Dobrý den,
prosím o kontrolu logu z HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:37, on 27.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\windows\system32\wuaucldt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\porasammel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Charvi\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [wuaucldt] c:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [toowouquip] C:\WINDOWS\system32\porasammel.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [wuaucldt] c:\documents and settings\charvi\wuaucldt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PowerUtility TV Recording Reservation (ufyez0iow8) - Unknown owner - C:\WINDOWS\system32\goudikyj.exe
--
End of file - 4919 bytes
Logfile of random's system information tool 1.08 (written by random/random)
Run by Charvi at 2010-11-27 12:41:13
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (16%) free of 50 GB
Total RAM: 2047 MB (78% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\WGASetup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-07-01 67584]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-25 339968]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"wuaucldt"=c:\windows\system32\wuaucldt.exe [2010-11-18 33280]
"toowouquip"=C:\WINDOWS\system32\porasammel.exe [2010-11-20 201216]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"wuaucldt"=c:\documents and settings\charvi\wuaucldt.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStart]
C:\DOCUME~1\Mamka\LOCALS~1\Temp\571860.exe [2010-11-20 31232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.2\ICQ.exe [2010-10-27 133432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
C:\Documents and Settings\Charvi\itbx.exe \u []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Firewall]
C:\DOCUME~1\Charvi\LOCALS~1\Temp\lsass.exe [2010-11-17 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE [2010-01-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^81topu8.exe]
C:\Documents and Settings\Charvi\Nabídka Start\Programy\Po spuštění\81topu8.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^a1wssnee.exe]
C:\Documents and Settings\Charvi\Nabídka Start\Programy\Po spuštění\a1wssnee.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^dj60a6m5d.exe]
C:\Documents and Settings\Charvi\Nabídka Start\Programy\Po spuštění\dj60a6m5d.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^e1fq3cc3.exe]
C:\Documents and Settings\Charvi\Nabídka Start\Programy\Po spuštění\e1fq3cc3.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^ez0vvmhhyt.exe]
C:\Documents and Settings\Charvi\Nabídka Start\Programy\Po spuštění\ez0vvmhhyt.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^i5j0ffwr.exe]
C:\Documents and Settings\Charvi\Nabídka Start\Programy\Po spuštění\i5j0ffwr.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^nidjzavbms.exe]
C:\Documents and Settings\Charvi\Nabídka Start\Programy\Po spuštění\nidjzavbms.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^p0llhxxtj.exe]
C:\Documents and Settings\Charvi\Nabídka Start\Programy\Po spuštění\p0llhxxtj.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^pkabg81sdez.exe]
C:\Documents and Settings\Charvi\Nabídka Start\Programy\Po spuštění\pkabg81sdez.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^qwbsndjo6a.exe]
C:\Documents and Settings\Charvi\Nabídka Start\Programy\Po spuštění\qwbsndjo6a.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^r9no6paf.exe]
C:\Documents and Settings\Charvi\Nabídka Start\Programy\Po spuštění\r9no6paf.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^rmm6ytz0vvw.exe]
C:\Documents and Settings\Charvi\Nabídka Start\Programy\Po spuštění\rmm6ytz0vvw.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^v0rridd8u.exe]
C:\Documents and Settings\Charvi\Nabídka Start\Programy\Po spuštění\v0rridd8u.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^vmmhyy5z0vv.exe]
C:\Documents and Settings\Charvi\Nabídka Start\Programy\Po spuštění\vmmhyy5z0vv.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^wssnee5f0b.exe]
C:\Documents and Settings\Charvi\Nabídka Start\Programy\Po spuštění\wssnee5f0b.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^yuupggbssn.exe]
C:\Documents and Settings\Charvi\Nabídka Start\Programy\Po spuštění\yuupggbssn.exe []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-25 86016]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qfccfiii.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\qfccfiii.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\stahnute soubory\TrackMania United\TmUnited.exe"="D:\stahnute soubory\TrackMania United\TmUnited.exe:*:Enabled:TmUnited"
"D:\stahnute soubory\TmUnitedForever\TmForever.exe"="D:\stahnute soubory\TmUnitedForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\EA Sports\FIFA Online\NFE.exe"="C:\Program Files\EA Sports\FIFA Online\NFE.exe:*:Enabled:EA SPORTS™ FIFA Online"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\GRETECH\GomPlayer\GOM.exe"="C:\Program Files\GRETECH\GomPlayer\GOM.exe:*:Enabled:GOM Player"
"C:\Documents and Settings\Charvi\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Charvi\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\DOCUME~1\Mamka\LOCALS~1\Temp\236239.exe"="C:\DOCUME~1\Mamka\LOCALS~1\Temp\236239.exe:*:Enabled:Microsoft Office"
"C:\Documents and Settings\Mamka\Local Settings\Temp\236239.exe"="C:\Documents and Settings\Mamka\Local Settings\Temp\236239.exe:*:Disabled:236239"
"C:\DOCUME~1\Monika\LOCALS~1\Temp\210.exe"="C:\DOCUME~1\Monika\LOCALS~1\Temp\210.exe:*:Enabled:Microsoft Office"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2010-11-27 12:41:15 ----D---- C:\Program Files\trend micro
2010-11-27 12:41:13 ----D---- C:\rsit
2010-11-27 11:27:59 ----D---- C:\WINDOWS\pss
2010-11-23 14:14:07 ----RA---- C:\Documents and Settings\Charvi\Data aplikací\hDlkH.txt
2010-11-20 10:22:35 ----A---- C:\WINDOWS\system32\porasammel.exe
2010-11-18 17:08:08 ----A---- C:\WINDOWS\system32\goudikyj.exe
2010-11-18 17:04:06 ----A---- C:\WINDOWS\system32\MRT.INI
2010-11-18 10:48:45 ----A---- C:\WINDOWS\system32\wuaucldt.exe
2010-11-17 11:00:46 ----RSH---- C:\Documents and Settings\Charvi\Data aplikací\juzjf.exe
2010-11-17 00:10:23 ----A---- C:\wlksk.exe
2010-11-16 23:12:13 ----A---- C:\it.exe
2010-11-16 10:46:33 ----A---- C:\WINDOWS\system32\drivers\qfccfiii.sys
2010-11-16 10:44:03 ----A---- C:\winn27.exe
2010-11-13 00:15:28 ----D---- C:\Program Files\Application Updater
2010-11-09 16:22:07 ----A---- C:\2xhs.exe
2010-11-06 08:48:22 ----A---- C:\WINDOWS\system32\javaws.exe
2010-11-06 08:48:22 ----A---- C:\WINDOWS\system32\javaw.exe
2010-11-06 08:48:22 ----A---- C:\WINDOWS\system32\java.exe
2010-11-06 08:46:54 ----D---- C:\Program Files\Common Files\Adobe
======List of files/folders modified in the last 1 months======
2010-11-27 12:41:15 ----D---- C:\Program Files
2010-11-27 12:36:21 ----D---- C:\WINDOWS
2010-11-27 12:35:54 ----AD---- C:\WINDOWS\Temp
2010-11-27 12:25:45 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-11-27 11:55:44 ----D---- C:\WINDOWS\system32\drivers
2010-11-27 11:53:04 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-27 11:38:12 ----SHD---- C:\WINDOWS\Installer
2010-11-27 11:37:41 ----RSD---- C:\WINDOWS\assembly
2010-11-27 11:30:06 ----SH---- C:\boot.ini
2010-11-27 11:30:06 ----A---- C:\WINDOWS\win.ini
2010-11-27 11:30:06 ----A---- C:\WINDOWS\system.ini
2010-11-27 11:27:11 ----D---- C:\WINDOWS\Prefetch
2010-11-23 14:14:55 ----SHD---- C:\RECYCLER
2010-11-20 18:07:04 ----D---- C:\WINDOWS\system32
2010-11-19 15:35:17 ----D---- C:\WINDOWS\Debug
2010-11-18 17:01:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-18 10:51:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-16 10:46:33 ----D---- C:\Program Files\pdfforge Toolbar
2010-11-15 20:20:38 ----A---- C:\WINDOWS\level.ini
2010-11-13 00:16:03 ----D---- C:\WINDOWS\system32\config
2010-11-13 00:15:46 ----D---- C:\WINDOWS\system32\wbem
2010-11-13 00:15:45 ----D---- C:\WINDOWS\Registration
2010-11-13 00:14:57 ----D---- C:\WINDOWS\system32\Restore
2010-11-06 08:48:19 ----D---- C:\Program Files\Java
2010-11-06 08:47:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-11-06 08:46:54 ----D---- C:\Program Files\Common Files
2010-11-01 18:28:53 ----SD---- C:\WINDOWS\Tasks
2010-11-01 07:05:10 ----D---- C:\Program Files\ICQ7.2
2010-10-31 08:21:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-30 23:54:31 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-14 46464]
R0 qfccfiii;qfccfiii; C:\WINDOWS\System32\Drivers\qfccfiii.sys [2010-11-16 40128]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-05-08 691696]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R1 AmdK8;Ovladač procesoru AMD Athlon64; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2003-11-07 37888]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-07-01 626977]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\getnd5b.sys [2004-01-29 44544]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-05-08 47360]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
S3 agmt8tlw;agmt8tlw; C:\WINDOWS\system32\drivers\agmt8tlw.sys []
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-06-20 75064]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-25 516096]
S2 ufyez0iow8;PowerUtility TV Recording Reservation; C:\WINDOWS\system32\goudikyj.exe [2010-11-20 201216]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S4 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Předem díky za pomoc
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
svchost.exe 100% vytížený procesor
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
MistX
- Návštěvník
- Příspěvky: 11
- Registrován: 22 říj 2007 08:25
- Bydliště: Kolín
- Kontaktovat uživatele:
svchost.exe 100% vytížený procesor
When Hell is full, the dead will walk the Earth ...
Re: svchost.exe 100% vytížený procesor
Zdraví, nevidím vůbec žádný antivir a to není dobré, pak se nemůžeš divit že tam máš šmejdy.
Tohle fixni v HJT :
R3 - URLSearchHook: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [wuaucldt] c:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [toowouquip] C:\WINDOWS\system32\porasammel.exe
O4 - HKCU\..\Run: [wuaucldt] c:\documents and settings\charvi\wuaucldt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
HJT najdeš zde :
C:\Documents and Settings\Charvi\Plocha\HijackThis.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Ovládací panely >> Přidat nebo odebrat odinstaluj ICQ6Toolbar
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
Čištění registru je třeba několikrát zopakovat !
Dále použijeme větší kalibr tak že pozorně číst, protože tenhle softík netoleruje chyby.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
Tohle fixni v HJT :
R3 - URLSearchHook: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [wuaucldt] c:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [toowouquip] C:\WINDOWS\system32\porasammel.exe
O4 - HKCU\..\Run: [wuaucldt] c:\documents and settings\charvi\wuaucldt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
HJT najdeš zde :
C:\Documents and Settings\Charvi\Plocha\HijackThis.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Ovládací panely >> Přidat nebo odebrat odinstaluj ICQ6Toolbar
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
Čištění registru je třeba několikrát zopakovat !
Dále použijeme větší kalibr tak že pozorně číst, protože tenhle softík netoleruje chyby.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
-
MistX
- Návštěvník
- Příspěvky: 11
- Registrován: 22 říj 2007 08:25
- Bydliště: Kolín
- Kontaktovat uživatele:
Re: svchost.exe 100% vytížený procesor
Některým uživatelům bohužel nevysvětlíte, že antivir je důležitý 
ComboFix
ComboFix 10-11-26.07 - Administrator 27.11.2010 19:03:34.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1700 [GMT 1:00]
Spuštěný z: c:\documents and settings\Charvi\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Charvi\secupdat.dat
c:\documents and settings\LocalService\Data aplikací\Microsoft\goudikyj.exe
c:\documents and settings\LocalService\Data aplikací\Microsoft\porasammel.exe
c:\documents and settings\Mamka\secupdat.dat
c:\documents and settings\Mamka\txln.exe
c:\documents and settings\Mamka\wuaucldt.exe
c:\documents and settings\Monika\secupdat.dat
c:\documents and settings\Monika\talj.exe
c:\recycler\S-1-5-21-3265155192-5593194746-957503365-9588\yv8g67.exe
c:\windows\system32\Drivers\qfccfiii.sys
c:\windows\system32\secupdat.dat
c:\windows\system32\wuaucldt.exe
c:\windows\system32\drivers\cdrom.sys . . . je infikován!!
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_qfccfiii
-------\Service_qfccfiii
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-27 do 2010-11-27 )))))))))))))))))))))))))))))))
.
