------- d-----w- c:\documents and settings\GuGo\Data aplikací\InstallShield
2010-10-24 14:22 . 2010-10-24 14:22 -------- d-----w- c:\documents and settings\GuGo\dwhelper
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-12 16:16 . 2010-10-12 16:14 36539336 ----a-w- C:\NokiaSoftwareUpdaterSetup_SK.exe
2010-10-12 15:00 . 2010-10-12 15:00 683158 ----a-w- C:\f-i-n-g-e-r_s-c-a-n.zip
2010-10-09 14:42 . 2010-10-09 14:42 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-09-25 11:11 . 2010-09-25 11:11 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-09-25 11:11 . 2001-10-25 14:00 49448 ----a-w- c:\windows\system32\msxml3r.dll
.
------- Sigcheck -------
[-] 2008-05-04 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2010-11-12 18:24 . A3D13E85753D8090A97A09F5A700E8CB . 75281 . . [------] . . c:\windows\system32\srsvc.dll
[-] 2004-05-13 . 9DF4527D53613601D3F79946EAA1DCB1 . 51712 . . [5.1.2600.0] . . c:\windows\system32\regsvc.dll
c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2010-11-12_17.57.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-14 07:29 . 2010-11-14 07:29 16384 c:\windows\Temp\Perflib_Perfdata_524.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 65872 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2010-11-12 18:00 65872 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2010-11-12 18:00 75656 c:\windows\system32\perfc005.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 75656 c:\windows\system32\perfc005.dat
+ 2010-11-14 07:37 . 2009-10-22 11:54 37392 c:\windows\LastGood\system32\DRIVERS\25623262.sys
+ 2001-10-25 14:00 . 2010-11-12 18:00 424834 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 424834 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-10-31 08:23 421458 c:\windows\system32\perfh005.dat
+ 2001-10-25 14:00 . 2010-11-12 18:00 421458 c:\windows\system32\perfh005.dat
+ 2010-11-14 07:37 . 2009-09-25 15:59 128016 c:\windows\LastGood\system32\DRIVERS\25623261.sys
+ 2010-11-14 07:37 . 2009-10-09 21:31 315408 c:\windows\LastGood\system32\DRIVERS\2562326.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\GuGo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-02-20 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-06-01 500208]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 100352]
c:\documents and settings\GuGo\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-03-13 10:58 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MX Skype Recorder]
2010-01-30 14:47 581272 ----a-w- c:\documents and settings\All Users\Data aplikací\MXSkypeRecorder\MXSkypeRecorder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\GuGo\\Dokumenty\\Downloads\\P1876832.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 22:39 20744]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/09/25 13:18];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [13.3.2010 11:58 87536]
R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [17.1.2008 18:37 24635]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27.2.2009 15:40 143467]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [11.2.2010 12:42 172328]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 11:44 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 13:58 26248]
R4 25623261;25623261;c:\windows\system32\DRIVERS\25623261.sys --> c:\windows\system32\DRIVERS\25623261.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [9.10.2010 15:42 23456]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
SENS
Tapisrv
Themes
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
Contents of the 'Scheduled Tasks' folder
2010-08-05 c:\windows\Tasks\AdobeAAMUpdater-1.0-PC-GUGO-GuGo.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-01 14:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://googleure.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
FF - ProfilePath - c:\documents and settings\GuGo\Data aplikací\Mozilla\Firefox\Profiles\k3vlghf7.default\
FF - prefs.js: browser.startup.homepage - hxxp://ahoolly.com
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 10:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
Completion time: 2010-11-14 10:20:17
ComboFix-quarantined-files.txt 2010-11-14 09:20
ComboFix2.txt 2010-11-12 18:51
ComboFix3.txt 2010-11-12 18:01
Pre-Run: 1 752 625 152
Post-Run: 1 750 138 880
- - End Of File - - 46834FBD5F12495F8A0A6E5A5A5C9361
Re: Nejaké sračky + RSIT
Kód: Vybrat vše
winlogon.exe
http://www.virustotal.com/file-scan/report.html?id=fe79b20b9a82559b5cd6ad5334fc24a88deb4fca79f23360c382a06b7dedd0d7-1289203531Hádam sa mi to podarilo prečistiť ...
