VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

kontrola logu

https://forum.viry.cz:443/viewtopic.php?t=109499

Stránka 1 z 1

kontrola logu

Napsal: 15 úno 2011 13:46
od nandor
Prosím o kontrolu logu.Děkuji.Nandor. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:52:29, on 15.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\vsnp325.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
E:\INSTAL\TrojanHunter 5.3\THGuard.exe
C:\Program Files\ASUS\ASUS MultiFrame\MultiFrame.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Orbitdownloader\orbitdm.exe
E:\Orbitdownloader\orbitnet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.humlak.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - E:\Orbitdownloader\orbitcth.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - E:\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Net4Switch] C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [TrojanScanner] E:\Downloads\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [THGuard] "E:\INSTAL\TrojanHunter 5.3\THGuard.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MultiFrame] C:\Program Files\ASUS\ASUS MultiFrame\MultiFrame.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.zahrajsi.cz/zahrat-online-hr ... tennis.php"
O4 - Global Startup: Orbit.lnk = E:\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://E:\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://E:\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://E:\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://E:\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABDC1272-0810-4CE5-9697-24EA9355FB52}: NameServer = 1.1.1.1,1.1.1.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 8276 bytes

Re: kontrola logu

Napsal: 15 úno 2011 21:58
od Roli
Zdravím, tohle fixni v HJT :

O4 - HKLM\..\Run: [TrojanScanner] E:\Downloads\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [THGuard] "E:\INSTAL\TrojanHunter 5.3\THGuard.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.zahrajsi.cz/zahrat-online-hr ... tennis.php

Fix znamená že spustíš HJT Obrázek

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :

NMIndexingService

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.


Pak mi sem dej log.txt z Rsit je podrobnější.

Re: kontrola logu

Napsal: 16 úno 2011 09:10
od nandor
Logfile of random's system information tool 1.08 (written by random/random)
Run by nandor at 2011-02-16 09:05:53
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (18%) free of 15 GB
Total RAM: 1919 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:05:55, on 16.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\vsnp325.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\ASUS\ASUS MultiFrame\MultiFrame.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Orbitdownloader\orbitdm.exe
E:\Orbitdownloader\orbitnet.exe
E:\Downloads\RSIT.exe
C:\Program Files\trend micro\nandor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.humlak.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - E:\Orbitdownloader\orbitcth.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - E:\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Net4Switch] C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [MultiFrame] C:\Program Files\ASUS\ASUS MultiFrame\MultiFrame.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Orbit.lnk = E:\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://E:\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://E:\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://E:\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://E:\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABDC1272-0810-4CE5-9697-24EA9355FB52}: NameServer = 1.1.1.1,1.1.1.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 7679 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - E:\Orbitdownloader\orbitcth.dll [2010-02-10 240912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-01-30 64928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-01-08 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - E:\Orbitdownloader\GrabPro.dll [2010-02-10 666816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-10-14 110592]
"Net4Switch"=C:\Program Files\ASUS\Net4Switch\Net4Switch.exe [2006-12-07 1143152]
"ACMON"=C:\Program Files\ASUS\Splendid\ACMON.exe [2007-01-16 843776]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2006-11-29 1011712]
"ACU"=C:\Program Files\Atheros\ACU.exe [2006-11-17 348249]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-08-07 573440]
"Lexmark 1200 Series"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-07-13 57344]
"FixCamera"=C:\WINDOWS\FixCamera.exe [2007-02-12 20480]
"snp325"=C:\WINDOWS\vsnp325.exe [2007-05-10 835584]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MultiFrame"=C:\Program Files\ASUS\ASUS MultiFrame\MultiFrame.exe [2007-02-09 999792]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Orbit.lnk - E:\Orbitdownloader\orbitdm.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-07-04 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"E:\Orbitdownloader\orbitdm.exe"="E:\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"E:\Orbitdownloader\orbitnet.exe"="E:\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-02-16 09:05:53 ----D---- C:\rsit
2011-02-10 08:51:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-02-10 08:51:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$
2011-02-10 08:51:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$
2011-02-10 08:51:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-02-10 08:46:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$
2011-02-10 08:46:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-02-10 08:46:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2011-02-01 08:15:58 ----SD---- C:\ComboFix
2011-02-01 08:13:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2011-01-31 09:15:44 ----SHD---- C:\RECYCLER
2011-01-31 09:09:56 ----A---- C:\ComboFix.txt
2011-01-31 09:03:18 ----D---- C:\WINDOWS\temp
2011-01-31 07:50:21 ----D---- C:\WINDOWS\system32\XPSViewer
2011-01-31 07:50:11 ----D---- C:\Program Files\MSBuild
2011-01-31 07:50:09 ----D---- C:\WINDOWS\system32\en-US
2011-01-31 07:49:59 ----D---- C:\Program Files\Reference Assemblies
2011-01-31 07:49:07 ----N---- C:\WINDOWS\system32\prntvpt.dll
2011-01-31 07:49:05 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2011-01-31 07:49:05 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2011-01-31 07:36:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2011-01-31 07:36:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2011-01-31 07:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2011-01-31 07:36:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2011-01-31 07:36:19 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2011-01-31 07:36:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$
2011-01-31 07:36:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2011-01-31 07:36:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2011-01-31 07:35:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2011-01-31 07:35:15 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2011-01-31 07:34:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2011-01-31 07:33:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2011-01-31 07:33:50 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2011-01-31 07:33:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2011-01-31 07:33:37 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2011-01-31 07:33:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2011-01-31 07:33:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2011-01-31 07:33:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2011-01-31 07:33:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2011-01-31 07:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2011-01-31 07:32:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2011-01-31 07:25:13 ----A---- C:\WINDOWS\system32\muweb.dll
2011-01-31 07:25:13 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2011-01-31 07:25:13 ----A---- C:\WINDOWS\system32\mucltui.dll
2011-01-29 17:20:32 ----A---- C:\Boot.bak
2011-01-29 17:20:26 ----RASHD---- C:\cmdcons
2011-01-29 17:14:39 ----D---- C:\WINDOWS\ERDNT
2011-01-27 19:30:24 ----D---- C:\Documents and Settings\nandor\Data aplikací\TrojanHunter
2011-01-27 19:25:16 ----R---- C:\WINDOWS\system32\streamhlp.dll
2011-01-27 18:35:58 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2011-01-27 18:35:58 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2011-01-27 18:35:58 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2011-01-27 18:35:58 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2011-01-27 18:35:58 ----A---- C:\WINDOWS\system32\unacev2.dll
2011-01-27 18:35:56 ----D---- C:\Documents and Settings\nandor\Data aplikací\Simply Super Software
2011-01-27 18:35:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Simply Super Software