2010-11-27 18:01 . 2010-11-27 18:01 30560 ----a-w- c:\windows\system32\drivers\wcscd.sys
2010-11-27 18:00 . 2010-11-27 18:00 315392 ----a-w- c:\windows\system32\lynnaz.exe
2010-11-27 17:56 . 2010-11-27 17:56 -------- d-----w- c:\documents and settings\Administrator
2010-11-27 17:54 . 2010-11-27 17:54 -------- d--h--r- c:\documents and settings\Charvi\Recent
2010-11-27 11:41 . 2010-11-27 11:41 -------- d-----w- c:\program files\trend micro
2010-11-27 11:41 . 2010-11-27 11:41 -------- d-----w- C:\rsit
2010-11-20 09:22 . 2010-11-27 18:00 315392 ----a-w- c:\windows\system32\porasammel.exe
2010-11-18 16:08 . 2010-11-27 18:00 315392 ----a-w- c:\windows\system32\goudikyj.exe
2010-11-17 10:00 . 2010-11-16 09:44 193024 --sh--r- c:\documents and settings\Charvi\Data aplikací\juzjf.exe
2010-11-16 23:10 . 2010-11-16 23:10 204800 ----a-w- C:\wlksk.exe
2010-11-16 22:12 . 2010-11-16 22:12 204800 ----a-w- C:\it.exe
2010-11-16 12:31 . 2010-11-16 09:44 193024 --sh--r- c:\documents and settings\Monika\Data aplikací\juzjf.exe
2010-11-16 09:44 . 2010-11-16 09:44 193024 --sh--r- c:\documents and settings\Mamka\Data aplikací\juzjf.exe
2010-11-16 09:44 . 2010-11-17 20:36 193024 ----a-w- C:\winn27.exe
2010-11-12 23:15 . 2010-11-12 23:15 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-12 23:15 . 2010-11-12 23:15 -------- d-----w- c:\program files\Application Updater
2010-11-09 15:22 . 2010-11-09 16:12 255 ----a-w- C:\2xhs.exe
2010-11-06 07:46 . 2010-11-06 07:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-01 08:07 . 2010-10-07 23:21 6146896 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DEFC810F-63D0-4D7A-8985-461FB53FE7C1}\mpengine.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-23 14:02 . 2008-04-14 12:00 98240 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-11-16 09:44 . 2010-11-17 10:00 193024 --sh--r- c:\documents and settings\Charvi\Data aplikací\juzjf.exe
2010-10-19 20:51 . 2010-04-30 14:47 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 23:21 . 2010-05-01 17:23 6146896 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-09-30 13:31 . 2010-09-30 13:31 409600 ------w- c:\windows\Setup1.exe
2010-09-30 13:31 . 2010-09-30 13:31 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-09-30 13:31 . 2010-09-30 13:31 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-09-18 10:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 03:50 . 2010-05-18 19:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2010-05-18 19:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-09 14:23 . 2008-04-14 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:23 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:23 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 14:16 . 2008-04-14 12:00 370176 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:52 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 67584]
"toowouquip"="c:\windows\system32\porasammel.exe" [2010-11-27 315392]
c:\documents and settings\Mamka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0a6mm3y.exe [2010-11-18 43008]
0hhyi8p.exe [2010-11-18 43008]
0oojaav.exe [2010-11-22 43008]
0s3eekg.exe [2010-11-20 43008]
0t6kk6w.exe [2010-11-18 43008]
1eaavmm.exe [2010-11-20 43008]
1soojaa.exe [2010-11-18 43008]
1yuupgg.exe [2010-11-19 43008]
60ekg0w.exe [2010-11-20 43008]
6qbrs0i.exe [2010-11-18 43008]
9bc0s3e.exe [2010-11-18 43008]
9uu5v5r.exe [2010-11-19 43008]
avmmhs3e.exe [2010-11-17 60416]
bcss3eek.exe [2010-11-20 43008]
duupggbs.exe [2010-11-22 43008]
dy1uqqlccx.exe [2010-11-18 43008]
e5f0bb6n26.exe [2010-11-17 60416]
epva30hyyt.exe [2010-11-18 43008]
hii70ffgg3.exe [2010-11-19 43008]
i5j0pq0g3s.exe [2010-11-18 43008]
i6uu6gg6.exe [2010-11-22 43008]
i9uvglr5it.exe [2010-11-17 60416]
iduupvg5h0.exe [2010-11-20 43008]
iojp0lgmm.exe [2010-11-19 43008]
m3yy6avq.exe [2010-11-18 43008]
mnneeuaa.exe [2010-11-17 60416]
nii6uu6gg.exe [2010-11-18 43008]
njzzva70xx.exe [2010-11-20 43008]
njzzvllh.exe [2010-11-18 43008]
no70plgg6s.exe [2010-11-22 43008]
o1kgg5h0dd.exe [2010-11-18 43008]
o31f3r5i.exe [2010-11-17 60416]
oojaavmc0y.exe [2010-11-19 43008]
rnytok0a.exe [2010-11-18 43008]
s3uupggbssn.exe [2010-11-19 43008]
s3uupvg5h0d.exe [2010-11-20 43008]
soojaavmc0.exe [2010-11-19 43008]
ty3kk3ww.exe [2010-11-18 43008]
ualbcxs366q.exe [2010-11-19 43008]
va3mm3yt.exe [2010-11-17 60416]
vglr5itufk.exe [2010-11-17 60416]
x3ejff3r5it.exe [2010-11-17 60416]
xxtjjfvvmrs.exe [2010-11-18 43008]
z26wrriddup.exe [2010-11-17 60416]
c:\documents and settings\Monika\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0pkabg8.exe [2010-11-18 43008]
5bww3ii.exe [2010-11-19 43008]
60k31cx.exe [2010-11-19 43008]
7ql9hxo.exe [2010-11-19 43008]
90fvvlr.exe [2010-11-18 43008]
9m1ieez.exe [2010-11-19 43008]
9za0q8c.exe [2010-11-19 43008]
b0hdotpkk.exe [2010-11-23 43008]
bssi3kkfwwr.exe [2010-11-23 43008]
g1cyytkk.exe [2010-11-19 43008]
g3iiduupggb.exe [2010-11-21 43008]
g9c1yuupgg.exe [2010-11-21 43008]
iy0zvv66m8.exe [2010-11-18 43008]
lm0c3yzzfl.exe [2010-11-19 43008]
m9i1eaavmm.exe [2010-11-21 43008]
mmhyjee6.exe [2010-11-23 43008]
mmhyytkk.exe [2010-11-19 43008]
ny3kk3wrx0t.exe [2010-11-19 43008]
o9ulwg3snj.exe [2010-11-19 43008]
rm1ieezqql.exe [2010-11-19 43008]
ssi3kkfw.exe [2010-11-23 43008]
w1soojaa.exe [2010-11-21 43008]
ww5x0ttkva.exe [2010-11-19 43008]
c:\documents and settings\Charvi\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ieezqqlccx.exe [2010-11-27 42496]
lccxoojaavm.exe [2010-11-27 50688]
s6uzvqq6.exe [2010-11-27 50688]
tpkk6ww6.exe [2010-11-27 50688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"="c:\documents and settings\Charvi\Data aplikací\juzjf.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^81topu8.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\81topu8.exe
backup=c:\windows\pss\81topu8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^a1wssnee.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\a1wssnee.exe
backup=c:\windows\pss\a1wssnee.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^dj60a6m5d.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\dj60a6m5d.exe
backup=c:\windows\pss\dj60a6m5d.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^e1fq3cc3.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\e1fq3cc3.exe
backup=c:\windows\pss\e1fq3cc3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^ez0vvmhhyt.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\ez0vvmhhyt.exe
backup=c:\windows\pss\ez0vvmhhyt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^i5j0ffwr.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\i5j0ffwr.exe
backup=c:\windows\pss\i5j0ffwr.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^nidjzavbms.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\nidjzavbms.exe
backup=c:\windows\pss\nidjzavbms.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^p0llhxxtj.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\p0llhxxtj.exe
backup=c:\windows\pss\p0llhxxtj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^pkabg81sdez.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\pkabg81sdez.exe
backup=c:\windows\pss\pkabg81sdez.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^qwbsndjo6a.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\qwbsndjo6a.exe
backup=c:\windows\pss\qwbsndjo6a.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^r9no6paf.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\r9no6paf.exe
backup=c:\windows\pss\r9no6paf.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^rmm6ytz0vvw.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\rmm6ytz0vvw.exe
backup=c:\windows\pss\rmm6ytz0vvw.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^v0rridd8u.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\v0rridd8u.exe
backup=c:\windows\pss\v0rridd8u.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^vmmhyy5z0vv.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\vmmhyy5z0vv.exe
backup=c:\windows\pss\vmmhyy5z0vv.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^wssnee5f0b.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\wssnee5f0b.exe
backup=c:\windows\pss\wssnee5f0b.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^yuupggbssn.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\yuupggbssn.exe
backup=c:\windows\pss\yuupggbssn.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
c:\documents and settings\Charvi\itbx.exe \u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\stahnute soubory\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\EA Sports\\FIFA Online\\NFE.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\GRETECH\\GomPlayer\\GOM.exe"=
"c:\\Documents and Settings\\Charvi\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.5.2010 12:20 691696]
R2 ufyez0iow8;PowerUtility TV Recording Reservation;c:\windows\system32\goudikyj.exe [18.11.2010 17:08 315392]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [30.4.2010 15:31 44544]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [7.1.2010 23:51 380928]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - WCSCD
*Deregistered* - wcscd
.
Obsah adresáře 'Naplánované úlohy'
2010-11-27 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-05-01 20:18]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: FIFA Online Web Launcher: eafo3fflauncher@ea.com - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\extensions\eafo3fflauncher@ea.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-wuaucldt - c:\documents and settings\charvi\wuaucldt.exe
HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe
SafeBoot-qfccfiii.sys
MSConfigStartUp-AutoStart - c:\docume~1\Mamka\LOCALS~1\Temp\571860.exe
MSConfigStartUp-Windows Firewall - c:\docume~1\Charvi\LOCALS~1\Temp\lsass.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-27 19:11
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cdfss]
"ImagePath"="\??\c:\docume~1\Charvi\LOCALS~1\Temp\cdfss"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1229272821-2147120213-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:d7,7d,65,76,31,de,67,7c,f8,98,aa,21,7e,d6,03,a2,18,8d,1e,a5,c9,
5e,5a,e7,5e,46,c1,47,2f,29,12,89,80,6a,1f,5e,fb,be,fe,b5,83,62,d7,bd,fd,41,\
"rkeysecu"=hex:a2,3d,59,a8,86,7c,17,43,7c,89,65,33,56,3a,d8,91
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1496)
c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\docume~1\Charvi\LOCALS~1\Temp\58955.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Celkový čas: 2010-11-27 19:13:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-27 18:13
Před spuštěním: 8 386 510 848
Po spuštění: 8 658 567 168
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 0718D538C91101863F475DD77468AFF8
ComboFix
ComboFix 10-11-26.07 - Administrator 27.11.2010 19:03:34.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1700 [GMT 1:00]
Spuštěný z: c:\documents and settings\Charvi\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Charvi\secupdat.dat
c:\documents and settings\LocalService\Data aplikací\Microsoft\goudikyj.exe
c:\documents and settings\LocalService\Data aplikací\Microsoft\porasammel.exe
c:\documents and settings\Mamka\secupdat.dat
c:\documents and settings\Mamka\txln.exe
c:\documents and settings\Mamka\wuaucldt.exe
c:\documents and settings\Monika\secupdat.dat
c:\documents and settings\Monika\talj.exe
c:\recycler\S-1-5-21-3265155192-5593194746-957503365-9588\yv8g67.exe
c:\windows\system32\Drivers\qfccfiii.sys
c:\windows\system32\secupdat.dat
c:\windows\system32\wuaucldt.exe
c:\windows\system32\drivers\cdrom.sys . . . je infikován!!
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_qfccfiii
-------\Service_qfccfiii
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-27 do 2010-11-27 )))))))))))))))))))))))))))))))
.
2010-11-27 18:01 . 2010-11-27 18:01 30560 ----a-w- c:\windows\system32\drivers\wcscd.sys
2010-11-27 18:00 . 2010-11-27 18:00 315392 ----a-w- c:\windows\system32\lynnaz.exe
2010-11-27 17:56 . 2010-11-27 17:56 -------- d-----w- c:\documents and settings\Administrator
2010-11-27 17:54 . 2010-11-27 17:54 -------- d--h--r- c:\documents and settings\Charvi\Recent
2010-11-27 11:41 . 2010-11-27 11:41 -------- d-----w- c:\program files\trend micro
2010-11-27 11:41 . 2010-11-27 11:41 -------- d-----w- C:\rsit
2010-11-20 09:22 . 2010-11-27 18:00 315392 ----a-w- c:\windows\system32\porasammel.exe
2010-11-18 16:08 . 2010-11-27 18:00 315392 ----a-w- c:\windows\system32\goudikyj.exe
2010-11-17 10:00 . 2010-11-16 09:44 193024 --sh--r- c:\documents and settings\Charvi\Data aplikací\juzjf.exe
2010-11-16 23:10 . 2010-11-16 23:10 204800 ----a-w- C:\wlksk.exe
2010-11-16 22:12 . 2010-11-16 22:12 204800 ----a-w- C:\it.exe
2010-11-16 12:31 . 2010-11-16 09:44 193024 --sh--r- c:\documents and settings\Monika\Data aplikací\juzjf.exe
2010-11-16 09:44 . 2010-11-16 09:44 193024 --sh--r- c:\documents and settings\Mamka\Data aplikací\juzjf.exe
2010-11-16 09:44 . 2010-11-17 20:36 193024 ----a-w- C:\winn27.exe
2010-11-12 23:15 . 2010-11-12 23:15 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-12 23:15 . 2010-11-12 23:15 -------- d-----w- c:\program files\Application Updater
2010-11-09 15:22 . 2010-11-09 16:12 255 ----a-w- C:\2xhs.exe
2010-11-06 07:46 . 2010-11-06 07:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-01 08:07 . 2010-10-07 23:21 6146896 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DEFC810F-63D0-4D7A-8985-461FB53FE7C1}\mpengine.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-23 14:02 . 2008-04-14 12:00 98240 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-11-16 09:44 . 2010-11-17 10:00 193024 --sh--r- c:\documents and settings\Charvi\Data aplikací\juzjf.exe
2010-10-19 20:51 . 2010-04-30 14:47 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 23:21 . 2010-05-01 17:23 6146896 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-09-30 13:31 . 2010-09-30 13:31 409600 ------w- c:\windows\Setup1.exe
2010-09-30 13:31 . 2010-09-30 13:31 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-09-30 13:31 . 2010-09-30 13:31 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-09-18 10:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 03:50 . 2010-05-18 19:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2010-05-18 19:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-09 14:23 . 2008-04-14 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:23 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:23 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 14:16 . 2008-04-14 12:00 370176 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:52 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 67584]
"toowouquip"="c:\windows\system32\porasammel.exe" [2010-11-27 315392]
c:\documents and settings\Mamka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0a6mm3y.exe [2010-11-18 43008]
0hhyi8p.exe [2010-11-18 43008]
0oojaav.exe [2010-11-22 43008]
0s3eekg.exe [2010-11-20 43008]
0t6kk6w.exe [2010-11-18 43008]
1eaavmm.exe [2010-11-20 43008]
1soojaa.exe [2010-11-18 43008]
1yuupgg.exe [2010-11-19 43008]
60ekg0w.exe [2010-11-20 43008]
6qbrs0i.exe [2010-11-18 43008]
9bc0s3e.exe [2010-11-18 43008]
9uu5v5r.exe [2010-11-19 43008]
avmmhs3e.exe [2010-11-17 60416]
bcss3eek.exe [2010-11-20 43008]
duupggbs.exe [2010-11-22 43008]
dy1uqqlccx.exe [2010-11-18 43008]
e5f0bb6n26.exe [2010-11-17 60416]
epva30hyyt.exe [2010-11-18 43008]
hii70ffgg3.exe [2010-11-19 43008]
i5j0pq0g3s.exe [2010-11-18 43008]
i6uu6gg6.exe [2010-11-22 43008]
i9uvglr5it.exe [2010-11-17 60416]
iduupvg5h0.exe [2010-11-20 43008]
iojp0lgmm.exe [2010-11-19 43008]
m3yy6avq.exe [2010-11-18 43008]
mnneeuaa.exe [2010-11-17 60416]
nii6uu6gg.exe [2010-11-18 43008]
njzzva70xx.exe [2010-11-20 43008]
njzzvllh.exe [2010-11-18 43008]
no70plgg6s.exe [2010-11-22 43008]
o1kgg5h0dd.exe [2010-11-18 43008]
o31f3r5i.exe [2010-11-17 60416]
oojaavmc0y.exe [2010-11-19 43008]
rnytok0a.exe [2010-11-18 43008]
s3uupggbssn.exe [2010-11-19 43008]
s3uupvg5h0d.exe [2010-11-20 43008]
soojaavmc0.exe [2010-11-19 43008]
ty3kk3ww.exe [2010-11-18 43008]
ualbcxs366q.exe [2010-11-19 43008]
va3mm3yt.exe [2010-11-17 60416]
vglr5itufk.exe [2010-11-17 60416]
x3ejff3r5it.exe [2010-11-17 60416]
xxtjjfvvmrs.exe [2010-11-18 43008]
z26wrriddup.exe [2010-11-17 60416]
c:\documents and settings\Monika\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0pkabg8.exe [2010-11-18 43008]
5bww3ii.exe [2010-11-19 43008]
60k31cx.exe [2010-11-19 43008]
7ql9hxo.exe [2010-11-19 43008]
90fvvlr.exe [2010-11-18 43008]
9m1ieez.exe [2010-11-19 43008]
9za0q8c.exe [2010-11-19 43008]
b0hdotpkk.exe [2010-11-23 43008]
bssi3kkfwwr.exe [2010-11-23 43008]
g1cyytkk.exe [2010-11-19 43008]
g3iiduupggb.exe [2010-11-21 43008]
g9c1yuupgg.exe [2010-11-21 43008]
iy0zvv66m8.exe [2010-11-18 43008]
lm0c3yzzfl.exe [2010-11-19 43008]
m9i1eaavmm.exe [2010-11-21 43008]
mmhyjee6.exe [2010-11-23 43008]
mmhyytkk.exe [2010-11-19 43008]
ny3kk3wrx0t.exe [2010-11-19 43008]
o9ulwg3snj.exe [2010-11-19 43008]
rm1ieezqql.exe [2010-11-19 43008]
ssi3kkfw.exe [2010-11-23 43008]
w1soojaa.exe [2010-11-21 43008]
ww5x0ttkva.exe [2010-11-19 43008]
c:\documents and settings\Charvi\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ieezqqlccx.exe [2010-11-27 42496]
lccxoojaavm.exe [2010-11-27 50688]
s6uzvqq6.exe [2010-11-27 50688]
tpkk6ww6.exe [2010-11-27 50688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"="c:\documents and settings\Charvi\Data aplikací\juzjf.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^81topu8.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\81topu8.exe
backup=c:\windows\pss\81topu8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^a1wssnee.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\a1wssnee.exe
backup=c:\windows\pss\a1wssnee.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^dj60a6m5d.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\dj60a6m5d.exe
backup=c:\windows\pss\dj60a6m5d.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^e1fq3cc3.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\e1fq3cc3.exe
backup=c:\windows\pss\e1fq3cc3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^ez0vvmhhyt.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\ez0vvmhhyt.exe
backup=c:\windows\pss\ez0vvmhhyt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^i5j0ffwr.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\i5j0ffwr.exe
backup=c:\windows\pss\i5j0ffwr.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^nidjzavbms.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\nidjzavbms.exe
backup=c:\windows\pss\nidjzavbms.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^p0llhxxtj.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\p0llhxxtj.exe
backup=c:\windows\pss\p0llhxxtj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^pkabg81sdez.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\pkabg81sdez.exe
backup=c:\windows\pss\pkabg81sdez.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^qwbsndjo6a.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\qwbsndjo6a.exe
backup=c:\windows\pss\qwbsndjo6a.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^r9no6paf.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\r9no6paf.exe
backup=c:\windows\pss\r9no6paf.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^rmm6ytz0vvw.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\rmm6ytz0vvw.exe
backup=c:\windows\pss\rmm6ytz0vvw.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^v0rridd8u.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\v0rridd8u.exe
backup=c:\windows\pss\v0rridd8u.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^vmmhyy5z0vv.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\vmmhyy5z0vv.exe
backup=c:\windows\pss\vmmhyy5z0vv.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^wssnee5f0b.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\wssnee5f0b.exe
backup=c:\windows\pss\wssnee5f0b.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^yuupggbssn.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\yuupggbssn.exe
backup=c:\windows\pss\yuupggbssn.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
c:\documents and settings\Charvi\itbx.exe \u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\stahnute soubory\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\EA Sports\\FIFA Online\\NFE.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\GRETECH\\GomPlayer\\GOM.exe"=
"c:\\Documents and Settings\\Charvi\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.5.2010 12:20 691696]
R2 ufyez0iow8;PowerUtility TV Recording Reservation;c:\windows\system32\goudikyj.exe [18.11.2010 17:08 315392]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [30.4.2010 15:31 44544]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [7.1.2010 23:51 380928]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - WCSCD
*Deregistered* - wcscd
.