Logfile of random's system information tool 1.06 (written by random/random)
Run by GuGo at 2010-11-14 16:09:10
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (8%) free of 21 GB
Total RAM: 767 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:09:13, on 14.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\GuGo\Plocha\RSIT.exe
C:\Program Files\trend micro\GuGo.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googleure.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
--
End of file - 5765 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-PC-GUGO-GuGo.job
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-06-01 500208]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2010-03-09 15872]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\GuGo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-02-20 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared files\brs.exe [2010-03-13 75048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MX Skype Recorder]
C:\Documents and Settings\All Users\Data aplikací\MXSkypeRecorder\MXSkypeRecorder.exe [2010-01-30 581272]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [2010-02-02 87336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
C:\Documents and Settings\GuGo\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoSMMyPictures"=1
"NoUserNameInStartMenu"=1
"NoSMHelp"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HideRunAsVerb"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\GuGo\Dokumenty\Downloads\P1876832.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-11-14 16:06:47 ----A---- C:\avenger.txt
2010-11-14 15:40:49 ----D---- C:\Program Files\trend micro
2010-11-14 10:20:18 ----A---- C:\ComboFix.txt
2010-11-14 10:05:57 ----D---- C:\ComboFix
2010-11-13 08:58:19 ----D---- C:\Avenger
2010-11-12 19:28:47 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-11-12 19:28:47 ----A---- C:\WINDOWS\system32\regsvc.dll
2010-11-12 18:56:06 ----D---- C:\WINDOWS\system32\xircom
2010-11-12 18:56:06 ----D---- C:\WINDOWS\system32\restore
2010-11-12 18:56:06 ----D---- C:\WINDOWS\system32\npp
2010-11-12 18:56:06 ----D---- C:\WINDOWS\srchasst
2010-11-12 18:56:06 ----D---- C:\Program Files\xerox
2010-11-12 18:56:06 ----D---- C:\Program Files\movie maker
2010-11-12 18:56:05 ----D---- C:\WINDOWS\system32\inetsrv
2010-11-12 18:56:05 ----D---- C:\WINDOWS\system32\ime
2010-11-12 18:56:05 ----D---- C:\Program Files\windows nt
2010-11-12 18:56:05 ----D---- C:\Program Files\netmeeting
2010-11-12 18:56:05 ----D---- C:\Program Files\msn gaming zone
2010-11-12 18:56:05 ----D---- C:\Program Files\microsoft frontpage
2010-11-12 18:46:36 ----A---- C:\Boot.bak
2010-11-12 18:46:29 ----RASHD---- C:\cmdcons
2010-11-12 18:43:33 ----A---- C:\WINDOWS\zip.exe
2010-11-12 18:43:33 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-11-12 18:43:33 ----A---- C:\WINDOWS\SWSC.exe
2010-11-12 18:43:33 ----A---- C:\WINDOWS\SWREG.exe
2010-11-12 18:43:33 ----A---- C:\WINDOWS\sed.exe
2010-11-12 18:43:33 ----A---- C:\WINDOWS\PEV.exe
2010-11-12 18:43:33 ----A---- C:\WINDOWS\NIRCMD.exe
2010-11-12 18:43:33 ----A---- C:\WINDOWS\MBR.exe
2010-11-12 18:43:33 ----A---- C:\WINDOWS\grep.exe
2010-11-12 18:43:20 ----D---- C:\WINDOWS\ERDNT
2010-11-12 18:43:05 ----D---- C:\Qoobox
2010-11-12 18:19:52 ----D---- C:\rsit
2010-11-11 20:26:00 ----D---- C:\Program Files\ConduitEngine
2010-11-11 20:26:00 ----A---- C:\WINDOWS\system32\ConduitEngine.tmp
2010-10-29 14:20:22 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-10-25 19:10:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\MXSkypeRecorder
2010-10-24 19:27:25 ----D---- C:\Documents and Settings\GuGo\Data aplikací\COWON
2010-10-24 19:25:22 ----D---- C:\Program Files\Common Files\COWON
2010-10-24 19:25:19 ----D---- C:\Program Files\JetAudio
2010-10-24 19:25:00 ----D---- C:\Documents and Settings\GuGo\Data aplikací\InstallShield
2010-10-20 14:02:15 ----A---- C:\gr.txt