======List of files/folders modified in the last 1 months======

2011-02-16 09:05:55 ----D---- C:\Program Files\Trend Micro
2011-02-16 09:04:15 ----D---- C:\Documents and Settings\nandor\Data aplikací\Orbit
2011-02-16 08:44:16 ----RD---- C:\Program Files
2011-02-16 08:41:38 ----D---- C:\Documents and Settings\nandor\Data aplikací\vlc
2011-02-16 08:18:40 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-16 08:11:06 ----SD---- C:\WINDOWS\Tasks
2011-02-15 19:28:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-15 19:28:03 ----D---- C:\Documents and Settings\nandor\Data aplikací\Skype
2011-02-15 19:24:26 ----D---- C:\Documents and Settings\nandor\Data aplikací\skypePM
2011-02-15 08:49:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2011-02-14 07:49:33 ----D---- C:\WINDOWS\Prefetch
2011-02-13 10:17:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-02-13 09:44:47 ----D---- C:\WINDOWS
2011-02-12 18:09:27 ----D---- C:\WINDOWS\Minidump
2011-02-12 18:09:27 ----D---- C:\WINDOWS\Debug
2011-02-12 18:09:27 ----D---- C:\Documents and Settings\nandor\Data aplikací\Media Player Classic
2011-02-11 13:24:38 ----SHD---- C:\WINDOWS\Installer
2011-02-11 13:24:38 ----D---- C:\Config.Msi
2011-02-11 13:23:47 ----D---- C:\WINDOWS\system32
2011-02-10 08:54:21 ----D---- C:\Program Files\Internet Explorer
2011-02-10 08:51:54 ----HD---- C:\WINDOWS\inf
2011-02-10 08:51:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-02-10 08:47:30 ----A---- C:\WINDOWS\system32\MRT.exe
2011-02-10 08:46:53 ----D---- C:\WINDOWS\ie8updates
2011-02-10 08:46:43 ----HD---- C:\WINDOWS\$hf_mig$
2011-02-05 16:52:31 ----D---- C:\Documents and Settings\nandor\Data aplikací\dvdcss
2011-02-05 16:51:17 ----A---- C:\WINDOWS\NeroDigital.ini
2011-02-01 15:49:11 ----D---- C:\WINDOWS\Microsoft.NET
2011-02-01 15:49:07 ----RSD---- C:\WINDOWS\assembly
2011-02-01 08:16:08 ----SHD---- C:\System Volume Information
2011-02-01 08:15:27 ----D---- C:\WINDOWS\system32\drivers
2011-02-01 08:13:33 ----D---- C:\WINDOWS\system32\CatRoot
2011-02-01 08:10:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-02-01 08:10:16 ----D---- C:\WINDOWS\WinSxS
2011-01-31 09:06:28 ----A---- C:\WINDOWS\system.ini
2011-01-31 09:05:52 ----D---- C:\WINDOWS\system32\drivers\etc
2011-01-31 09:03:55 ----D---- C:\WINDOWS\system32\config
2011-01-31 09:02:56 ----D---- C:\Program Files\Common Files
2011-01-31 09:01:55 ----D---- C:\WINDOWS\AppPatch
2011-01-31 07:50:08 ----RSD---- C:\WINDOWS\Fonts
2011-01-31 07:49:38 ----D---- C:\WINDOWS\system32\spool
2011-01-31 07:46:00 ----D---- C:\WINDOWS\system32\mui
2011-01-31 07:40:29 ----D---- C:\Program Files\Microsoft Silverlight
2011-01-31 07:32:48 ----D---- C:\Program Files\Outlook Express
2011-01-29 17:20:32 ----RASH---- C:\boot.ini
2011-01-25 12:32:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-01-23 17:05:17 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2011-01-21 15:44:07 ----A---- C:\WINDOWS\system32\shimgvw.dll
2011-01-21 15:44:07 ----A---- C:\WINDOWS\system32\shell32.dll
2011-01-21 13:54:31 ----D---- C:\WINDOWS\network diagnostic