Obsah adresáře 'Naplánované úlohy'
2010-11-27 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-05-01 20:18]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: FIFA Online Web Launcher: eafo3fflauncher@ea.com - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\extensions\eafo3fflauncher@ea.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-wuaucldt - c:\documents and settings\charvi\wuaucldt.exe
HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe
SafeBoot-qfccfiii.sys
MSConfigStartUp-AutoStart - c:\docume~1\Mamka\LOCALS~1\Temp\571860.exe
MSConfigStartUp-Windows Firewall - c:\docume~1\Charvi\LOCALS~1\Temp\lsass.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-27 19:11
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cdfss]
"ImagePath"="\??\c:\docume~1\Charvi\LOCALS~1\Temp\cdfss"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1229272821-2147120213-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:d7,7d,65,76,31,de,67,7c,f8,98,aa,21,7e,d6,03,a2,18,8d,1e,a5,c9,
5e,5a,e7,5e,46,c1,47,2f,29,12,89,80,6a,1f,5e,fb,be,fe,b5,83,62,d7,bd,fd,41,\
"rkeysecu"=hex:a2,3d,59,a8,86,7c,17,43,7c,89,65,33,56,3a,d8,91
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1496)
c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\docume~1\Charvi\LOCALS~1\Temp\58955.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Celkový čas: 2010-11-27 19:13:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-27 18:13
Před spuštěním: 8 386 510 848
Po spuštění: 8 658 567 168
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 0718D538C91101863F475DD77468AFF8
When Hell is full, the dead will walk the Earth ...
Re: svchost.exe 100% vytížený procesor
Takové uživatele bych nejradši poslal k šípku, protože takhle zaneřáděné PC jsem už dlouho neviděl.MistX píše:Některým uživatelům bohužel nevysvětlíte, že antivir je důležitý
No nic jdeme na to.
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
FCopy::
C:\WINDOWS\ServicePackFiles\i386\cdrom.sys | c:\windows\system32\drivers\cdrom.sys
File::
c:\windows\system32\porasammel.exe
c:\windows\system32\goudikyj.exe
c:\documents and settings\Charvi\Data aplikací\juzjf.exe
C:\wlksk.exe
C:\it.exe
c:\documents and settings\Monika\Data aplikací\juzjf.exe
c:\documents and settings\Mamka\Data aplikací\juzjf.exe
C:\winn27.exe
C:\2xhs.exe
c:\windows\pss\81topu8.exe
c:\windows\pss\a1wssnee.exe
c:\windows\pss\dj60a6m5d.exe
c:\windows\pss\e1fq3cc3.exe
c:\windows\pss\ez0vvmhhyt.exe
c:\windows\pss\i5j0ffwr.exe
c:\windows\pss\nidjzavbms.exe
c:\windows\pss\p0llhxxtj.exe
c:\windows\pss\qwbsndjo6a.exe
c:\windows\pss\r9no6paf.exe
c:\windows\pss\rmm6ytz0vvw.exe
c:\windows\pss\v0rridd8u.exe
c:\windows\pss\vmmhyy5z0vv.exe
c:\windows\pss\wssnee5f0b.exe
c:\windows\pss\yuupggbssn.exe
c:\documents and settings\Charvi\itbx.exe
c:\docume~1\Charvi\LOCALS~1\Temp\cdfss
c:\docume~1\Charvi\LOCALS~1\Temp\58955.exe
Folder::
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\
Driver::
ufyez0iow8
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"toowouquip"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=-
[-HKLM\~\startupfolder\c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\81topu8.exe]
[-HKLM\~\startupfolder\c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\a1wssnee.exe]
[-HKLM\~\startupfolder\c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\dj60a6m5d.exe]
[-HKLM\~\startupfolder\c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\e1fq3cc3.exe]
[-HKLM\~\startupfolder\c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\ez0vvmhhyt.exe]
[-HKLM\~\startupfolder\c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\i5j0ffwr.exe]
[-HKLM\~\startupfolder\c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\nidjzavbms.exe]
[-HKLM\~\startupfolder\c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\p0llhxxtj.exe]
[-HKLM\~\startupfolder\c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\pkabg81sdez.exe]
[-HKLM\~\startupfolder\c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\qwbsndjo6a.exe]
[-HKLM\~\startupfolder\c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\r9no6paf.exe]
[-HKLM\~\startupfolder\c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\rmm6ytz0vvw.exe]
[-HKLM\~\startupfolder\c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\v0rridd8u.exe]
[-HKLM\~\startupfolder\c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\wssnee5f0b.exe]
[-HKLM\~\startupfolder\c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\yuupggbssn.exe]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cdfss]
"ImagePath"=-
FireFox::
FF - ProfilePath - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.0.4&q=
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
-
MistX
- Návštěvník
- Příspěvky: 11
- Registrován: 22 říj 2007 08:25
- Bydliště: Kolín
- Kontaktovat uživatele:
Re: svchost.exe 100% vytížený procesor
ComboFix 10-11-26.07 - Charvi 27.11.2010 21:27:34.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1717 [GMT 1:00]
Spuštěný z: c:\documents and settings\Charvi\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Charvi\Plocha\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FILE ::
"C:\2xhs.exe"
"c:\docume~1\Charvi\LOCALS~1\Temp\58955.exe"
"c:\docume~1\Charvi\LOCALS~1\Temp\cdfss"
"c:\documents and settings\Charvi\Data aplikací\juzjf.exe"
"c:\documents and settings\Charvi\itbx.exe"
"c:\documents and settings\Mamka\Data aplikací\juzjf.exe"
"c:\documents and settings\Monika\Data aplikací\juzjf.exe"
"C:\it.exe"
"c:\windows\pss\81topu8.exe"
"c:\windows\pss\a1wssnee.exe"
"c:\windows\pss\dj60a6m5d.exe"
"c:\windows\pss\e1fq3cc3.exe"
"c:\windows\pss\ez0vvmhhyt.exe"
"c:\windows\pss\i5j0ffwr.exe"
"c:\windows\pss\nidjzavbms.exe"
"c:\windows\pss\p0llhxxtj.exe"
"c:\windows\pss\qwbsndjo6a.exe"
"c:\windows\pss\r9no6paf.exe"
"c:\windows\pss\rmm6ytz0vvw.exe"
"c:\windows\pss\v0rridd8u.exe"
"c:\windows\pss\vmmhyy5z0vv.exe"
"c:\windows\pss\wssnee5f0b.exe"
"c:\windows\pss\yuupggbssn.exe"
"c:\windows\system32\goudikyj.exe"
"c:\windows\system32\porasammel.exe"
"C:\winn27.exe"
"C:\wlksk.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\2xhs.exe
c:\docume~1\Charvi\LOCALS~1\Temp\58955.exe
C:\it.exe
c:\windows\system32\goudikyj.exe
c:\windows\system32\porasammel.exe
C:\winn27.exe
C:\wlksk.exe
c:\windows\system32\drivers\cdrom.sys . . . je infikován!!
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_UFYEZ0IOW8
-------\Service_ufyez0iow8
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-27 do 2010-11-27 )))))))))))))))))))))))))))))))
.