======List of files/folders modified in the last 1 months======
2010-11-14 16:07:42 ----AD---- C:\WINDOWS\Temp
2010-11-14 16:07:37 ----A---- C:\WINDOWS\system32\LOCALSERVICE.INI
2010-11-14 16:07:25 ----A---- C:\WINDOWS\system32\bscs.ini
2010-11-14 16:06:47 ----D---- C:\WINDOWS\system32\drivers
2010-11-14 16:06:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-14 16:05:49 ----A---- C:\WINDOWS\wincmd.ini
2010-11-14 15:40:49 ----RD---- C:\Program Files
2010-11-14 15:38:00 ----D---- C:\WINDOWS
2010-11-14 11:38:47 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-11-14 11:36:47 ----D---- C:\WINDOWS\Prefetch
2010-11-14 10:17:51 ----A---- C:\WINDOWS\system.ini
2010-11-14 10:13:36 ----D---- C:\WINDOWS\system32
2010-11-14 10:13:36 ----D---- C:\WINDOWS\AppPatch
2010-11-14 10:13:33 ----D---- C:\Program Files\Common Files
2010-11-14 10:06:43 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-13 18:13:50 ----SHD---- C:\WINDOWS\Installer
2010-11-13 12:49:56 ----SHD---- C:\System Volume Information
2010-11-13 12:48:02 ----HD---- C:\WINDOWS\inf
2010-11-12 19:40:46 ----D---- C:\WINDOWS\system32\config
2010-11-12 19:00:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-12 19:00:22 ----SD---- C:\WINDOWS\Tasks
2010-11-12 18:56:06 ----D---- C:\WINDOWS\system32\wbem
2010-11-12 18:56:06 ----D---- C:\WINDOWS\ime
2010-11-12 18:56:06 ----D---- C:\WINDOWS\Help
2010-11-12 18:56:06 ----D---- C:\Program Files\Internet Explorer
2010-11-12 18:56:06 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-11-12 18:46:36 ----RASH---- C:\boot.ini
2010-11-12 18:23:47 ----D---- C:\Program Files\LOCKERZ_Restock
2010-11-12 18:23:47 ----D---- C:\Program Files\Get Styles
2010-11-07 19:03:31 ----D---- C:\Documents and Settings\GuGo\Data aplikací\Skype
2010-11-07 18:05:17 ----D---- C:\Documents and Settings\GuGo\Data aplikací\skypePM
2010-11-07 10:46:54 ----D---- C:\Program Files\JDownloader 0.5.917
2010-10-28 14:47:27 ----D---- C:\Documents and Settings\GuGo\Data aplikací\uTorrent
2010-10-27 15:41:21 ----A---- C:\WINDOWS\win.ini
2010-10-24 19:25:18 ----HD---- C:\Program Files\InstallShield Installation Information
2010-10-17 17:52:44 ----D---- C:\Program Files\Opera
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/09/25 13:18:26]; \??\C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl []
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-08-01 659228]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-05-04 60800]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2008-12-07 14088]
R3 btnetBUs;Bluetooth PAN Bus Service; C:\WINDOWS\System32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2006-09-22 92160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-05-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-26 81408]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2008-01-21 14856]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2009-01-08 31880]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2009-01-03 39304]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\GuGo\LOCALS~1\Temp\catchme.sys []
S3 DrvAgent32;DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apache2.2;Apache2.2; C:\AppServ\Apache2.2\bin\httpd.exe [2008-01-17 24635]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2009-02-27 850432]
R2 BsMobileCS;BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 mysql;mysql; C:\AppServ\MySQL\bin\mysqld-nt --defaults-file=C:\AppServ\MySQL\my.ini mysql []
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2009-02-27 98407]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-02-22 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119428
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nejaké sračky + RSIT
OK. Jak se nyní PC chová?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Nejaké sračky + RSIT
V celku normálne. Len ma znepokojuje winlogon.exe viď hore log z virustotal...
Přispějete na provoz fóra?