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BtHidBus;Bluetooth HID Bus Service; C:\WINDOWS\System32\Drivers\BtHidBus.sys [2009-06-17 20744]
R0 risdptsk;risdptsk; C:\WINDOWS\system32\DRIVERS\risdptsk.sys [2005-07-14 27904]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-01-13 29392]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-01-13 100176]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys []
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-12-05 529344]
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\ATK0100\ASNDIS5.SYS []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-07-04 2304000]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-08-07 980608]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-25 193088]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-07-20 54432]
S0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys []
S3 btnetBUs;Bluetooth PAN Bus Service; C:\WINDOWS\System32\Drivers\btnetBus.sys [2009-06-17 29192]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\nandor\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 ipswuio;ipswuio; C:\WINDOWS\System32\DRIVERS\ipswuio.sys [2006-12-08 39408]
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2009-06-17 25480]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNP325;USB PC Camera (SNPSTD325); C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-05-07 10343168]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-08-24 38656]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2006-11-17 360533]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-07-04 483328]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-01-08 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-17 311296]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2006-12-28 123248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-08 136176]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-12-13 820008]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]

-----------------EOF-----------------

Re: kontrola logu

Napsal: 16 úno 2011 22:18
od Roli
Nic špatného nevidím, je tedy nějaký problém s PC ?

Re: kontrola logu

Napsal: 17 úno 2011 08:47
od nandor
Tohle mě našel TrojanHUNTER(Zkušební verze) Found trojan file: C:\WINDOWS\system32\dllcache\sol.exe (Katusha.326) ------------------------------------------------------------------------------------------------------------------ Found trojan file: C:\WINDOWS\system32\sol.exe co stím? (Katusha.326)

Re: kontrola logu

Napsal: 17 úno 2011 21:04
od Roli
Řekl bych že to patří hře Solitaire která je v XPéčkách.

Může však tohle :

C:\WINDOWS\system32\sol.exe

C:\WINDOWS\system32\dllcache\sol.exe

postupně otestovat na VIRUSTOTAL

(po načtení stránky klikni na tlačítko Procházet, najdi cestu k výše zmíněnému souboru a klikni na tlačítko Odeslat soubor

trvá to okolo deseti minut pak mi sem zkopíruj link, to je ten řádek nahoře v prohlížeči)

Pokud ti to napíše že soubor již byl testován nech otestovat znovu.

Re: kontrola logu

Napsal: 18 úno 2011 10:42
od nandor
Zdravím,tak tady to je.http://www.virustotal.com/file-scan/rep ... 1298021786

Re: kontrola logu

Napsal: 18 úno 2011 22:00
od Roli
Tak že mylná detekce :wink:

Pro klid duše použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!