2010-11-27 18:01 . 2010-11-27 18:01 30560 ----a-w- c:\windows\system32\drivers\wcscd.sys
2010-11-27 18:00 . 2010-11-27 18:00 315392 ----a-w- c:\windows\system32\lynnaz.exe
2010-11-27 17:56 . 2010-11-27 17:56 -------- d-----w- c:\documents and settings\Administrator
2010-11-27 17:54 . 2010-11-27 18:14 -------- d--h--r- c:\documents and settings\Charvi\Recent
2010-11-27 11:41 . 2010-11-27 11:41 -------- d-----w- c:\program files\trend micro
2010-11-27 11:41 . 2010-11-27 11:41 -------- d-----w- C:\rsit
2010-11-17 10:00 . 2010-11-16 09:44 193024 --sh--r- c:\documents and settings\Charvi\Data aplikací\juzjf.exe
2010-11-16 12:31 . 2010-11-16 09:44 193024 --sh--r- c:\documents and settings\Monika\Data aplikací\juzjf.exe
2010-11-16 09:44 . 2010-11-16 09:44 193024 --sh--r- c:\documents and settings\Mamka\Data aplikací\juzjf.exe
2010-11-12 23:15 . 2010-11-12 23:15 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-12 23:15 . 2010-11-12 23:15 -------- d-----w- c:\program files\Application Updater
2010-11-06 07:46 . 2010-11-06 07:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-01 08:07 . 2010-10-07 23:21 6146896 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DEFC810F-63D0-4D7A-8985-461FB53FE7C1}\mpengine.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-23 14:02 . 2008-04-14 12:00 98240 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-11-16 09:44 . 2010-11-17 10:00 193024 --sh--r- c:\documents and settings\Charvi\Data aplikací\juzjf.exe
2010-10-19 20:51 . 2010-04-30 14:47 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 23:21 . 2010-05-01 17:23 6146896 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-09-30 13:31 . 2010-09-30 13:31 409600 ------w- c:\windows\Setup1.exe
2010-09-30 13:31 . 2010-09-30 13:31 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-09-30 13:31 . 2010-09-30 13:31 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-09-18 10:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 03:50 . 2010-05-18 19:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2010-05-18 19:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-09 14:23 . 2008-04-14 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:23 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:23 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 14:16 . 2008-04-14 12:00 370176 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:52 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-11-27_18.11.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-27 20:31 . 2010-11-27 20:31 16384 c:\windows\Temp\Perflib_Perfdata_5b4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 67584]
c:\documents and settings\Mamka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0a6mm3y.exe [2010-11-18 43008]
0hhyi8p.exe [2010-11-18 43008]
0oojaav.exe [2010-11-22 43008]
0s3eekg.exe [2010-11-20 43008]
0t6kk6w.exe [2010-11-18 43008]
1eaavmm.exe [2010-11-20 43008]
1soojaa.exe [2010-11-18 43008]
1yuupgg.exe [2010-11-19 43008]
60ekg0w.exe [2010-11-20 43008]
6qbrs0i.exe [2010-11-18 43008]
9bc0s3e.exe [2010-11-18 43008]
9uu5v5r.exe [2010-11-19 43008]
avmmhs3e.exe [2010-11-17 60416]
bcss3eek.exe [2010-11-20 43008]
duupggbs.exe [2010-11-22 43008]
dy1uqqlccx.exe [2010-11-18 43008]
e5f0bb6n26.exe [2010-11-17 60416]
epva30hyyt.exe [2010-11-18 43008]
hii70ffgg3.exe [2010-11-19 43008]
i5j0pq0g3s.exe [2010-11-18 43008]
i6uu6gg6.exe [2010-11-22 43008]
i9uvglr5it.exe [2010-11-17 60416]
iduupvg5h0.exe [2010-11-20 43008]
iojp0lgmm.exe [2010-11-19 43008]
m3yy6avq.exe [2010-11-18 43008]
mnneeuaa.exe [2010-11-17 60416]
nii6uu6gg.exe [2010-11-18 43008]
njzzva70xx.exe [2010-11-20 43008]
njzzvllh.exe [2010-11-18 43008]
no70plgg6s.exe [2010-11-22 43008]
o1kgg5h0dd.exe [2010-11-18 43008]
o31f3r5i.exe [2010-11-17 60416]
oojaavmc0y.exe [2010-11-19 43008]
rnytok0a.exe [2010-11-18 43008]
s3uupggbssn.exe [2010-11-19 43008]
s3uupvg5h0d.exe [2010-11-20 43008]
soojaavmc0.exe [2010-11-19 43008]
ty3kk3ww.exe [2010-11-18 43008]
ualbcxs366q.exe [2010-11-19 43008]
va3mm3yt.exe [2010-11-17 60416]
vglr5itufk.exe [2010-11-17 60416]
x3ejff3r5it.exe [2010-11-17 60416]
xxtjjfvvmrs.exe [2010-11-18 43008]
z26wrriddup.exe [2010-11-17 60416]
c:\documents and settings\Monika\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0pkabg8.exe [2010-11-18 43008]
5bww3ii.exe [2010-11-19 43008]
60k31cx.exe [2010-11-19 43008]
7ql9hxo.exe [2010-11-19 43008]
90fvvlr.exe [2010-11-18 43008]
9m1ieez.exe [2010-11-19 43008]
9za0q8c.exe [2010-11-19 43008]
b0hdotpkk.exe [2010-11-23 43008]
bssi3kkfwwr.exe [2010-11-23 43008]
g1cyytkk.exe [2010-11-19 43008]
g3iiduupggb.exe [2010-11-21 43008]
g9c1yuupgg.exe [2010-11-21 43008]
iy0zvv66m8.exe [2010-11-18 43008]
lm0c3yzzfl.exe [2010-11-19 43008]
m9i1eaavmm.exe [2010-11-21 43008]
mmhyjee6.exe [2010-11-23 43008]
mmhyytkk.exe [2010-11-19 43008]
ny3kk3wrx0t.exe [2010-11-19 43008]
o9ulwg3snj.exe [2010-11-19 43008]
rm1ieezqql.exe [2010-11-19 43008]
ssi3kkfw.exe [2010-11-23 43008]
w1soojaa.exe [2010-11-21 43008]
ww5x0ttkva.exe [2010-11-19 43008]
c:\documents and settings\Charvi\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ieezqqlccx.exe [2010-11-27 42496]
lccxoojaavm.exe [2010-11-27 50688]
s6uzvqq6.exe [2010-11-27 50688]
tpkk6ww6.exe [2010-11-27 50688]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^81topu8.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\81topu8.exe
backup=c:\windows\pss\81topu8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^a1wssnee.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\a1wssnee.exe
backup=c:\windows\pss\a1wssnee.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^dj60a6m5d.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\dj60a6m5d.exe
backup=c:\windows\pss\dj60a6m5d.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^e1fq3cc3.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\e1fq3cc3.exe
backup=c:\windows\pss\e1fq3cc3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^ez0vvmhhyt.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\ez0vvmhhyt.exe
backup=c:\windows\pss\ez0vvmhhyt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^i5j0ffwr.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\i5j0ffwr.exe
backup=c:\windows\pss\i5j0ffwr.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^nidjzavbms.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\nidjzavbms.exe
backup=c:\windows\pss\nidjzavbms.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^p0llhxxtj.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\p0llhxxtj.exe
backup=c:\windows\pss\p0llhxxtj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^pkabg81sdez.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\pkabg81sdez.exe
backup=c:\windows\pss\pkabg81sdez.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^qwbsndjo6a.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\qwbsndjo6a.exe
backup=c:\windows\pss\qwbsndjo6a.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^r9no6paf.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\r9no6paf.exe
backup=c:\windows\pss\r9no6paf.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^rmm6ytz0vvw.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\rmm6ytz0vvw.exe
backup=c:\windows\pss\rmm6ytz0vvw.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^v0rridd8u.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\v0rridd8u.exe
backup=c:\windows\pss\v0rridd8u.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^vmmhyy5z0vv.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\vmmhyy5z0vv.exe
backup=c:\windows\pss\vmmhyy5z0vv.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^wssnee5f0b.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\wssnee5f0b.exe
backup=c:\windows\pss\wssnee5f0b.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^yuupggbssn.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\yuupggbssn.exe
backup=c:\windows\pss\yuupggbssn.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
c:\documents and settings\Charvi\itbx.exe \u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\stahnute soubory\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\EA Sports\\FIFA Online\\NFE.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\GRETECH\\GomPlayer\\GOM.exe"=
"c:\\Documents and Settings\\Charvi\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.5.2010 12:20 691696]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [30.4.2010 15:31 44544]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [7.1.2010 23:51 380928]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - wcscd
.
Obsah adresáře 'Naplánované úlohy'
2010-11-27 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-05-01 20:18]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: FIFA Online Web Launcher: eafo3fflauncher@ea.com - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\extensions\eafo3fflauncher@ea.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-27 21:31
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1229272821-2147120213-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:d7,7d,65,76,31,de,67,7c,f8,98,aa,21,7e,d6,03,a2,18,8d,1e,a5,c9,
5e,5a,e7,5e,46,c1,47,2f,29,12,89,80,6a,1f,5e,fb,be,fe,b5,83,62,d7,bd,fd,41,\
"rkeysecu"=hex:a2,3d,59,a8,86,7c,17,43,7c,89,65,33,56,3a,d8,91
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3312)
c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Celkový čas: 2010-11-27 21:33:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-27 20:33
ComboFix2.txt 2010-11-27 18:13
Před spuštěním: 8 661 344 256
Po spuštění: 8 652 677 120
- - End Of File - - 53F798B92B23A7C7033E2BCC46C1A81B
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1717 [GMT 1:00]
Spuštěný z: c:\documents and settings\Charvi\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Charvi\Plocha\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FILE ::
"C:\2xhs.exe"
"c:\docume~1\Charvi\LOCALS~1\Temp\58955.exe"
"c:\docume~1\Charvi\LOCALS~1\Temp\cdfss"
"c:\documents and settings\Charvi\Data aplikací\juzjf.exe"
"c:\documents and settings\Charvi\itbx.exe"
"c:\documents and settings\Mamka\Data aplikací\juzjf.exe"
"c:\documents and settings\Monika\Data aplikací\juzjf.exe"
"C:\it.exe"
"c:\windows\pss\81topu8.exe"
"c:\windows\pss\a1wssnee.exe"
"c:\windows\pss\dj60a6m5d.exe"
"c:\windows\pss\e1fq3cc3.exe"
"c:\windows\pss\ez0vvmhhyt.exe"
"c:\windows\pss\i5j0ffwr.exe"
"c:\windows\pss\nidjzavbms.exe"
"c:\windows\pss\p0llhxxtj.exe"
"c:\windows\pss\qwbsndjo6a.exe"
"c:\windows\pss\r9no6paf.exe"
"c:\windows\pss\rmm6ytz0vvw.exe"
"c:\windows\pss\v0rridd8u.exe"
"c:\windows\pss\vmmhyy5z0vv.exe"
"c:\windows\pss\wssnee5f0b.exe"
"c:\windows\pss\yuupggbssn.exe"
"c:\windows\system32\goudikyj.exe"
"c:\windows\system32\porasammel.exe"
"C:\winn27.exe"
"C:\wlksk.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\2xhs.exe
c:\docume~1\Charvi\LOCALS~1\Temp\58955.exe
C:\it.exe
c:\windows\system32\goudikyj.exe
c:\windows\system32\porasammel.exe
C:\winn27.exe
C:\wlksk.exe
c:\windows\system32\drivers\cdrom.sys . . . je infikován!!
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_UFYEZ0IOW8
-------\Service_ufyez0iow8
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-27 do 2010-11-27 )))))))))))))))))))))))))))))))
.
2010-11-27 18:01 . 2010-11-27 18:01 30560 ----a-w- c:\windows\system32\drivers\wcscd.sys
2010-11-27 18:00 . 2010-11-27 18:00 315392 ----a-w- c:\windows\system32\lynnaz.exe
2010-11-27 17:56 . 2010-11-27 17:56 -------- d-----w- c:\documents and settings\Administrator
2010-11-27 17:54 . 2010-11-27 18:14 -------- d--h--r- c:\documents and settings\Charvi\Recent
2010-11-27 11:41 . 2010-11-27 11:41 -------- d-----w- c:\program files\trend micro
2010-11-27 11:41 . 2010-11-27 11:41 -------- d-----w- C:\rsit
2010-11-17 10:00 . 2010-11-16 09:44 193024 --sh--r- c:\documents and settings\Charvi\Data aplikací\juzjf.exe
2010-11-16 12:31 . 2010-11-16 09:44 193024 --sh--r- c:\documents and settings\Monika\Data aplikací\juzjf.exe
2010-11-16 09:44 . 2010-11-16 09:44 193024 --sh--r- c:\documents and settings\Mamka\Data aplikací\juzjf.exe
2010-11-12 23:15 . 2010-11-12 23:15 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-12 23:15 . 2010-11-12 23:15 -------- d-----w- c:\program files\Application Updater
2010-11-06 07:46 . 2010-11-06 07:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-01 08:07 . 2010-10-07 23:21 6146896 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DEFC810F-63D0-4D7A-8985-461FB53FE7C1}\mpengine.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-23 14:02 . 2008-04-14 12:00 98240 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-11-16 09:44 . 2010-11-17 10:00 193024 --sh--r- c:\documents and settings\Charvi\Data aplikací\juzjf.exe
2010-10-19 20:51 . 2010-04-30 14:47 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 23:21 . 2010-05-01 17:23 6146896 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-09-30 13:31 . 2010-09-30 13:31 409600 ------w- c:\windows\Setup1.exe
2010-09-30 13:31 . 2010-09-30 13:31 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-09-30 13:31 . 2010-09-30 13:31 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-09-18 10:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 03:50 . 2010-05-18 19:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2010-05-18 19:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-09 14:23 . 2008-04-14 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:23 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:23 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 14:16 . 2008-04-14 12:00 370176 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:52 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-11-27_18.11.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-27 20:31 . 2010-11-27 20:31 16384 c:\windows\Temp\Perflib_Perfdata_5b4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 67584]
c:\documents and settings\Mamka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0a6mm3y.exe [2010-11-18 43008]
0hhyi8p.exe [2010-11-18 43008]
0oojaav.exe [2010-11-22 43008]
0s3eekg.exe [2010-11-20 43008]
0t6kk6w.exe [2010-11-18 43008]
1eaavmm.exe [2010-11-20 43008]
1soojaa.exe [2010-11-18 43008]
1yuupgg.exe [2010-11-19 43008]
60ekg0w.exe [2010-11-20 43008]
6qbrs0i.exe [2010-11-18 43008]
9bc0s3e.exe [2010-11-18 43008]
9uu5v5r.exe [2010-11-19 43008]
avmmhs3e.exe [2010-11-17 60416]
bcss3eek.exe [2010-11-20 43008]
duupggbs.exe [2010-11-22 43008]
dy1uqqlccx.exe [2010-11-18 43008]
e5f0bb6n26.exe [2010-11-17 60416]
epva30hyyt.exe [2010-11-18 43008]
hii70ffgg3.exe [2010-11-19 43008]
i5j0pq0g3s.exe [2010-11-18 43008]
i6uu6gg6.exe [2010-11-22 43008]
i9uvglr5it.exe [2010-11-17 60416]
iduupvg5h0.exe [2010-11-20 43008]
iojp0lgmm.exe [2010-11-19 43008]
m3yy6avq.exe [2010-11-18 43008]
mnneeuaa.exe [2010-11-17 60416]
nii6uu6gg.exe [2010-11-18 43008]
njzzva70xx.exe [2010-11-20 43008]
njzzvllh.exe [2010-11-18 43008]
no70plgg6s.exe [2010-11-22 43008]
o1kgg5h0dd.exe [2010-11-18 43008]
o31f3r5i.exe [2010-11-17 60416]
oojaavmc0y.exe [2010-11-19 43008]
rnytok0a.exe [2010-11-18 43008]
s3uupggbssn.exe [2010-11-19 43008]
s3uupvg5h0d.exe [2010-11-20 43008]
soojaavmc0.exe [2010-11-19 43008]
ty3kk3ww.exe [2010-11-18 43008]
ualbcxs366q.exe [2010-11-19 43008]
va3mm3yt.exe [2010-11-17 60416]
vglr5itufk.exe [2010-11-17 60416]
x3ejff3r5it.exe [2010-11-17 60416]
xxtjjfvvmrs.exe [2010-11-18 43008]
z26wrriddup.exe [2010-11-17 60416]
c:\documents and settings\Monika\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0pkabg8.exe [2010-11-18 43008]
5bww3ii.exe [2010-11-19 43008]
60k31cx.exe [2010-11-19 43008]
7ql9hxo.exe [2010-11-19 43008]
90fvvlr.exe [2010-11-18 43008]
9m1ieez.exe [2010-11-19 43008]
9za0q8c.exe [2010-11-19 43008]
b0hdotpkk.exe [2010-11-23 43008]
bssi3kkfwwr.exe [2010-11-23 43008]
g1cyytkk.exe [2010-11-19 43008]
g3iiduupggb.exe [2010-11-21 43008]
g9c1yuupgg.exe [2010-11-21 43008]
iy0zvv66m8.exe [2010-11-18 43008]
lm0c3yzzfl.exe [2010-11-19 43008]
m9i1eaavmm.exe [2010-11-21 43008]
mmhyjee6.exe [2010-11-23 43008]
mmhyytkk.exe [2010-11-19 43008]
ny3kk3wrx0t.exe [2010-11-19 43008]
o9ulwg3snj.exe [2010-11-19 43008]
rm1ieezqql.exe [2010-11-19 43008]
ssi3kkfw.exe [2010-11-23 43008]
w1soojaa.exe [2010-11-21 43008]
ww5x0ttkva.exe [2010-11-19 43008]
c:\documents and settings\Charvi\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ieezqqlccx.exe [2010-11-27 42496]
lccxoojaavm.exe [2010-11-27 50688]
s6uzvqq6.exe [2010-11-27 50688]
tpkk6ww6.exe [2010-11-27 50688]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^81topu8.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\81topu8.exe
backup=c:\windows\pss\81topu8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^a1wssnee.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\a1wssnee.exe
backup=c:\windows\pss\a1wssnee.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^dj60a6m5d.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\dj60a6m5d.exe
backup=c:\windows\pss\dj60a6m5d.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^e1fq3cc3.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\e1fq3cc3.exe
backup=c:\windows\pss\e1fq3cc3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^ez0vvmhhyt.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\ez0vvmhhyt.exe
backup=c:\windows\pss\ez0vvmhhyt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^i5j0ffwr.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\i5j0ffwr.exe
backup=c:\windows\pss\i5j0ffwr.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^nidjzavbms.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\nidjzavbms.exe
backup=c:\windows\pss\nidjzavbms.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^p0llhxxtj.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\p0llhxxtj.exe
backup=c:\windows\pss\p0llhxxtj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^pkabg81sdez.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\pkabg81sdez.exe
backup=c:\windows\pss\pkabg81sdez.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^qwbsndjo6a.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\qwbsndjo6a.exe
backup=c:\windows\pss\qwbsndjo6a.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^r9no6paf.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\r9no6paf.exe
backup=c:\windows\pss\r9no6paf.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^rmm6ytz0vvw.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\rmm6ytz0vvw.exe
backup=c:\windows\pss\rmm6ytz0vvw.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^v0rridd8u.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\v0rridd8u.exe
backup=c:\windows\pss\v0rridd8u.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^vmmhyy5z0vv.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\vmmhyy5z0vv.exe
backup=c:\windows\pss\vmmhyy5z0vv.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^wssnee5f0b.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\wssnee5f0b.exe
backup=c:\windows\pss\wssnee5f0b.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^yuupggbssn.exe]
path=c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\yuupggbssn.exe
backup=c:\windows\pss\yuupggbssn.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
c:\documents and settings\Charvi\itbx.exe \u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\stahnute soubory\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\EA Sports\\FIFA Online\\NFE.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\GRETECH\\GomPlayer\\GOM.exe"=
"c:\\Documents and Settings\\Charvi\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.5.2010 12:20 691696]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [30.4.2010 15:31 44544]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [7.1.2010 23:51 380928]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - wcscd
.