Re: kontrola logu

Napsal: 19 úno 2011 12:22
od nandor
Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Verze databáze: 5808

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19.2.2011 12:16:51
mbam-log-2011-02-19 (12-15-58).txt

Typ kontroly: Rychlý test
Testované objekty: 171361
Uplynulý čas: 11 minut, 20 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 5
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 1
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> No action taken.
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
c:\documents and settings\nandor\application data\smart security (Rogue.SmartSecurity) -> No action taken.

Infikované soubory:
c:\WINDOWS\system32\secushr.dat (Malware.Trace) -> No action taken.
c:\documents and settings\nandor\application data\smart security\cookies.sqlite (Rogue.SmartSecurity) -> No action taken. Tady je úplný test Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5808

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19.2.2011 13:07:28
mbam-log-2011-02-19 (13-07-06).txt

Typ kontroly: Úplný test (C:\|D:\|E:\|I:\|)
Testované objekty: 211874
Uplynulý čas: 26 minut, 42 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 5
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 1
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> No action taken.
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
c:\documents and settings\nandor\application data\smart security (Rogue.SmartSecurity) -> No action taken.

Infikované soubory:
c:\WINDOWS\system32\secushr.dat (Malware.Trace) -> No action taken.
c:\documents and settings\nandor\application data\smart security\cookies.sqlite (Rogue.SmartSecurity) -> No action taken.

Re: kontrola logu

Napsal: 19 úno 2011 23:03
od Roli
To co Mbam našel nech smazat.

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

Re: kontrola logu

Napsal: 20 úno 2011 13:06
od nandor
ComboFix 11-02-19.02 - nandor 2011-02-20 12:27:14.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1919.1429 [GMT 1:00]
Spuštěný z: c:\documents and settings\nandor\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\nandor\Dokumenty\cc_20110202_084400.reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-20 do 2011-02-20 )))))))))))))))))))))))))))))))
.

2011-02-16 08:05 . 2011-02-16 08:05 -------- d-----w- C:\rsit
2011-01-31 06:50 . 2011-01-31 06:50 -------- d-----w- c:\windows\system32\XPSViewer
2011-01-31 06:50 . 2011-01-31 06:50 -------- d-----w- c:\program files\MSBuild
2011-01-31 06:49 . 2011-01-31 06:49 -------- d-----w- c:\program files\Reference Assemblies
2011-01-31 06:49 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-01-31 06:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-01-31 06:49 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-01-31 06:49 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-01-31 06:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-01-31 06:49 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-01-31 06:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-01-31 06:49 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-01-31 06:49 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-01-31 06:28 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-01-31 06:28 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-31 06:28 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-01-31 06:28 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-31 06:27 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-31 06:25 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-01-31 06:25 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-01-29 16:46 . 2011-01-29 16:46 -------- d-----r- c:\documents and settings\NetworkService\Oblíbené položky
2011-01-27 18:30 . 2011-01-27 18:30 -------- d-----w- c:\documents and settings\nandor\Data aplikací\TrojanHunter
2011-01-27 17:35 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-01-27 17:35 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-01-27 17:35 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-01-27 17:35 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-01-27 17:35 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-01-27 17:35 . 2011-01-27 17:35 -------- d-----w- c:\documents and settings\nandor\Data aplikací\Simply Super Software
2011-01-27 17:35 . 2011-01-27 17:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Simply Super Software
2011-01-21 14:44 . 2011-01-21 14:44 440320 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2001-10-25 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 08:47 . 2010-11-12 17:42 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-11-12 17:42 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-11-12 17:43 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-11-12 17:43 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-11-12 17:43 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-11-12 17:43 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-11-12 17:43 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-11-12 17:43 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-11-12 17:43 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-08 17:04 . 2011-01-08 17:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2011-01-08 17:04 . 2009-07-08 19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-07 14:09 . 2001-10-25 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2009-02-06 10:27 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2001-10-25 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2001-10-25 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2009-02-07 10:45 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2009-03-14 09:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-03-14 09:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2009-02-06 10:31 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2009-02-07 10:45 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2009-02-07 10:45 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2009-02-07 10:45 2071552 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 2009-02-07 10:45 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2008-10-05 14:42 . 2010-03-04 18:28 4345856 ----a-w- c:\program files\mplayerc.exe
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MultiFrame"="c:\program files\ASUS\ASUS MultiFrame\MultiFrame.exe" [2007-02-09 999792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"Net4Switch"="c:\program files\ASUS\Net4Switch\Net4Switch.exe" [2006-12-07 1143152]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-01-16 843776]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2006-11-29 1011712]
"ACU"="c:\program files\Atheros\ACU.exe" [2006-11-17 348249]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-07 573440]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Orbit.lnk - e:\orbitdownloader\orbitdm.exe [2010-4-3 1805584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Orbitdownloader\\orbitdm.exe"=
"e:\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9533:TCP"= 9533:TCP:spport

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-01-07 20744]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-12 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-12 17744]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 136176]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-07 29192]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [2009-02-07 39408]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 25480]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [2009-02-08 10343168]
.
Obsah adresáře 'Naplánované úlohy'

2011-02-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-06 12:30]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 11:45]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 11:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://intranet.humlak.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - e:\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - e:\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - e:\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - e:\orbitdownloader\orbitmxt.dll/202
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: kuaiche.com\software
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: {ABDC1272-0810-4CE5-9697-24EA9355FB52} = 1.1.1.1,1.1.1.254
FF - ProfilePath - c:\documents and settings\nandor\Data aplikací\Mozilla\Firefox\Profiles\rk4yqje9.default\
FF - prefs.js: browser.startup.homepage - hxxp://intranet humlak.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 12:31
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):7f,47,02,a4,c5,3c,7c,6a,02,3e,6e,58,d0,99,0c,dd,3d,2b,f5,5c,1d,
0d,9e,f8,ea,a0,76,d5,fa,f0,7c,f1,3d,d5,a1,73,1a,1b,6c,39,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f95f2818-c96c-4450-919f-768380b43164}]
@Denied: (Full) (Everyone)
"Model"=dword:00000049
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,29,53,01,52,53,ee,8c,54,87,ab,43,49,75,27,93,27,83,e0,8b,c5,07,bb,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-02-20 12:33:42
ComboFix-quarantined-files.txt 2011-02-20 11:33
ComboFix2.txt 2011-01-31 08:09

Před spuštěním: 3,175,231,488
Po spuštění: 3,137,769,472

- - End Of File - - 44FE703104F1470CAAFCA7D8FDA92C83
ComboFix 11-02-19.02 - nandor 2011-02-20 12:27:14.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1919.1429 [GMT 1:00]
Spuštěný z: c:\documents and settings\nandor\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\nandor\Dokumenty\cc_20110202_084400.reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-20 do 2011-02-20 )))))))))))))))))))))))))))))))
.

2011-02-16 08:05 . 2011-02-16 08:05 -------- d-----w- C:\rsit
2011-01-31 06:50 . 2011-01-31 06:50 -------- d-----w- c:\windows\system32\XPSViewer
2011-01-31 06:50 . 2011-01-31 06:50 -------- d-----w- c:\program files\MSBuild
2011-01-31 06:49 . 2011-01-31 06:49 -------- d-----w- c:\program files\Reference Assemblies
2011-01-31 06:49 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-01-31 06:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-01-31 06:49 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-01-31 06:49 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-01-31 06:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-01-31 06:49 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-01-31 06:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-01-31 06:49 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-01-31 06:49 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-01-31 06:28 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-01-31 06:28 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-31 06:28 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-01-31 06:28 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-31 06:27 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-31 06:25 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-01-31 06:25 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-01-29 16:46 . 2011-01-29 16:46 -------- d-----r- c:\documents and settings\NetworkService\Oblíbené položky
2011-01-27 18:30 . 2011-01-27 18:30 -------- d-----w- c:\documents and settings\nandor\Data aplikací\TrojanHunter
2011-01-27 17:35 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-01-27 17:35 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-01-27 17:35 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-01-27 17:35 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-01-27 17:35 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-01-27 17:35 . 2011-01-27 17:35 -------- d-----w- c:\documents and settings\nandor\Data aplikací\Simply Super Software
2011-01-27 17:35 . 2011-01-27 17:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Simply Super Software
2011-01-21 14:44 . 2011-01-21 14:44 440320 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2001-10-25 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 08:47 . 2010-11-12 17:42 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-11-12 17:42 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-11-12 17:43 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-11-12 17:43 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-11-12 17:43 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-11-12 17:43 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-11-12 17:43 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-11-12 17:43 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-11-12 17:43 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-08 17:04 . 2011-01-08 17:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2011-01-08 17:04 . 2009-07-08 19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-07 14:09 . 2001-10-25 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2009-02-06 10:27 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2001-10-25 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2001-10-25 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2009-02-07 10:45 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2009-03-14 09:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-03-14 09:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2009-02-06 10:31 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2009-02-07 10:45 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2009-02-07 10:45 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2009-02-07 10:45 2071552 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 2009-02-07 10:45 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2008-10-05 14:42 . 2010-03-04 18:28 4345856 ----a-w- c:\program files\mplayerc.exe
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MultiFrame"="c:\program files\ASUS\ASUS MultiFrame\MultiFrame.exe" [2007-02-09 999792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"Net4Switch"="c:\program files\ASUS\Net4Switch\Net4Switch.exe" [2006-12-07 1143152]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-01-16 843776]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2006-11-29 1011712]
"ACU"="c:\program files\Atheros\ACU.exe" [2006-11-17 348249]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-07 573440]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Orbit.lnk - e:\orbitdownloader\orbitdm.exe [2010-4-3 1805584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Orbitdownloader\\orbitdm.exe"=
"e:\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9533:TCP"= 9533:TCP:spport