Obsah adresáře 'Naplánované úlohy'
2010-11-27 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-05-01 20:18]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: FIFA Online Web Launcher: eafo3fflauncher@ea.com - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\extensions\eafo3fflauncher@ea.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-27 21:31
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1229272821-2147120213-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:d7,7d,65,76,31,de,67,7c,f8,98,aa,21,7e,d6,03,a2,18,8d,1e,a5,c9,
5e,5a,e7,5e,46,c1,47,2f,29,12,89,80,6a,1f,5e,fb,be,fe,b5,83,62,d7,bd,fd,41,\
"rkeysecu"=hex:a2,3d,59,a8,86,7c,17,43,7c,89,65,33,56,3a,d8,91
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3312)
c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Celkový čas: 2010-11-27 21:33:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-27 20:33
ComboFix2.txt 2010-11-27 18:13
Před spuštěním: 8 661 344 256
Po spuštění: 8 652 677 120
- - End Of File - - 53F798B92B23A7C7033E2BCC46C1A81B
When Hell is full, the dead will walk the Earth ...
Re: svchost.exe 100% vytížený procesor
Pro velký úspěch ještě jednou, ale s jiným skriptem, tak že znovu si otevři Poznámkový blok
do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
KillAll::
File::
c:\windows\system32\drivers\cdrom.sys
c:\documents and settings\Charvi\Data aplikací\juzjf.exe
c:\documents and settings\Monika\Data aplikací\juzjf.exe
c:\documents and settings\Mamka\Data aplikací\juzjf.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0a6mm3y.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0hhyi8p.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0oojaav.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0s3eekg.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0t6kk6w.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\1eaavmm.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\1soojaa.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\1yuupgg.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\60ekg0w.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\6qbrs0i.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\9bc0s3e.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\9uu5v5r.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\avmmhs3e.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\bcss3eek.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\duupggbs.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\dy1uqqlccx.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\e5f0bb6n26.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\epva30hyyt.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\hii70ffgg3.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\i5j0pq0g3s.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\i6uu6gg6.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\i9uvglr5it.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\iduupvg5h0.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\iojp0lgmm.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\m3yy6avq.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\mnneeuaa.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\nii6uu6gg.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\njzzva70xx.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\njzzvllh.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\no70plgg6s.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\o1kgg5h0dd.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\o31f3r5i.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\oojaavmc0y.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\rnytok0a.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\s3uupggbssn.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\s3uupvg5h0d.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\soojaavmc0.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\ty3kk3ww.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\ualbcxs366q.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\va3mm3yt.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\vglr5itufk.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\x3ejff3r5it.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\xxtjjfvvmrs.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\z26wrriddup.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\0pkabg8.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\5bww3ii.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\60k31cx.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\7ql9hxo.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\90fvvlr.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\9m1ieez.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\9za0q8c.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\b0hdotpkk.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\bssi3kkfwwr.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\g1cyytkk.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\g3iiduupggb.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\g9c1yuupgg.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\iy0zvv66m8.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\lm0c3yzzfl.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\m9i1eaavmm.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\mmhyjee6.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\mmhyytkk.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\ny3kk3wrx0t.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\o9ulwg3snj.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\rm1ieezqql.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\ssi3kkfw.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\w1soojaa.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\ww5x0ttkva.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\ieezqqlccx.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\lccxoojaavm.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\s6uzvqq6.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\tpkk6ww6.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\81topu8.exe
c:\windows\pss\81topu8.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\a1wssnee.exe
c:\windows\pss\a1wssnee.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\dj60a6m5d.exe
c:\windows\pss\dj60a6m5d.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\e1fq3cc3.exe
c:\windows\pss\e1fq3cc3.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\ez0vvmhhyt.exe
c:\windows\pss\ez0vvmhhyt.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\i5j0ffwr.exe
c:\windows\pss\i5j0ffwr.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\nidjzavbms.exe
c:\windows\pss\nidjzavbms.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\p0llhxxtj.exe
c:\windows\pss\p0llhxxtj.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\pkabg81sdez.exe
c:\windows\pss\pkabg81sdez.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\qwbsndjo6a.exe
c:\windows\pss\qwbsndjo6a.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\r9no6paf.exe
c:\windows\pss\r9no6paf.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\rmm6ytz0vvw.exe
c:\windows\pss\rmm6ytz0vvw.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\v0rridd8u.exe
c:\windows\pss\v0rridd8u.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\vmmhyy5z0vv.exe
c:\windows\pss\vmmhyy5z0vv.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\wssnee5f0b.exe
c:\windows\pss\wssnee5f0b.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\yuupggbssn.exe
c:\windows\pss\yuupggbssn.exe
c:\documents and settings\Charvi\itbx.exe
Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^81topu8.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^a1wssnee.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^dj60a6m5d.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^e1fq3cc3.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^ez0vvmhhyt.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^i5j0ffwr.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^nidjzavbms.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^p0llhxxtj.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^pkabg81sdez.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^qwbsndjo6a.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^r9no6paf.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^rmm6ytz0vvw.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^v0rridd8u.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^vmmhyy5z0vv.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^wssnee5f0b.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Charvi^Nabídka Start^Programy^Po spuštění^yuupggbssn.exe]
FCopy::
c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\cdrom.sys | c:\windows\system32\drivers\cdrom.sys
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
-
MistX
- Návštěvník
- Příspěvky: 11
- Registrován: 22 říj 2007 08:25
- Bydliště: Kolín
- Kontaktovat uživatele:
Re: svchost.exe 100% vytížený procesor
ComboFix 10-11-27.01 - Charvi 28.11.2010 9:36.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1699 [GMT 1:00]
Spuštěný z: c:\documents and settings\Charvi\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Charvi\Plocha\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FILE ::
"c:\documents and settings\Charvi\Data aplikací\juzjf.exe"
"c:\documents and settings\Charvi\itbx.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\81topu8.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\a1wssnee.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\dj60a6m5d.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\e1fq3cc3.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\ez0vvmhhyt.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\i5j0ffwr.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\ieezqqlccx.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\lccxoojaavm.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\nidjzavbms.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\p0llhxxtj.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\pkabg81sdez.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\qwbsndjo6a.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\r9no6paf.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\rmm6ytz0vvw.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\s6uzvqq6.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\tpkk6ww6.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\v0rridd8u.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\vmmhyy5z0vv.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\wssnee5f0b.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\yuupggbssn.exe"
"c:\documents and settings\Mamka\Data aplikací\juzjf.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0a6mm3y.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0hhyi8p.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0oojaav.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0s3eekg.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0t6kk6w.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\1eaavmm.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\1soojaa.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\1yuupgg.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\60ekg0w.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\6qbrs0i.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\9bc0s3e.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\9uu5v5r.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\avmmhs3e.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\bcss3eek.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\duupggbs.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\dy1uqqlccx.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\e5f0bb6n26.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\epva30hyyt.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\hii70ffgg3.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\i5j0pq0g3s.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\i6uu6gg6.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\i9uvglr5it.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\iduupvg5h0.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\iojp0lgmm.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\m3yy6avq.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\mnneeuaa.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\nii6uu6gg.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\njzzva70xx.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\njzzvllh.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\no70plgg6s.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\o1kgg5h0dd.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\o31f3r5i.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\oojaavmc0y.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\rnytok0a.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\s3uupggbssn.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\s3uupvg5h0d.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\soojaavmc0.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\ty3kk3ww.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\ualbcxs366q.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\va3mm3yt.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\vglr5itufk.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\x3ejff3r5it.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\xxtjjfvvmrs.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\z26wrriddup.exe"
"c:\documents and settings\Monika\Data aplikací\juzjf.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\0pkabg8.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\5bww3ii.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\60k31cx.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\7ql9hxo.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\90fvvlr.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\9m1ieez.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\9za0q8c.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\b0hdotpkk.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\bssi3kkfwwr.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\g1cyytkk.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\g3iiduupggb.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\g9c1yuupgg.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\iy0zvv66m8.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\lm0c3yzzfl.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\m9i1eaavmm.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\mmhyjee6.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\mmhyytkk.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\ny3kk3wrx0t.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\o9ulwg3snj.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\rm1ieezqql.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\ssi3kkfw.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\w1soojaa.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\ww5x0ttkva.exe"
"c:\windows\pss\81topu8.exe"
"c:\windows\pss\a1wssnee.exe"
"c:\windows\pss\dj60a6m5d.exe"
"c:\windows\pss\e1fq3cc3.exe"
"c:\windows\pss\ez0vvmhhyt.exe"
"c:\windows\pss\i5j0ffwr.exe"
"c:\windows\pss\nidjzavbms.exe"
"c:\windows\pss\p0llhxxtj.exe"
"c:\windows\pss\pkabg81sdez.exe"
"c:\windows\pss\qwbsndjo6a.exe"
"c:\windows\pss\r9no6paf.exe"
"c:\windows\pss\rmm6ytz0vvw.exe"
"c:\windows\pss\v0rridd8u.exe"
"c:\windows\pss\vmmhyy5z0vv.exe"
"c:\windows\pss\wssnee5f0b.exe"
"c:\windows\pss\yuupggbssn.exe"
"c:\windows\system32\drivers\cdrom.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\cdrom.sys . . . je infikován!!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-28 do 2010-11-28 )))))))))))))))))))))))))))))))
.
2010-11-27 18:01 . 2010-11-27 18:01 30560 ----a-w- c:\windows\system32\drivers\wcscd.sys
2010-11-27 18:00 . 2010-11-27 18:00 315392 ----a-w- c:\windows\system32\lynnaz.exe
2010-11-27 17:56 . 2010-11-27 17:56 -------- d-----w- c:\documents and settings\Administrator
2010-11-27 17:54 . 2010-11-28 08:34 -------- d--h--r- c:\documents and settings\Charvi\Recent
2010-11-27 11:41 . 2010-11-27 11:41 -------- d-----w- c:\program files\trend micro
2010-11-27 11:41 . 2010-11-27 11:41 -------- d-----w- C:\rsit
2010-11-17 10:00 . 2010-11-16 09:44 193024 --sh--r- c:\documents and settings\Charvi\Data aplikací\juzjf.exe
2010-11-16 12:31 . 2010-11-16 09:44 193024 --sh--r- c:\documents and settings\Monika\Data aplikací\juzjf.exe
2010-11-16 09:44 . 2010-11-16 09:44 193024 --sh--r- c:\documents and settings\Mamka\Data aplikací\juzjf.exe
2010-11-12 23:15 . 2010-11-12 23:15 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-12 23:15 . 2010-11-12 23:15 -------- d-----w- c:\program files\Application Updater
2010-11-06 07:46 . 2010-11-06 07:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-01 08:07 . 2010-10-07 23:21 6146896 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DEFC810F-63D0-4D7A-8985-461FB53FE7C1}\mpengine.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-23 14:02 . 2008-04-14 12:00 98240 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-11-16 09:44 . 2010-11-17 10:00 193024 --sh--r- c:\documents and settings\Charvi\Data aplikací\juzjf.exe
2010-10-19 20:51 . 2010-04-30 14:47 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 23:21 . 2010-05-01 17:23 6146896 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-09-30 13:31 . 2010-09-30 13:31 409600 ------w- c:\windows\Setup1.exe
2010-09-30 13:31 . 2010-09-30 13:31 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-09-30 13:31 . 2010-09-30 13:31 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-09-18 10:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 03:50 . 2010-05-18 19:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2010-05-18 19:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-09 14:23 . 2008-04-14 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:23 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:23 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 14:16 . 2008-04-14 12:00 370176 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:52 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-11-27_18.11.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-28 08:40 . 2010-11-28 08:40 16384 c:\windows\temp\Perflib_Perfdata_1e0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 67584]
c:\documents and settings\Mamka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0a6mm3y.exe [2010-11-18 43008]
0hhyi8p.exe [2010-11-18 43008]
0oojaav.exe [2010-11-22 43008]
0s3eekg.exe [2010-11-20 43008]
0t6kk6w.exe [2010-11-18 43008]
1eaavmm.exe [2010-11-20 43008]
1soojaa.exe [2010-11-18 43008]
1yuupgg.exe [2010-11-19 43008]
60ekg0w.exe [2010-11-20 43008]
6qbrs0i.exe [2010-11-18 43008]
9bc0s3e.exe [2010-11-18 43008]
9uu5v5r.exe [2010-11-19 43008]
avmmhs3e.exe [2010-11-17 60416]
bcss3eek.exe [2010-11-20 43008]
duupggbs.exe [2010-11-22 43008]
dy1uqqlccx.exe [2010-11-18 43008]
e5f0bb6n26.exe [2010-11-17 60416]
epva30hyyt.exe [2010-11-18 43008]
hii70ffgg3.exe [2010-11-19 43008]
i5j0pq0g3s.exe [2010-11-18 43008]
i6uu6gg6.exe [2010-11-22 43008]
i9uvglr5it.exe [2010-11-17 60416]
iduupvg5h0.exe [2010-11-20 43008]
iojp0lgmm.exe [2010-11-19 43008]
m3yy6avq.exe [2010-11-18 43008]
mnneeuaa.exe [2010-11-17 60416]
nii6uu6gg.exe [2010-11-18 43008]
njzzva70xx.exe [2010-11-20 43008]
njzzvllh.exe [2010-11-18 43008]
no70plgg6s.exe [2010-11-22 43008]
o1kgg5h0dd.exe [2010-11-18 43008]
o31f3r5i.exe [2010-11-17 60416]
oojaavmc0y.exe [2010-11-19 43008]
rnytok0a.exe [2010-11-18 43008]
s3uupggbssn.exe [2010-11-19 43008]
s3uupvg5h0d.exe [2010-11-20 43008]
soojaavmc0.exe [2010-11-19 43008]
ty3kk3ww.exe [2010-11-18 43008]
ualbcxs366q.exe [2010-11-19 43008]
va3mm3yt.exe [2010-11-17 60416]
vglr5itufk.exe [2010-11-17 60416]
x3ejff3r5it.exe [2010-11-17 60416]
xxtjjfvvmrs.exe [2010-11-18 43008]
z26wrriddup.exe [2010-11-17 60416]
c:\documents and settings\Monika\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0pkabg8.exe [2010-11-18 43008]
5bww3ii.exe [2010-11-19 43008]
60k31cx.exe [2010-11-19 43008]
7ql9hxo.exe [2010-11-19 43008]
90fvvlr.exe [2010-11-18 43008]
9m1ieez.exe [2010-11-19 43008]
9za0q8c.exe [2010-11-19 43008]
b0hdotpkk.exe [2010-11-23 43008]
bssi3kkfwwr.exe [2010-11-23 43008]
g1cyytkk.exe [2010-11-19 43008]
g3iiduupggb.exe [2010-11-21 43008]
g9c1yuupgg.exe [2010-11-21 43008]
iy0zvv66m8.exe [2010-11-18 43008]
lm0c3yzzfl.exe [2010-11-19 43008]
m9i1eaavmm.exe [2010-11-21 43008]
mmhyjee6.exe [2010-11-23 43008]
mmhyytkk.exe [2010-11-19 43008]
ny3kk3wrx0t.exe [2010-11-19 43008]
o9ulwg3snj.exe [2010-11-19 43008]
rm1ieezqql.exe [2010-11-19 43008]
ssi3kkfw.exe [2010-11-23 43008]
w1soojaa.exe [2010-11-21 43008]
ww5x0ttkva.exe [2010-11-19 43008]
c:\documents and settings\Charvi\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ieezqqlccx.exe [2010-11-27 42496]
lccxoojaavm.exe [2010-11-27 50688]
s6uzvqq6.exe [2010-11-27 50688]
tpkk6ww6.exe [2010-11-27 50688]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
c:\documents and settings\Charvi\itbx.exe \u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\stahnute soubory\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\EA Sports\\FIFA Online\\NFE.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\GRETECH\\GomPlayer\\GOM.exe"=
"c:\\Documents and Settings\\Charvi\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.5.2010 12:20 691696]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [30.4.2010 15:31 44544]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [7.1.2010 23:51 380928]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - wcscd
.