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-01-07 20744]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-12 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-12 17744]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 136176]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-07 29192]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [2009-02-07 39408]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 25480]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [2009-02-08 10343168]
.
Obsah adresáře 'Naplánované úlohy'

2011-02-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-06 12:30]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 11:45]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 11:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://intranet.humlak.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - e:\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - e:\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - e:\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - e:\orbitdownloader\orbitmxt.dll/202
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: kuaiche.com\software
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: {ABDC1272-0810-4CE5-9697-24EA9355FB52} = 1.1.1.1,1.1.1.254
FF - ProfilePath - c:\documents and settings\nandor\Data aplikací\Mozilla\Firefox\Profiles\rk4yqje9.default\
FF - prefs.js: browser.startup.homepage - hxxp://intranet humlak.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 12:31
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):7f,47,02,a4,c5,3c,7c,6a,02,3e,6e,58,d0,99,0c,dd,3d,2b,f5,5c,1d,
0d,9e,f8,ea,a0,76,d5,fa,f0,7c,f1,3d,d5,a1,73,1a,1b,6c,39,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f95f2818-c96c-4450-919f-768380b43164}]
@Denied: (Full) (Everyone)
"Model"=dword:00000049
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,29,53,01,52,53,ee,8c,54,87,ab,43,49,75,27,93,27,83,e0,8b,c5,07,bb,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-02-20 12:33:42
ComboFix-quarantined-files.txt 2011-02-20 11:33
ComboFix2.txt 2011-01-31 08:09

Před spuštěním: 3,175,231,488
Po spuštění: 3,137,769,472

- - End Of File - - 44FE703104F1470CAAFCA7D8FDA92C83
ComboFix 11-02-19.02 - nandor 2011-02-20 12:27:14.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1919.1429 [GMT 1:00]
Spuštěný z: c:\documents and settings\nandor\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\nandor\Dokumenty\cc_20110202_084400.reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-20 do 2011-02-20 )))))))))))))))))))))))))))))))
.

2011-02-16 08:05 . 2011-02-16 08:05 -------- d-----w- C:\rsit
2011-01-31 06:50 . 2011-01-31 06:50 -------- d-----w- c:\windows\system32\XPSViewer
2011-01-31 06:50 . 2011-01-31 06:50 -------- d-----w- c:\program files\MSBuild
2011-01-31 06:49 . 2011-01-31 06:49 -------- d-----w- c:\program files\Reference Assemblies
2011-01-31 06:49 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-01-31 06:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-01-31 06:49 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-01-31 06:49 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-01-31 06:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-01-31 06:49 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-01-31 06:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-01-31 06:49 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-01-31 06:49 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-01-31 06:28 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-01-31 06:28 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-31 06:28 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-01-31 06:28 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-31 06:27 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-31 06:25 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-01-31 06:25 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-01-29 16:46 . 2011-01-29 16:46 -------- d-----r- c:\documents and settings\NetworkService\Oblíbené položky
2011-01-27 18:30 . 2011-01-27 18:30 -------- d-----w- c:\documents and settings\nandor\Data aplikací\TrojanHunter
2011-01-27 17:35 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-01-27 17:35 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-01-27 17:35 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-01-27 17:35 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-01-27 17:35 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-01-27 17:35 . 2011-01-27 17:35 -------- d-----w- c:\documents and settings\nandor\Data aplikací\Simply Super Software
2011-01-27 17:35 . 2011-01-27 17:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Simply Super Software
2011-01-21 14:44 . 2011-01-21 14:44 440320 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2001-10-25 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 08:47 . 2010-11-12 17:42 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-11-12 17:42 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-11-12 17:43 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-11-12 17:43 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-11-12 17:43 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-11-12 17:43 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-11-12 17:43 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-11-12 17:43 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-11-12 17:43 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-08 17:04 . 2011-01-08 17:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2011-01-08 17:04 . 2009-07-08 19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-07 14:09 . 2001-10-25 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2009-02-06 10:27 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2001-10-25 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2001-10-25 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2009-02-07 10:45 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2009-03-14 09:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-03-14 09:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2009-02-06 10:31 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2009-02-07 10:45 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2009-02-07 10:45 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2009-02-07 10:45 2071552 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 2009-02-07 10:45 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2008-10-05 14:42 . 2010-03-04 18:28 4345856 ----a-w- c:\program files\mplayerc.exe
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MultiFrame"="c:\program files\ASUS\ASUS MultiFrame\MultiFrame.exe" [2007-02-09 999792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"Net4Switch"="c:\program files\ASUS\Net4Switch\Net4Switch.exe" [2006-12-07 1143152]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-01-16 843776]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2006-11-29 1011712]
"ACU"="c:\program files\Atheros\ACU.exe" [2006-11-17 348249]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-07 573440]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Orbit.lnk - e:\orbitdownloader\orbitdm.exe [2010-4-3 1805584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Orbitdownloader\\orbitdm.exe"=
"e:\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9533:TCP"= 9533:TCP:spport

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-01-07 20744]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-12 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-12 17744]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 136176]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-07 29192]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [2009-02-07 39408]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 25480]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [2009-02-08 10343168]
.
Obsah adresáře 'Naplánované úlohy'

2011-02-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-06 12:30]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 11:45]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 11:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://intranet.humlak.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - e:\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - e:\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - e:\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - e:\orbitdownloader\orbitmxt.dll/202
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: kuaiche.com\software
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: {ABDC1272-0810-4CE5-9697-24EA9355FB52} = 1.1.1.1,1.1.1.254
FF - ProfilePath - c:\documents and settings\nandor\Data aplikací\Mozilla\Firefox\Profiles\rk4yqje9.default\
FF - prefs.js: browser.startup.homepage - hxxp://intranet humlak.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 12:31
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):7f,47,02,a4,c5,3c,7c,6a,02,3e,6e,58,d0,99,0c,dd,3d,2b,f5,5c,1d,
0d,9e,f8,ea,a0,76,d5,fa,f0,7c,f1,3d,d5,a1,73,1a,1b,6c,39,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f95f2818-c96c-4450-919f-768380b43164}]
@Denied: (Full) (Everyone)
"Model"=dword:00000049
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,29,53,01,52,53,ee,8c,54,87,ab,43,49,75,27,93,27,83,e0,8b,c5,07,bb,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-02-20 12:33:42
ComboFix-quarantined-files.txt 2011-02-20 11:33
ComboFix2.txt 2011-01-31 08:09

Před spuštěním: 3,175,231,488
Po spuštění: 3,137,769,472

- - End Of File - - 44FE703104F1470CAAFCA7D8FDA92C83
ComboFix 11-02-19.02 - nandor 2011-02-20 12:27:14.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1919.1429 [GMT 1:00]
Spuštěný z: c:\documents and settings\nandor\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\nandor\Dokumenty\cc_20110202_084400.reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-20 do 2011-02-20 )))))))))))))))))))))))))))))))
.