Obsah adresáře 'Naplánované úlohy'
2010-11-28 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-05-01 20:18]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: FIFA Online Web Launcher: eafo3fflauncher@ea.com - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\extensions\eafo3fflauncher@ea.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-28 09:40
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1229272821-2147120213-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:d7,7d,65,76,31,de,67,7c,f8,98,aa,21,7e,d6,03,a2,18,8d,1e,a5,c9,
5e,5a,e7,5e,46,c1,47,2f,29,12,89,80,6a,1f,5e,fb,be,fe,b5,83,62,d7,bd,fd,41,\
"rkeysecu"=hex:a2,3d,59,a8,86,7c,17,43,7c,89,65,33,56,3a,d8,91
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2236)
c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-11-28 09:43:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-28 08:43
ComboFix2.txt 2010-11-27 20:33
ComboFix3.txt 2010-11-27 18:13
Před spuštěním: 8 645 316 608
Po spuštění: 8 637 280 256
- - End Of File - - 74776D4A80D12274C45ABDBECC393AA3
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1699 [GMT 1:00]
Spuštěný z: c:\documents and settings\Charvi\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Charvi\Plocha\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FILE ::
"c:\documents and settings\Charvi\Data aplikací\juzjf.exe"
"c:\documents and settings\Charvi\itbx.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\81topu8.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\a1wssnee.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\dj60a6m5d.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\e1fq3cc3.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\ez0vvmhhyt.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\i5j0ffwr.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\ieezqqlccx.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\lccxoojaavm.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\nidjzavbms.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\p0llhxxtj.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\pkabg81sdez.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\qwbsndjo6a.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\r9no6paf.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\rmm6ytz0vvw.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\s6uzvqq6.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\tpkk6ww6.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\v0rridd8u.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\vmmhyy5z0vv.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\wssnee5f0b.exe"
"c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\yuupggbssn.exe"
"c:\documents and settings\Mamka\Data aplikací\juzjf.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0a6mm3y.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0hhyi8p.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0oojaav.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0s3eekg.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0t6kk6w.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\1eaavmm.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\1soojaa.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\1yuupgg.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\60ekg0w.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\6qbrs0i.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\9bc0s3e.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\9uu5v5r.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\avmmhs3e.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\bcss3eek.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\duupggbs.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\dy1uqqlccx.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\e5f0bb6n26.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\epva30hyyt.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\hii70ffgg3.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\i5j0pq0g3s.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\i6uu6gg6.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\i9uvglr5it.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\iduupvg5h0.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\iojp0lgmm.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\m3yy6avq.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\mnneeuaa.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\nii6uu6gg.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\njzzva70xx.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\njzzvllh.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\no70plgg6s.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\o1kgg5h0dd.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\o31f3r5i.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\oojaavmc0y.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\rnytok0a.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\s3uupggbssn.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\s3uupvg5h0d.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\soojaavmc0.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\ty3kk3ww.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\ualbcxs366q.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\va3mm3yt.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\vglr5itufk.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\x3ejff3r5it.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\xxtjjfvvmrs.exe"
"c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\z26wrriddup.exe"
"c:\documents and settings\Monika\Data aplikací\juzjf.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\0pkabg8.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\5bww3ii.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\60k31cx.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\7ql9hxo.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\90fvvlr.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\9m1ieez.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\9za0q8c.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\b0hdotpkk.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\bssi3kkfwwr.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\g1cyytkk.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\g3iiduupggb.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\g9c1yuupgg.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\iy0zvv66m8.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\lm0c3yzzfl.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\m9i1eaavmm.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\mmhyjee6.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\mmhyytkk.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\ny3kk3wrx0t.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\o9ulwg3snj.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\rm1ieezqql.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\ssi3kkfw.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\w1soojaa.exe"
"c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\ww5x0ttkva.exe"
"c:\windows\pss\81topu8.exe"
"c:\windows\pss\a1wssnee.exe"
"c:\windows\pss\dj60a6m5d.exe"
"c:\windows\pss\e1fq3cc3.exe"
"c:\windows\pss\ez0vvmhhyt.exe"
"c:\windows\pss\i5j0ffwr.exe"
"c:\windows\pss\nidjzavbms.exe"
"c:\windows\pss\p0llhxxtj.exe"
"c:\windows\pss\pkabg81sdez.exe"
"c:\windows\pss\qwbsndjo6a.exe"
"c:\windows\pss\r9no6paf.exe"
"c:\windows\pss\rmm6ytz0vvw.exe"
"c:\windows\pss\v0rridd8u.exe"
"c:\windows\pss\vmmhyy5z0vv.exe"
"c:\windows\pss\wssnee5f0b.exe"
"c:\windows\pss\yuupggbssn.exe"
"c:\windows\system32\drivers\cdrom.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\cdrom.sys . . . je infikován!!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-28 do 2010-11-28 )))))))))))))))))))))))))))))))
.
2010-11-27 18:01 . 2010-11-27 18:01 30560 ----a-w- c:\windows\system32\drivers\wcscd.sys
2010-11-27 18:00 . 2010-11-27 18:00 315392 ----a-w- c:\windows\system32\lynnaz.exe
2010-11-27 17:56 . 2010-11-27 17:56 -------- d-----w- c:\documents and settings\Administrator
2010-11-27 17:54 . 2010-11-28 08:34 -------- d--h--r- c:\documents and settings\Charvi\Recent
2010-11-27 11:41 . 2010-11-27 11:41 -------- d-----w- c:\program files\trend micro
2010-11-27 11:41 . 2010-11-27 11:41 -------- d-----w- C:\rsit
2010-11-17 10:00 . 2010-11-16 09:44 193024 --sh--r- c:\documents and settings\Charvi\Data aplikací\juzjf.exe
2010-11-16 12:31 . 2010-11-16 09:44 193024 --sh--r- c:\documents and settings\Monika\Data aplikací\juzjf.exe
2010-11-16 09:44 . 2010-11-16 09:44 193024 --sh--r- c:\documents and settings\Mamka\Data aplikací\juzjf.exe
2010-11-12 23:15 . 2010-11-12 23:15 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-12 23:15 . 2010-11-12 23:15 -------- d-----w- c:\program files\Application Updater
2010-11-06 07:46 . 2010-11-06 07:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-01 08:07 . 2010-10-07 23:21 6146896 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DEFC810F-63D0-4D7A-8985-461FB53FE7C1}\mpengine.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-23 14:02 . 2008-04-14 12:00 98240 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-11-16 09:44 . 2010-11-17 10:00 193024 --sh--r- c:\documents and settings\Charvi\Data aplikací\juzjf.exe
2010-10-19 20:51 . 2010-04-30 14:47 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 23:21 . 2010-05-01 17:23 6146896 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-09-30 13:31 . 2010-09-30 13:31 409600 ------w- c:\windows\Setup1.exe
2010-09-30 13:31 . 2010-09-30 13:31 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-09-30 13:31 . 2010-09-30 13:31 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-09-18 10:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 03:50 . 2010-05-18 19:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2010-05-18 19:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-09 14:23 . 2008-04-14 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:23 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:23 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 14:16 . 2008-04-14 12:00 370176 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:52 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-11-27_18.11.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-28 08:40 . 2010-11-28 08:40 16384 c:\windows\temp\Perflib_Perfdata_1e0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 67584]
c:\documents and settings\Mamka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0a6mm3y.exe [2010-11-18 43008]
0hhyi8p.exe [2010-11-18 43008]
0oojaav.exe [2010-11-22 43008]
0s3eekg.exe [2010-11-20 43008]
0t6kk6w.exe [2010-11-18 43008]
1eaavmm.exe [2010-11-20 43008]
1soojaa.exe [2010-11-18 43008]
1yuupgg.exe [2010-11-19 43008]
60ekg0w.exe [2010-11-20 43008]
6qbrs0i.exe [2010-11-18 43008]
9bc0s3e.exe [2010-11-18 43008]
9uu5v5r.exe [2010-11-19 43008]
avmmhs3e.exe [2010-11-17 60416]
bcss3eek.exe [2010-11-20 43008]
duupggbs.exe [2010-11-22 43008]
dy1uqqlccx.exe [2010-11-18 43008]
e5f0bb6n26.exe [2010-11-17 60416]
epva30hyyt.exe [2010-11-18 43008]
hii70ffgg3.exe [2010-11-19 43008]
i5j0pq0g3s.exe [2010-11-18 43008]
i6uu6gg6.exe [2010-11-22 43008]
i9uvglr5it.exe [2010-11-17 60416]
iduupvg5h0.exe [2010-11-20 43008]
iojp0lgmm.exe [2010-11-19 43008]
m3yy6avq.exe [2010-11-18 43008]
mnneeuaa.exe [2010-11-17 60416]
nii6uu6gg.exe [2010-11-18 43008]
njzzva70xx.exe [2010-11-20 43008]
njzzvllh.exe [2010-11-18 43008]
no70plgg6s.exe [2010-11-22 43008]
o1kgg5h0dd.exe [2010-11-18 43008]
o31f3r5i.exe [2010-11-17 60416]
oojaavmc0y.exe [2010-11-19 43008]
rnytok0a.exe [2010-11-18 43008]
s3uupggbssn.exe [2010-11-19 43008]
s3uupvg5h0d.exe [2010-11-20 43008]
soojaavmc0.exe [2010-11-19 43008]
ty3kk3ww.exe [2010-11-18 43008]
ualbcxs366q.exe [2010-11-19 43008]
va3mm3yt.exe [2010-11-17 60416]
vglr5itufk.exe [2010-11-17 60416]
x3ejff3r5it.exe [2010-11-17 60416]
xxtjjfvvmrs.exe [2010-11-18 43008]
z26wrriddup.exe [2010-11-17 60416]
c:\documents and settings\Monika\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0pkabg8.exe [2010-11-18 43008]
5bww3ii.exe [2010-11-19 43008]
60k31cx.exe [2010-11-19 43008]
7ql9hxo.exe [2010-11-19 43008]
90fvvlr.exe [2010-11-18 43008]
9m1ieez.exe [2010-11-19 43008]
9za0q8c.exe [2010-11-19 43008]
b0hdotpkk.exe [2010-11-23 43008]
bssi3kkfwwr.exe [2010-11-23 43008]
g1cyytkk.exe [2010-11-19 43008]
g3iiduupggb.exe [2010-11-21 43008]
g9c1yuupgg.exe [2010-11-21 43008]
iy0zvv66m8.exe [2010-11-18 43008]
lm0c3yzzfl.exe [2010-11-19 43008]
m9i1eaavmm.exe [2010-11-21 43008]
mmhyjee6.exe [2010-11-23 43008]
mmhyytkk.exe [2010-11-19 43008]
ny3kk3wrx0t.exe [2010-11-19 43008]
o9ulwg3snj.exe [2010-11-19 43008]
rm1ieezqql.exe [2010-11-19 43008]
ssi3kkfw.exe [2010-11-23 43008]
w1soojaa.exe [2010-11-21 43008]
ww5x0ttkva.exe [2010-11-19 43008]
c:\documents and settings\Charvi\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ieezqqlccx.exe [2010-11-27 42496]
lccxoojaavm.exe [2010-11-27 50688]
s6uzvqq6.exe [2010-11-27 50688]
tpkk6ww6.exe [2010-11-27 50688]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
c:\documents and settings\Charvi\itbx.exe \u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\stahnute soubory\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\EA Sports\\FIFA Online\\NFE.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\GRETECH\\GomPlayer\\GOM.exe"=
"c:\\Documents and Settings\\Charvi\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.5.2010 12:20 691696]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [30.4.2010 15:31 44544]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [7.1.2010 23:51 380928]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - wcscd
.
Obsah adresáře 'Naplánované úlohy'
2010-11-28 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-05-01 20:18]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: FIFA Online Web Launcher: eafo3fflauncher@ea.com - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\extensions\eafo3fflauncher@ea.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Charvi\Data aplikací\Mozilla\Firefox\Profiles\mkjmiz3z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-28 09:40
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1229272821-2147120213-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:d7,7d,65,76,31,de,67,7c,f8,98,aa,21,7e,d6,03,a2,18,8d,1e,a5,c9,
5e,5a,e7,5e,46,c1,47,2f,29,12,89,80,6a,1f,5e,fb,be,fe,b5,83,62,d7,bd,fd,41,\
"rkeysecu"=hex:a2,3d,59,a8,86,7c,17,43,7c,89,65,33,56,3a,d8,91
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2236)
c:\documents and settings\Charvi\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-11-28 09:43:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-28 08:43
ComboFix2.txt 2010-11-27 20:33
ComboFix3.txt 2010-11-27 18:13
Před spuštěním: 8 645 316 608
Po spuštění: 8 637 280 256
- - End Of File - - 74776D4A80D12274C45ABDBECC393AA3
When Hell is full, the dead will walk the Earth ...
Re: svchost.exe 100% vytížený procesor
Oni ti šmejdi snad nepůjdou ven nebo co 
Tak ještě jinak.
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,
pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
Tak ještě jinak.
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
Kód: Vybrat vše
:processes
explorer.exe
:files
c:\*.tmp
c:\WINDOWS\System32\*.tmp
c:\WINDOWS\*.tmp
c:\windows\system32\drivers\cdrom.sys
c:\documents and settings\Charvi\Data aplikací\juzjf.exe
c:\documents and settings\Monika\Data aplikací\juzjf.exe
c:\documents and settings\Mamka\Data aplikací\juzjf.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0a6mm3y.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0hhyi8p.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0oojaav.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0s3eekg.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0t6kk6w.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\1eaavmm.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\1soojaa.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\1yuupgg.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\60ekg0w.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\6qbrs0i.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\9bc0s3e.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\9uu5v5r.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\avmmhs3e.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\bcss3eek.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\duupggbs.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\dy1uqqlccx.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\e5f0bb6n26.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\epva30hyyt.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\hii70ffgg3.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\i5j0pq0g3s.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\i6uu6gg6.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\i9uvglr5it.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\iduupvg5h0.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\iojp0lgmm.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\m3yy6avq.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\mnneeuaa.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\nii6uu6gg.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\njzzva70xx.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\njzzvllh.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\no70plgg6s.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\o1kgg5h0dd.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\o31f3r5i.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\oojaavmc0y.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\rnytok0a.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\s3uupggbssn.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\s3uupvg5h0d.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\soojaavmc0.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\ty3kk3ww.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\ualbcxs366q.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\va3mm3yt.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\vglr5itufk.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\x3ejff3r5it.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\xxtjjfvvmrs.exe
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\z26wrriddup.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\0pkabg8.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\5bww3ii.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\60k31cx.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\7ql9hxo.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\90fvvlr.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\9m1ieez.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\9za0q8c.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\b0hdotpkk.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\bssi3kkfwwr.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\g1cyytkk.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\g3iiduupggb.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\g9c1yuupgg.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\iy0zvv66m8.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\lm0c3yzzfl.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\m9i1eaavmm.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\mmhyjee6.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\mmhyytkk.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\ny3kk3wrx0t.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\o9ulwg3snj.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\rm1ieezqql.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\ssi3kkfw.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\w1soojaa.exe
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\ww5x0ttkva.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\ieezqqlccx.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\lccxoojaavm.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\s6uzvqq6.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\tpkk6ww6.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\81topu8.exe
c:\windows\pss\81topu8.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\a1wssnee.exe
c:\windows\pss\a1wssnee.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\dj60a6m5d.exe
c:\windows\pss\dj60a6m5d.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\e1fq3cc3.exe
c:\windows\pss\e1fq3cc3.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\ez0vvmhhyt.exe
c:\windows\pss\ez0vvmhhyt.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\i5j0ffwr.exe
c:\windows\pss\i5j0ffwr.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\nidjzavbms.exe
c:\windows\pss\nidjzavbms.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\p0llhxxtj.exe
c:\windows\pss\p0llhxxtj.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\pkabg81sdez.exe
c:\windows\pss\pkabg81sdez.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\qwbsndjo6a.exe
c:\windows\pss\qwbsndjo6a.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\r9no6paf.exe
c:\windows\pss\r9no6paf.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\rmm6ytz0vvw.exe
c:\windows\pss\rmm6ytz0vvw.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\v0rridd8u.exe
c:\windows\pss\v0rridd8u.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\vmmhyy5z0vv.exe
c:\windows\pss\vmmhyy5z0vv.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\wssnee5f0b.exe
c:\windows\pss\wssnee5f0b.exe
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\yuupggbssn.exe
c:\windows\pss\yuupggbssn.exe
c:\documents and settings\Charvi\itbx.exe
c:\Documents and Settings\Mamka\Local Settings\Temp\236239.exe
c:\DOCUME~1\Monika\LOCALS~1\Temp\210.exe
c:\program files\pdfforge Toolbar
:commands
[purity]
[emptytemp]
[start explorer]pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
-
MistX
- Návštěvník
- Příspěvky: 11
- Registrován: 22 říj 2007 08:25
- Bydliště: Kolín
- Kontaktovat uživatele:
Re: svchost.exe 100% vytížený procesor
Rád Vás zase vidím
Log po restartu
All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
File/Folder c:\*.tmp not found.
c:\WINDOWS\System32\CONFIG.TMP moved successfully.
c:\WINDOWS\SET3.tmp moved successfully.
c:\WINDOWS\SET4.tmp moved successfully.
c:\WINDOWS\SET8.tmp moved successfully.
c:\windows\system32\drivers\cdrom.sys moved successfully.
c:\documents and settings\Charvi\Data aplikací\juzjf.exe moved successfully.
c:\documents and settings\Monika\Data aplikací\juzjf.exe moved successfully.
c:\documents and settings\Mamka\Data aplikací\juzjf.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0a6mm3y.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0hhyi8p.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0oojaav.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0s3eekg.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0t6kk6w.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\1eaavmm.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\1soojaa.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\1yuupgg.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\60ekg0w.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\6qbrs0i.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\9bc0s3e.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\9uu5v5r.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\avmmhs3e.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\bcss3eek.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\duupggbs.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\dy1uqqlccx.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\e5f0bb6n26.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\epva30hyyt.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\hii70ffgg3.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\i5j0pq0g3s.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\i6uu6gg6.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\i9uvglr5it.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\iduupvg5h0.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\iojp0lgmm.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\m3yy6avq.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\mnneeuaa.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\nii6uu6gg.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\njzzva70xx.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\njzzvllh.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\no70plgg6s.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\o1kgg5h0dd.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\o31f3r5i.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\oojaavmc0y.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\rnytok0a.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\s3uupggbssn.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\s3uupvg5h0d.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\soojaavmc0.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\ty3kk3ww.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\ualbcxs366q.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\va3mm3yt.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\vglr5itufk.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\x3ejff3r5it.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\xxtjjfvvmrs.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\z26wrriddup.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\0pkabg8.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\5bww3ii.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\60k31cx.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\7ql9hxo.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\90fvvlr.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\9m1ieez.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\9za0q8c.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\b0hdotpkk.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\bssi3kkfwwr.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\g1cyytkk.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\g3iiduupggb.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\g9c1yuupgg.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\iy0zvv66m8.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\lm0c3yzzfl.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\m9i1eaavmm.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\mmhyjee6.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\mmhyytkk.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\ny3kk3wrx0t.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\o9ulwg3snj.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\rm1ieezqql.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\ssi3kkfw.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\w1soojaa.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\ww5x0ttkva.exe moved successfully.
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\ieezqqlccx.exe moved successfully.
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\lccxoojaavm.exe moved successfully.
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\s6uzvqq6.exe moved successfully.
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\tpkk6ww6.exe moved successfully.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\81topu8.exe not found.
File/Folder c:\windows\pss\81topu8.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\a1wssnee.exe not found.
File/Folder c:\windows\pss\a1wssnee.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\dj60a6m5d.exe not found.
File/Folder c:\windows\pss\dj60a6m5d.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\e1fq3cc3.exe not found.
File/Folder c:\windows\pss\e1fq3cc3.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\ez0vvmhhyt.exe not found.
File/Folder c:\windows\pss\ez0vvmhhyt.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\i5j0ffwr.exe not found.
File/Folder c:\windows\pss\i5j0ffwr.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\nidjzavbms.exe not found.
File/Folder c:\windows\pss\nidjzavbms.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\p0llhxxtj.exe not found.
File/Folder c:\windows\pss\p0llhxxtj.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\pkabg81sdez.exe not found.
File/Folder c:\windows\pss\pkabg81sdez.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\qwbsndjo6a.exe not found.
File/Folder c:\windows\pss\qwbsndjo6a.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\r9no6paf.exe not found.
File/Folder c:\windows\pss\r9no6paf.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\rmm6ytz0vvw.exe not found.
File/Folder c:\windows\pss\rmm6ytz0vvw.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\v0rridd8u.exe not found.
File/Folder c:\windows\pss\v0rridd8u.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\vmmhyy5z0vv.exe not found.
File/Folder c:\windows\pss\vmmhyy5z0vv.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\wssnee5f0b.exe not found.
File/Folder c:\windows\pss\wssnee5f0b.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\yuupggbssn.exe not found.
File/Folder c:\windows\pss\yuupggbssn.exe not found.
File/Folder c:\documents and settings\Charvi\itbx.exe not found.
File/Folder c:\Documents and Settings\Mamka\Local Settings\Temp\236239.exe not found.
File/Folder c:\DOCUME~1\Monika\LOCALS~1\Temp\210.exe not found.
c:\program files\pdfforge Toolbar\SSFF\components folder moved successfully.
c:\program files\pdfforge Toolbar\SSFF\chrome\skin folder moved successfully.
c:\program files\pdfforge Toolbar\SSFF\chrome\locale\en-US folder moved successfully.
c:\program files\pdfforge Toolbar\SSFF\chrome\locale folder moved successfully.
c:\program files\pdfforge Toolbar\SSFF\chrome\content folder moved successfully.
c:\program files\pdfforge Toolbar\SSFF\chrome folder moved successfully.
c:\program files\pdfforge Toolbar\SSFF folder moved successfully.
c:\program files\pdfforge Toolbar\Res folder moved successfully.
c:\program files\pdfforge Toolbar\IE\1.1.2 folder moved successfully.
c:\program files\pdfforge Toolbar\IE folder moved successfully.
c:\program files\pdfforge Toolbar\FF\components folder moved successfully.
c:\program files\pdfforge Toolbar\FF\chrome\skin folder moved successfully.
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US folder moved successfully.
c:\program files\pdfforge Toolbar\FF\chrome\locale folder moved successfully.
c:\program files\pdfforge Toolbar\FF\chrome\content folder moved successfully.
c:\program files\pdfforge Toolbar\FF\chrome folder moved successfully.
c:\program files\pdfforge Toolbar\FF folder moved successfully.
c:\program files\pdfforge Toolbar folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: Charvi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49814762 bytes
->Flash cache emptied: 1959128 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Mamka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59160616 bytes
->Flash cache emptied: 2113 bytes
User: Monika
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 293467 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 104354339 bytes
->Flash cache emptied: 4791 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 76112 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 206,00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 11282010_210722
Files moved on Reboot...
Registry entries deleted on Reboot...
Log po restartu
All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
File/Folder c:\*.tmp not found.
c:\WINDOWS\System32\CONFIG.TMP moved successfully.
c:\WINDOWS\SET3.tmp moved successfully.
c:\WINDOWS\SET4.tmp moved successfully.
c:\WINDOWS\SET8.tmp moved successfully.
c:\windows\system32\drivers\cdrom.sys moved successfully.
c:\documents and settings\Charvi\Data aplikací\juzjf.exe moved successfully.
c:\documents and settings\Monika\Data aplikací\juzjf.exe moved successfully.
c:\documents and settings\Mamka\Data aplikací\juzjf.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0a6mm3y.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0hhyi8p.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0oojaav.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0s3eekg.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\0t6kk6w.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\1eaavmm.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\1soojaa.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\1yuupgg.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\60ekg0w.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\6qbrs0i.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\9bc0s3e.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\9uu5v5r.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\avmmhs3e.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\bcss3eek.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\duupggbs.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\dy1uqqlccx.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\e5f0bb6n26.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\epva30hyyt.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\hii70ffgg3.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\i5j0pq0g3s.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\i6uu6gg6.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\i9uvglr5it.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\iduupvg5h0.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\iojp0lgmm.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\m3yy6avq.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\mnneeuaa.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\nii6uu6gg.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\njzzva70xx.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\njzzvllh.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\no70plgg6s.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\o1kgg5h0dd.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\o31f3r5i.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\oojaavmc0y.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\rnytok0a.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\s3uupggbssn.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\s3uupvg5h0d.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\soojaavmc0.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\ty3kk3ww.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\ualbcxs366q.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\va3mm3yt.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\vglr5itufk.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\x3ejff3r5it.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\xxtjjfvvmrs.exe moved successfully.
c:\documents and settings\Mamka\Nabídka Start\Programy\Po spuštění\z26wrriddup.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\0pkabg8.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\5bww3ii.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\60k31cx.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\7ql9hxo.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\90fvvlr.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\9m1ieez.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\9za0q8c.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\b0hdotpkk.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\bssi3kkfwwr.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\g1cyytkk.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\g3iiduupggb.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\g9c1yuupgg.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\iy0zvv66m8.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\lm0c3yzzfl.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\m9i1eaavmm.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\mmhyjee6.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\mmhyytkk.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\ny3kk3wrx0t.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\o9ulwg3snj.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\rm1ieezqql.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\ssi3kkfw.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\w1soojaa.exe moved successfully.
c:\documents and settings\Monika\Nabídka Start\Programy\Po spuštění\ww5x0ttkva.exe moved successfully.
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\ieezqqlccx.exe moved successfully.
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\lccxoojaavm.exe moved successfully.
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\s6uzvqq6.exe moved successfully.
c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\tpkk6ww6.exe moved successfully.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\81topu8.exe not found.
File/Folder c:\windows\pss\81topu8.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\a1wssnee.exe not found.
File/Folder c:\windows\pss\a1wssnee.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\dj60a6m5d.exe not found.
File/Folder c:\windows\pss\dj60a6m5d.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\e1fq3cc3.exe not found.
File/Folder c:\windows\pss\e1fq3cc3.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\ez0vvmhhyt.exe not found.
File/Folder c:\windows\pss\ez0vvmhhyt.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\i5j0ffwr.exe not found.
File/Folder c:\windows\pss\i5j0ffwr.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\nidjzavbms.exe not found.
File/Folder c:\windows\pss\nidjzavbms.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\p0llhxxtj.exe not found.
File/Folder c:\windows\pss\p0llhxxtj.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\pkabg81sdez.exe not found.
File/Folder c:\windows\pss\pkabg81sdez.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\qwbsndjo6a.exe not found.
File/Folder c:\windows\pss\qwbsndjo6a.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\r9no6paf.exe not found.
File/Folder c:\windows\pss\r9no6paf.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\rmm6ytz0vvw.exe not found.
File/Folder c:\windows\pss\rmm6ytz0vvw.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\v0rridd8u.exe not found.
File/Folder c:\windows\pss\v0rridd8u.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\vmmhyy5z0vv.exe not found.
File/Folder c:\windows\pss\vmmhyy5z0vv.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\wssnee5f0b.exe not found.
File/Folder c:\windows\pss\wssnee5f0b.exe not found.
File/Folder c:\documents and settings\Charvi\Nabídka Start\Programy\Po spuštění\yuupggbssn.exe not found.
File/Folder c:\windows\pss\yuupggbssn.exe not found.
File/Folder c:\documents and settings\Charvi\itbx.exe not found.
File/Folder c:\Documents and Settings\Mamka\Local Settings\Temp\236239.exe not found.
File/Folder c:\DOCUME~1\Monika\LOCALS~1\Temp\210.exe not found.
c:\program files\pdfforge Toolbar\SSFF\components folder moved successfully.
c:\program files\pdfforge Toolbar\SSFF\chrome\skin folder moved successfully.
c:\program files\pdfforge Toolbar\SSFF\chrome\locale\en-US folder moved successfully.
c:\program files\pdfforge Toolbar\SSFF\chrome\locale folder moved successfully.
c:\program files\pdfforge Toolbar\SSFF\chrome\content folder moved successfully.
c:\program files\pdfforge Toolbar\SSFF\chrome folder moved successfully.
c:\program files\pdfforge Toolbar\SSFF folder moved successfully.
c:\program files\pdfforge Toolbar\Res folder moved successfully.
c:\program files\pdfforge Toolbar\IE\1.1.2 folder moved successfully.
c:\program files\pdfforge Toolbar\IE folder moved successfully.
c:\program files\pdfforge Toolbar\FF\components folder moved successfully.
c:\program files\pdfforge Toolbar\FF\chrome\skin folder moved successfully.
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US folder moved successfully.
c:\program files\pdfforge Toolbar\FF\chrome\locale folder moved successfully.
c:\program files\pdfforge Toolbar\FF\chrome\content folder moved successfully.
c:\program files\pdfforge Toolbar\FF\chrome folder moved successfully.
c:\program files\pdfforge Toolbar\FF folder moved successfully.
c:\program files\pdfforge Toolbar folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: Charvi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49814762 bytes
->Flash cache emptied: 1959128 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Mamka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59160616 bytes
->Flash cache emptied: 2113 bytes
User: Monika
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 293467 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 104354339 bytes
->Flash cache emptied: 4791 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 76112 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 206,00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 11282010_210722
Files moved on Reboot...
Registry entries deleted on Reboot...
When Hell is full, the dead will walk the Earth ...
Re: svchost.exe 100% vytížený procesor
Tak a jsou pryč hajzlíci 
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Nakonec ještě PC protáhni Cure Item z mého podpisu a pak dej vědět zda ještě něco našel nebo ne.
(Upozornění je úchylně pomalý a je zapotřebí ho sledovat občas se na něco ptá)
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Nakonec ještě PC protáhni Cure Item z mého podpisu a pak dej vědět zda ještě něco našel nebo ne.
(Upozornění je úchylně pomalý a je zapotřebí ho sledovat občas se na něco ptá)
-
MistX
- Návštěvník
- Příspěvky: 11
- Registrován: 22 říj 2007 08:25
- Bydliště: Kolín
- Kontaktovat uživatele:
Re: svchost.exe 100% vytížený procesor
Mnohokrát díky Zítra dám vědět jestli se tam ještě něco našlo.
Zítra dám vědět jestli se tam ještě něco našlo.When Hell is full, the dead will walk the Earth ...
Re: svchost.exe 100% vytížený procesor
Ještě neděkuj páč jsme nezkončiliMistX píše:Mnohokrát díky
Jasně večer tady zase budu.MistX píše:Zítra dám vědět jestli se tam ještě něco našlo.
-
MistX
- Návštěvník
- Příspěvky: 11
- Registrován: 22 říj 2007 08:25
- Bydliště: Kolín
- Kontaktovat uživatele:
Re: svchost.exe 100% vytížený procesor
Nalezlo to celkem 49 napadených objektu a z toho 47 odstraněno a 2 přesunuty.
When Hell is full, the dead will walk the Earth ...
-
MistX
- Návštěvník
- Příspěvky: 11
- Registrován: 22 říj 2007 08:25
- Bydliště: Kolín
- Kontaktovat uživatele:
Re: svchost.exe 100% vytížený procesor
Logfile of random's system information tool 1.08 (written by random/random)
Run by Charvi at 2010-11-29 21:30:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (17%) free of 50 GB
Total RAM: 2047 MB (83% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:30:20, on 29.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Charvi\Plocha\RSIT.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\trend micro\Charvi.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 3709 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-07-01 67584]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.2\ICQ.exe [2010-10-27 133432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
C:\Documents and Settings\Charvi\itbx.exe \u []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE [2010-01-15 255536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-25 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\stahnute soubory\TmUnitedForever\TmForever.exe"="D:\stahnute soubory\TmUnitedForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\EA Sports\FIFA Online\NFE.exe"="C:\Program Files\EA Sports\FIFA Online\NFE.exe:*:Enabled:EA SPORTS™ FIFA Online"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\GRETECH\GomPlayer\GOM.exe"="C:\Program Files\GRETECH\GomPlayer\GOM.exe:*:Enabled:GOM Player"
"C:\Documents and Settings\Charvi\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Charvi\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Office"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2010-11-29 21:00:27 ----D---- C:\WINDOWS\Minidump
2010-11-28 21:07:50 ----SHD---- C:\RECYCLER
2010-11-28 09:43:17 ----A---- C:\ComboFix.txt
2010-11-28 09:38:54 ----D---- C:\WINDOWS\temp
2010-11-27 19:02:05 ----A---- C:\Boot.bak
2010-11-27 19:01:59 ----RASHD---- C:\cmdcons
2010-11-27 19:01:20 ----A---- C:\WINDOWS\system32\drivers\wcscd.sys
2010-11-27 19:00:55 ----A---- C:\WINDOWS\system32\lynnaz.exe
2010-11-27 18:57:57 ----D---- C:\WINDOWS\ERDNT
2010-11-27 18:57:15 ----D---- C:\Qoobox
2010-11-27 12:41:15 ----D---- C:\Program Files\trend micro
2010-11-27 12:41:13 ----D---- C:\rsit
2010-11-27 11:27:59 ----D---- C:\WINDOWS\pss
2010-11-23 14:14:07 ----RA---- C:\Documents and Settings\Charvi\Data aplikací\hDlkH.txt
2010-11-18 17:04:06 ----A---- C:\WINDOWS\system32\MRT.INI
2010-11-13 00:15:28 ----D---- C:\Program Files\Application Updater
2010-11-06 08:48:22 ----A---- C:\WINDOWS\system32\javaws.exe
2010-11-06 08:48:22 ----A---- C:\WINDOWS\system32\javaw.exe
2010-11-06 08:48:22 ----A---- C:\WINDOWS\system32\java.exe
2010-11-06 08:46:54 ----D---- C:\Program Files\Common Files\Adobe
======List of files/folders modified in the last 1 months======
2010-11-29 21:29:14 ----D---- C:\WINDOWS
2010-11-29 21:28:55 ----D---- C:\WINDOWS\system32
2010-11-29 21:05:25 ----RSD---- C:\WINDOWS\assembly
2010-11-29 21:05:21 ----SHD---- C:\WINDOWS\Installer
2010-11-29 21:04:05 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-11-29 21:02:36 ----SD---- C:\WINDOWS\Tasks
2010-11-29 21:02:32 ----D---- C:\WINDOWS\Prefetch
2010-11-29 21:02:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-29 21:02:05 ----HD---- C:\WINDOWS\inf
2010-11-29 21:02:04 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-29 18:26:26 ----D---- C:\WINDOWS\system32\drivers
2010-11-28 22:03:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-28 21:53:29 ----SHD---- C:\System Volume Information
2010-11-28 21:53:29 ----D---- C:\WINDOWS\system32\Restore
2010-11-28 21:07:42 ----D---- C:\Program Files
2010-11-28 09:40:24 ----A---- C:\WINDOWS\system.ini
2010-11-28 09:40:13 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-28 09:37:51 ----D---- C:\WINDOWS\AppPatch
2010-11-28 09:37:47 ----D---- C:\Program Files\Common Files
2010-11-27 21:30:34 ----D---- C:\WINDOWS\system32\config
2010-11-27 19:02:05 ----RASH---- C:\boot.ini
2010-11-27 18:56:53 ----D---- C:\Documents and Settings
2010-11-27 11:30:06 ----A---- C:\WINDOWS\win.ini
2010-11-19 15:35:17 ----D---- C:\WINDOWS\Debug
2010-11-18 17:01:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-15 20:20:38 ----A---- C:\WINDOWS\level.ini
2010-11-13 00:15:46 ----D---- C:\WINDOWS\system32\wbem
2010-11-13 00:15:45 ----D---- C:\WINDOWS\Registration
2010-11-06 08:48:19 ----D---- C:\Program Files\Java
2010-11-06 08:47:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-11-01 07:05:10 ----D---- C:\Program Files\ICQ7.2
2010-10-31 08:21:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-30 23:54:31 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-14 46464]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-05-08 691696]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R1 AmdK8;Ovladač procesoru AMD Athlon64; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2003-11-07 37888]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-07-01 626977]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\getnd5b.sys [2004-01-29 44544]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-05-08 47360]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
S1 cdfss;cdfss; C:\WINDOWS\system32\drivers\cdfss.sys []
S1 wcscd;wcscd; C:\WINDOWS\system32\drivers\wcscd.sys [2010-11-27 30560]
S3 a486osdm;a486osdm; C:\WINDOWS\system32\drivers\a486osdm.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-06-20 75064]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-25 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S4 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Run by Charvi at 2010-11-29 21:30:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (17%) free of 50 GB
Total RAM: 2047 MB (83% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:30:20, on 29.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Charvi\Plocha\RSIT.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\trend micro\Charvi.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 3709 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-07-01 67584]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.2\ICQ.exe [2010-10-27 133432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
C:\Documents and Settings\Charvi\itbx.exe \u []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE [2010-01-15 255536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-25 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\stahnute soubory\TmUnitedForever\TmForever.exe"="D:\stahnute soubory\TmUnitedForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\EA Sports\FIFA Online\NFE.exe"="C:\Program Files\EA Sports\FIFA Online\NFE.exe:*:Enabled:EA SPORTS™ FIFA Online"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\GRETECH\GomPlayer\GOM.exe"="C:\Program Files\GRETECH\GomPlayer\GOM.exe:*:Enabled:GOM Player"
"C:\Documents and Settings\Charvi\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Charvi\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Office"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2010-11-29 21:00:27 ----D---- C:\WINDOWS\Minidump
2010-11-28 21:07:50 ----SHD---- C:\RECYCLER
2010-11-28 09:43:17 ----A---- C:\ComboFix.txt
2010-11-28 09:38:54 ----D---- C:\WINDOWS\temp
2010-11-27 19:02:05 ----A---- C:\Boot.bak
2010-11-27 19:01:59 ----RASHD---- C:\cmdcons
2010-11-27 19:01:20 ----A---- C:\WINDOWS\system32\drivers\wcscd.sys
2010-11-27 19:00:55 ----A---- C:\WINDOWS\system32\lynnaz.exe
2010-11-27 18:57:57 ----D---- C:\WINDOWS\ERDNT
2010-11-27 18:57:15 ----D---- C:\Qoobox
2010-11-27 12:41:15 ----D---- C:\Program Files\trend micro
2010-11-27 12:41:13 ----D---- C:\rsit
2010-11-27 11:27:59 ----D---- C:\WINDOWS\pss
2010-11-23 14:14:07 ----RA---- C:\Documents and Settings\Charvi\Data aplikací\hDlkH.txt
2010-11-18 17:04:06 ----A---- C:\WINDOWS\system32\MRT.INI
2010-11-13 00:15:28 ----D---- C:\Program Files\Application Updater
2010-11-06 08:48:22 ----A---- C:\WINDOWS\system32\javaws.exe
2010-11-06 08:48:22 ----A---- C:\WINDOWS\system32\javaw.exe
2010-11-06 08:48:22 ----A---- C:\WINDOWS\system32\java.exe
2010-11-06 08:46:54 ----D---- C:\Program Files\Common Files\Adobe
======List of files/folders modified in the last 1 months======
2010-11-29 21:29:14 ----D---- C:\WINDOWS
2010-11-29 21:28:55 ----D---- C:\WINDOWS\system32
2010-11-29 21:05:25 ----RSD---- C:\WINDOWS\assembly
2010-11-29 21:05:21 ----SHD---- C:\WINDOWS\Installer
2010-11-29 21:04:05 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-11-29 21:02:36 ----SD---- C:\WINDOWS\Tasks
2010-11-29 21:02:32 ----D---- C:\WINDOWS\Prefetch
2010-11-29 21:02:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-29 21:02:05 ----HD---- C:\WINDOWS\inf
2010-11-29 21:02:04 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-29 18:26:26 ----D---- C:\WINDOWS\system32\drivers
2010-11-28 22:03:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-28 21:53:29 ----SHD---- C:\System Volume Information
2010-11-28 21:53:29 ----D---- C:\WINDOWS\system32\Restore
2010-11-28 21:07:42 ----D---- C:\Program Files
2010-11-28 09:40:24 ----A---- C:\WINDOWS\system.ini
2010-11-28 09:40:13 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-28 09:37:51 ----D---- C:\WINDOWS\AppPatch
2010-11-28 09:37:47 ----D---- C:\Program Files\Common Files
2010-11-27 21:30:34 ----D---- C:\WINDOWS\system32\config
2010-11-27 19:02:05 ----RASH---- C:\boot.ini
2010-11-27 18:56:53 ----D---- C:\Documents and Settings
2010-11-27 11:30:06 ----A---- C:\WINDOWS\win.ini
2010-11-19 15:35:17 ----D---- C:\WINDOWS\Debug
2010-11-18 17:01:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-15 20:20:38 ----A---- C:\WINDOWS\level.ini
2010-11-13 00:15:46 ----D---- C:\WINDOWS\system32\wbem
2010-11-13 00:15:45 ----D---- C:\WINDOWS\Registration
2010-11-06 08:48:19 ----D---- C:\Program Files\Java
2010-11-06 08:47:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-11-01 07:05:10 ----D---- C:\Program Files\ICQ7.2
2010-10-31 08:21:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-30 23:54:31 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-14 46464]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-05-08 691696]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R1 AmdK8;Ovladač procesoru AMD Athlon64; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2003-11-07 37888]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-07-01 626977]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\getnd5b.sys [2004-01-29 44544]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-05-08 47360]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
S1 cdfss;cdfss; C:\WINDOWS\system32\drivers\cdfss.sys []
S1 wcscd;wcscd; C:\WINDOWS\system32\drivers\wcscd.sys [2010-11-27 30560]
S3 a486osdm;a486osdm; C:\WINDOWS\system32\drivers\a486osdm.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-06-20 75064]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-25 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S4 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
When Hell is full, the dead will walk the Earth ...
Přispějete na provoz fóra?