2011-02-16 08:05 . 2011-02-16 08:05 -------- d-----w- C:\rsit
2011-01-31 06:50 . 2011-01-31 06:50 -------- d-----w- c:\windows\system32\XPSViewer
2011-01-31 06:50 . 2011-01-31 06:50 -------- d-----w- c:\program files\MSBuild
2011-01-31 06:49 . 2011-01-31 06:49 -------- d-----w- c:\program files\Reference Assemblies
2011-01-31 06:49 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-01-31 06:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-01-31 06:49 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-01-31 06:49 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-01-31 06:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-01-31 06:49 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-01-31 06:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-01-31 06:49 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-01-31 06:49 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-01-31 06:28 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-01-31 06:28 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-31 06:28 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-01-31 06:28 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-31 06:27 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-31 06:25 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-01-31 06:25 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-01-29 16:46 . 2011-01-29 16:46 -------- d-----r- c:\documents and settings\NetworkService\Oblíbené položky
2011-01-27 18:30 . 2011-01-27 18:30 -------- d-----w- c:\documents and settings\nandor\Data aplikací\TrojanHunter
2011-01-27 17:35 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-01-27 17:35 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-01-27 17:35 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-01-27 17:35 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-01-27 17:35 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-01-27 17:35 . 2011-01-27 17:35 -------- d-----w- c:\documents and settings\nandor\Data aplikací\Simply Super Software
2011-01-27 17:35 . 2011-01-27 17:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Simply Super Software
2011-01-21 14:44 . 2011-01-21 14:44 440320 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2001-10-25 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 08:47 . 2010-11-12 17:42 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-11-12 17:42 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-11-12 17:43 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-11-12 17:43 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-11-12 17:43 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-11-12 17:43 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-11-12 17:43 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-11-12 17:43 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-11-12 17:43 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-08 17:04 . 2011-01-08 17:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2011-01-08 17:04 . 2009-07-08 19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-07 14:09 . 2001-10-25 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2009-02-06 10:27 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2001-10-25 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2001-10-25 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2009-02-07 10:45 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2009-03-14 09:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-03-14 09:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2009-02-06 10:31 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2009-02-07 10:45 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2009-02-07 10:45 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2009-02-07 10:45 2071552 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 2009-02-07 10:45 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2008-10-05 14:42 . 2010-03-04 18:28 4345856 ----a-w- c:\program files\mplayerc.exe
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MultiFrame"="c:\program files\ASUS\ASUS MultiFrame\MultiFrame.exe" [2007-02-09 999792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"Net4Switch"="c:\program files\ASUS\Net4Switch\Net4Switch.exe" [2006-12-07 1143152]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-01-16 843776]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2006-11-29 1011712]
"ACU"="c:\program files\Atheros\ACU.exe" [2006-11-17 348249]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-07 573440]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Orbit.lnk - e:\orbitdownloader\orbitdm.exe [2010-4-3 1805584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Orbitdownloader\\orbitdm.exe"=
"e:\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9533:TCP"= 9533:TCP:spport

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-01-07 20744]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-12 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-12 17744]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 136176]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-07 29192]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [2009-02-07 39408]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 25480]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [2009-02-08 10343168]
.
Obsah adresáře 'Naplánované úlohy'

2011-02-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-06 12:30]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 11:45]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 11:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://intranet.humlak.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - e:\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - e:\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - e:\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - e:\orbitdownloader\orbitmxt.dll/202
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: kuaiche.com\software
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: {ABDC1272-0810-4CE5-9697-24EA9355FB52} = 1.1.1.1,1.1.1.254
FF - ProfilePath - c:\documents and settings\nandor\Data aplikací\Mozilla\Firefox\Profiles\rk4yqje9.default\
FF - prefs.js: browser.startup.homepage - hxxp://intranet humlak.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 12:31
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):7f,47,02,a4,c5,3c,7c,6a,02,3e,6e,58,d0,99,0c,dd,3d,2b,f5,5c,1d,
0d,9e,f8,ea,a0,76,d5,fa,f0,7c,f1,3d,d5,a1,73,1a,1b,6c,39,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f95f2818-c96c-4450-919f-768380b43164}]
@Denied: (Full) (Everyone)
"Model"=dword:00000049
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,29,53,01,52,53,ee,8c,54,87,ab,43,49,75,27,93,27,83,e0,8b,c5,07,bb,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-02-20 12:33:42
ComboFix-quarantined-files.txt 2011-02-20 11:33
ComboFix2.txt 2011-01-31 08:09

Před spuštěním: 3,175,231,488
Po spuštění: 3,137,769,472

- - End Of File - - 44FE703104F1470CAAFCA7D8FDA92C83

Re: kontrola logu

Napsal: 20 úno 2011 22:05
od Roli
Jejda ten log mi stačil jednou :)

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Pak dej vědět jaký je stav PC.

Re: kontrola logu

Napsal: 21 úno 2011 09:20
od nandor
Zdravím,nejde mě odinstalovat ComboFix.Udělá to sken a pak to vyhodí log a nic víc.

Re: kontrola logu

Napsal: 21 úno 2011 22:31
od Roli
Ten příkaz musí být naprosto přesně :

ComboFixmezera/Uninstall

jinak to nefunguje.

Když nepůjde ani tak, použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz