pomoc s rootkity
Napsal: 25 bře 2011 22:53
Mám v PC rootkity a právě provádám testy odtud: http://www.viry.cz/forum/viewtopic.php?t=14396
Stránka 1 z 2
Re: pomoc s rootkity
Napsal: 25 bře 2011 23:01
V prvé řadě dejte log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 .
Re: pomoc s rootkity
Napsal: 25 bře 2011 23:16
tady to je:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Notebook at 2011-03-25 23:10:36
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 14 GB (25%) free of 57 GB
Total RAM: 2046 MB (65% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3720071028-3605379181-3956395870-1005Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3720071028-3605379181-3956395870-1005UA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll [2011-01-28 726016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll [2011-01-28 726016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAEB27B6-FFA6-417F-B060-C5413E6269AA}]
foxy - C:\Documents and Settings\Notebook\Data aplikací\foxydeal\IE\foxyDeal.dll [2010-02-19 518144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2007-06-14 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2007-06-14 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
YouTube Downloader Toolbar - C:\Program Files\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll [2011-01-28 726016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20 988480]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll []
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
{F3FEE66E-E034-436a-86E4-9690573BEE8A} - YouTube Downloader Toolbar - C:\Program Files\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll [2011-01-28 726016]
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll [2011-01-28 726016]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll [2011-01-28 726016]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-13 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-13 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-13 118784]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"Document Manager"=C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe [2006-09-08 102400]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-02-20 1191936]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup []
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start []
"NVHotkey"=nvHotkey.dll,Start []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-02-22 13508608]
"nwiz"=nwiz.exe /installquiet []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-02-22 86016]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-12-06 1910152]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-01-28 526336]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-23 30192]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"Google Update"=C:\Documents and Settings\Notebook\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2007-06-14 136176]
"ModemOnHold"=C:\Program Files\NetWaiting\NetWaiting.exe [2003-09-10 20480]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2x-Office.lnk - C:\Program Files\Juchin\Office Mouse\Juchin Mouse.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wxvault.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Notebook\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\Notebook\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"G:\Battlefield Vietnam\bfvietnam.exe"="G:\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Notebook\Plocha\Nová složka (3)\Heroes3_C_crked.exe"="C:\Documents and Settings\Notebook\Plocha\Nová složka (3)\Heroes3_C_crked.exe:*:Enabled:Heroes of Might and Magic® III"
"C:\Documents and Settings\Notebook\Dokumenty\Downloads\Vietcong -Unzip.2.UR.Games.nPlay\vietcong.exe"="C:\Documents and Settings\Notebook\Dokumenty\Downloads\Vietcong -Unzip.2.UR.Games.nPlay\vietcong.exe:*:Enabled:vietcong"
"C:\Program Files\Vietcong\Vietcong.exe"="C:\Program Files\Vietcong\Vietcong.exe:*:Enabled:Vietcong"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Atari\ArmA Demo\ArmADemo.exe"="C:\Program Files\Atari\ArmA Demo\ArmADemo.exe:*:Enabled:ArmA Demo"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2011-03-25 23:10:36 ----D---- C:\rsit
2011-03-25 23:10:36 ----D---- C:\Program Files\trend micro
2011-03-25 17:57:04 ----A---- C:\WINDOWS\system32\04.tmp
2011-03-25 09:46:50 ----D---- C:\Program Files\CCleaner
2011-03-24 01:14:00 ----D---- C:\Documents and Settings\Notebook\Data aplikací\dvdcss
2011-03-22 17:24:06 ----D---- C:\Program Files\GIMP-2.0
2011-03-22 12:30:58 ----D---- C:\Documents and Settings\Notebook\Data aplikací\Mozilla
2011-03-21 16:30:52 ----D---- C:\Documents and Settings\Notebook\Data aplikací\PSpad
2011-03-21 16:30:42 ----D---- C:\Program Files\PSPad editor
2011-03-21 15:40:02 ----D---- C:\Program Files\FlashFXP 4
2011-03-21 15:40:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\FlashFXP
2011-03-21 15:33:13 ----D---- C:\Documents and Settings\Notebook\Data aplikací\GlobalSCAPE
2011-03-21 15:33:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\GlobalSCAPE
2011-03-21 12:38:42 ----D---- C:\Program Files\Ask.com
2011-03-21 12:38:28 ----D---- C:\Program Files\GlobalSCAPE
2011-03-21 12:37:51 ----D---- C:\Documents and Settings\Notebook\Data aplikací\FileZilla
2011-03-21 12:37:36 ----D---- C:\Program Files\FileZilla FTP Client
2011-03-20 12:55:40 ----D---- C:\Program Files\Microsoft Games
2011-03-20 01:38:37 ----D---- C:\Program Files\Common Files\DirectX
2011-03-20 01:37:58 ----D---- C:\Documents and Settings\Notebook\Data aplikací\WarlockStudio
2011-03-19 00:41:25 ----D---- C:\Documents and Settings\Notebook\Data aplikací\vlc
2011-03-13 00:27:31 ----D---- C:\Documents and Settings\Notebook\Data aplikací\gtk-2.0
2011-03-11 17:01:23 ----D---- C:\Program Files\pdfforge Toolbar
2011-03-11 17:00:29 ----A---- C:\WINDOWS\system32\pdfcmnnt.dll
2011-03-11 17:00:27 ----D---- C:\Program Files\PDFCreator
2011-03-11 17:00:27 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL
2011-03-11 16:04:22 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2011-03-11 16:04:22 ----A---- C:\WINDOWS\system32\hpgtmcro.dll
2011-03-11 16:04:22 ----A---- C:\WINDOWS\system32\hpgt34tk.dll
2011-03-11 16:04:06 ----A---- C:\WINDOWS\system32\hpgt34.dll
2011-03-11 16:04:05 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2011-03-11 10:12:29 ----D---- C:\Program Files\OpenAL
2011-03-11 10:09:36 ----D---- C:\Program Files\Atari
2011-03-10 20:29:06 ----D---- C:\DUKE3D
2011-03-10 20:19:19 ----A---- C:\WINDOWS\system32\hidserv.dll
2011-03-10 20:19:16 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2011-03-10 20:19:05 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2011-03-08 18:25:19 ----A---- C:\WINDOWS\system32\Juchinsetmenu.exe
2011-03-08 18:25:18 ----A---- C:\WINDOWS\system32\drivers\Juchin.sys
2011-03-07 12:22:49 ----D---- C:\Program Files\Codemasters
2011-03-07 08:03:00 ----D---- C:\Program Files\Empire Interactive
2011-03-07 07:41:35 ----A---- C:\WINDOWS\mtstack.INI
2011-03-07 00:02:36 ----D---- C:\Program Files\JFDuke3D
2011-03-06 23:25:09 ----D---- C:\Documents and Settings\Notebook\Data aplikací\Help
2011-03-06 23:24:24 ----D---- C:\WINDOWS\OCCACHE
2011-03-06 23:24:10 ----D---- C:\Program Files\Common Files\Autodesk Shared
2011-03-06 23:24:09 ----A---- C:\WINDOWS\system32\TEXTUREW.DLL
2011-03-06 23:24:09 ----A---- C:\WINDOWS\system32\MTLW.DLL
2011-03-06 23:24:09 ----A---- C:\WINDOWS\system32\HEIDIW.DLL
2011-03-06 23:24:08 ----A---- C:\WINDOWS\system32\WHIPTKW.DLL
2011-03-06 23:24:08 ----A---- C:\WINDOWS\system32\DLLONGW.DLL
2011-03-06 23:24:07 ----A---- C:\WINDOWS\system32\HDIMON.DLL
2011-03-06 23:24:06 ----A---- C:\WINDOWS\system32\MTSTACK.EXE
2011-03-06 23:24:06 ----A---- C:\WINDOWS\system32\ADRESC.DLL
2011-03-06 23:24:05 ----A---- C:\WINDOWS\system32\ACLTFICN.DLL
2011-03-06 23:23:14 ----HD---- C:\C_DILLA
2011-03-06 23:22:57 ----D---- C:\Program Files\AcadLT 2000 Trial
2011-03-06 23:22:46 ----A---- C:\WINDOWS\uninst.exe
2011-03-05 00:57:45 ----D---- C:\Program Files\Dealio Toolbar
2011-03-03 17:46:15 ----A---- C:\WINDOWS\system32\ZTAG.DLL
2011-03-03 17:46:15 ----A---- C:\WINDOWS\system32\ZSPOOL.DLL
2011-03-03 17:46:15 ----A---- C:\WINDOWS\system32\ZSHP1020.EXE
2011-03-03 17:46:15 ----A---- C:\WINDOWS\system32\ZLhp1020.DLL
2011-03-03 17:46:15 ----A---- C:\WINDOWS\system32\ZIMF.DLL
2011-03-03 17:46:13 ----D---- C:\Program Files\Hewlett-Packard
2011-03-03 17:27:07 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2011-03-03 08:52:43 ----D---- C:\Documents and Settings\Notebook\Data aplikací\Google
2011-03-03 08:21:15 ----D---- C:\Program Files\EAGLE-5.11.0
2011-03-03 08:21:09 ----D---- C:\Documents and Settings\Notebook\Data aplikací\CadSoft
2011-03-03 00:06:01 ----A---- C:\WINDOWS\MeterBasic Uninstaller.exe
2011-03-03 00:06:00 ----D---- C:\Program Files\MeterBasic
2011-03-03 00:04:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Hagel Technologies
2011-03-02 23:56:13 ----A---- C:\WINDOWS\Meter Uninstaller.exe
2011-03-02 23:56:09 ----D---- C:\Program Files\Meter
2011-02-28 08:51:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\id Software
2011-02-26 15:34:54 ----D---- C:\Documents and Settings\Notebook\Data aplikací\.minecraft
======List of files/folders modified in the last 1 months======
2011-03-25 23:10:36 ----RD---- C:\Program Files
2011-03-25 23:01:00 ----D---- C:\Documents and Settings\Notebook\Data aplikací\.purple
2011-03-25 22:58:24 ----D---- C:\WINDOWS\Prefetch
2011-03-25 22:10:54 ----D---- C:\WINDOWS\Temp
2011-03-25 17:58:40 ----D---- C:\WINDOWS\system32
2011-03-25 17:58:36 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-25 17:58:36 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2011-03-25 17:58:12 ----D---- C:\WINDOWS
2011-03-25 14:46:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-25 13:51:43 ----D---- C:\WINDOWS\system32\drivers
2011-03-25 09:51:05 ----D---- C:\WINDOWS\Minidump
2011-03-25 09:51:05 ----D---- C:\WINDOWS\Debug
2011-03-23 10:25:21 ----RSD---- C:\WINDOWS\Fonts
2011-03-23 10:12:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-03-22 00:15:17 ----D---- C:\Documents and Settings\Notebook\Data aplikací\Skype
2011-03-22 00:01:03 ----D---- C:\Documents and Settings\Notebook\Data aplikací\skypePM
2011-03-21 12:38:52 ----SHD---- C:\WINDOWS\Installer
2011-03-21 12:38:47 ----SD---- C:\WINDOWS\Tasks
2011-03-21 12:38:26 ----HD---- C:\Program Files\InstallShield Installation Information
2011-03-20 14:58:03 ----D---- C:\Documents and Settings\Notebook\Data aplikací\uTorrent
2011-03-20 12:59:58 ----D---- C:\Program Files\GameSpy Arcade
2011-03-20 12:59:46 ----D---- C:\WINDOWS\WinSxS
2011-03-20 12:55:44 ----HD---- C:\WINDOWS\inf
2011-03-20 01:38:37 ----D---- C:\Program Files\Common Files
2011-03-15 15:21:58 ----D---- C:\Program Files\DOSBox-0.74
2011-03-12 16:18:47 ----D---- C:\Program Files\Google
2011-03-11 17:01:40 ----D---- C:\WINDOWS\system32\FxsTmp
2011-03-11 16:16:30 ----SD---- C:\Documents and Settings\Notebook\Data aplikací\Microsoft
2011-03-11 16:04:51 ----RSHD---- C:\WINDOWS\system32\dllcache
2011-03-11 10:17:37 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2011-03-11 10:12:28 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2011-03-11 10:12:28 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2011-03-11 10:12:27 ----D---- C:\WINDOWS\system32\DirectX
2011-03-08 16:35:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2011-03-03 17:46:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 PBADRV;PBADRV; C:\WINDOWS\system32\drivers\pbadrv.sys [2005-12-09 18816]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-01-13 29392]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2007-06-14 218688]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2011-01-18 158736]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2011-01-18 42960]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-01-13 100176]
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2006-11-06 4096]
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\ekauio.sys [2011-01-31 12800]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-11-10 142720]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-01-28 61312]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2009-10-26 4221952]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-02-22 6658592]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2011-01-18 109328]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [2011-01-18 120208]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 Tosrfcom;Tosrfcom; C:\WINDOWS\system32\drivers\Tosrfcom.sys [2005-08-01 64896]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]
S3 NETw3x32;Ovladač adaptéru Intel(R) PRO/Wireless 3945ABG pro Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-10-16 1711104]
S3 pxtdapog;pxtdapog; \??\C:\DOCUME~1\Notebook\LOCALS~1\Temp\pxtdapog.sys []
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-06-13 111232]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-05-29 60672]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-06-09 40192]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-01-28 387072]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 Ç-DillaSrv;Ç-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [1999-03-16 19456]
R2 DataSvr2;DataSvr2; C:\Program Files\Wave Systems Corp\Common\DataServer.exe [2006-09-05 315392]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2007-06-14 153376]
R2 LkCitadelServer;Lookout Citadel Server; C:\WINDOWS\system32\lkcitdl.exe [2007-01-22 695136]
R2 lkClassAds;National Instruments PSP Server Locator; C:\WINDOWS\system32\lkads.exe [2007-02-14 56096]
R2 lkTimeSync;National Instruments Time Synchronization; C:\WINDOWS\system32\lktsrv.exe [2007-02-14 64288]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2007-02-20 475136]
R2 NIDomainService;National Instruments Domain Service; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [2007-02-14 207648]
R2 niSvcLoc;NI Service Locator; C:\WINDOWS\system32\nisvcloc.exe [2007-02-21 56096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-02-22 155716]
R2 tcsd_win32.exe;NTRU Hybrid TSS v2.0.25 TCS; C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe [2006-06-12 180224]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-18 268288]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-03 136176]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-23 30192]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-11 136120]
S3 NILM License Manager;NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2007-01-29 1007616]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe []
S3 WAPSJ;WAPSJ; C:\DOCUME~1\Notebook\LOCALS~1\Temp\WAPSJ.exe [2011-03-25 547712]
S4 Bluetooth Hid Switch Service;Bluetooth Hid Switch Service; C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe [2005-08-30 188416]
-----------------EOF-----------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by Notebook at 2011-03-25 23:10:36
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 14 GB (25%) free of 57 GB
Total RAM: 2046 MB (65% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3720071028-3605379181-3956395870-1005Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3720071028-3605379181-3956395870-1005UA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll [2011-01-28 726016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll [2011-01-28 726016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAEB27B6-FFA6-417F-B060-C5413E6269AA}]
foxy - C:\Documents and Settings\Notebook\Data aplikací\foxydeal\IE\foxyDeal.dll [2010-02-19 518144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2007-06-14 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2007-06-14 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
YouTube Downloader Toolbar - C:\Program Files\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll [2011-01-28 726016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20 988480]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll []
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
{F3FEE66E-E034-436a-86E4-9690573BEE8A} - YouTube Downloader Toolbar - C:\Program Files\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll [2011-01-28 726016]
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll [2011-01-28 726016]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll [2011-01-28 726016]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-13 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-13 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-13 118784]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"Document Manager"=C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe [2006-09-08 102400]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-02-20 1191936]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup []
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start []
"NVHotkey"=nvHotkey.dll,Start []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-02-22 13508608]
"nwiz"=nwiz.exe /installquiet []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-02-22 86016]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-12-06 1910152]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-01-28 526336]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-23 30192]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"Google Update"=C:\Documents and Settings\Notebook\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2007-06-14 136176]
"ModemOnHold"=C:\Program Files\NetWaiting\NetWaiting.exe [2003-09-10 20480]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2x-Office.lnk - C:\Program Files\Juchin\Office Mouse\Juchin Mouse.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wxvault.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Notebook\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\Notebook\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"G:\Battlefield Vietnam\bfvietnam.exe"="G:\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Notebook\Plocha\Nová složka (3)\Heroes3_C_crked.exe"="C:\Documents and Settings\Notebook\Plocha\Nová složka (3)\Heroes3_C_crked.exe:*:Enabled:Heroes of Might and Magic® III"
"C:\Documents and Settings\Notebook\Dokumenty\Downloads\Vietcong -Unzip.2.UR.Games.nPlay\vietcong.exe"="C:\Documents and Settings\Notebook\Dokumenty\Downloads\Vietcong -Unzip.2.UR.Games.nPlay\vietcong.exe:*:Enabled:vietcong"
"C:\Program Files\Vietcong\Vietcong.exe"="C:\Program Files\Vietcong\Vietcong.exe:*:Enabled:Vietcong"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Atari\ArmA Demo\ArmADemo.exe"="C:\Program Files\Atari\ArmA Demo\ArmADemo.exe:*:Enabled:ArmA Demo"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2011-03-25 23:10:36 ----D---- C:\rsit
2011-03-25 23:10:36 ----D---- C:\Program Files\trend micro
2011-03-25 17:57:04 ----A---- C:\WINDOWS\system32\04.tmp
2011-03-25 09:46:50 ----D---- C:\Program Files\CCleaner
2011-03-24 01:14:00 ----D---- C:\Documents and Settings\Notebook\Data aplikací\dvdcss
2011-03-22 17:24:06 ----D---- C:\Program Files\GIMP-2.0
2011-03-22 12:30:58 ----D---- C:\Documents and Settings\Notebook\Data aplikací\Mozilla
2011-03-21 16:30:52 ----D---- C:\Documents and Settings\Notebook\Data aplikací\PSpad
2011-03-21 16:30:42 ----D---- C:\Program Files\PSPad editor
2011-03-21 15:40:02 ----D---- C:\Program Files\FlashFXP 4
2011-03-21 15:40:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\FlashFXP
2011-03-21 15:33:13 ----D---- C:\Documents and Settings\Notebook\Data aplikací\GlobalSCAPE
2011-03-21 15:33:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\GlobalSCAPE
2011-03-21 12:38:42 ----D---- C:\Program Files\Ask.com
2011-03-21 12:38:28 ----D---- C:\Program Files\GlobalSCAPE
2011-03-21 12:37:51 ----D---- C:\Documents and Settings\Notebook\Data aplikací\FileZilla
2011-03-21 12:37:36 ----D---- C:\Program Files\FileZilla FTP Client
2011-03-20 12:55:40 ----D---- C:\Program Files\Microsoft Games
2011-03-20 01:38:37 ----D---- C:\Program Files\Common Files\DirectX
2011-03-20 01:37:58 ----D---- C:\Documents and Settings\Notebook\Data aplikací\WarlockStudio
2011-03-19 00:41:25 ----D---- C:\Documents and Settings\Notebook\Data aplikací\vlc
2011-03-13 00:27:31 ----D---- C:\Documents and Settings\Notebook\Data aplikací\gtk-2.0
2011-03-11 17:01:23 ----D---- C:\Program Files\pdfforge Toolbar
2011-03-11 17:00:29 ----A---- C:\WINDOWS\system32\pdfcmnnt.dll
2011-03-11 17:00:27 ----D---- C:\Program Files\PDFCreator
2011-03-11 17:00:27 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL
2011-03-11 16:04:22 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2011-03-11 16:04:22 ----A---- C:\WINDOWS\system32\hpgtmcro.dll
2011-03-11 16:04:22 ----A---- C:\WINDOWS\system32\hpgt34tk.dll
2011-03-11 16:04:06 ----A---- C:\WINDOWS\system32\hpgt34.dll
2011-03-11 16:04:05 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2011-03-11 10:12:29 ----D---- C:\Program Files\OpenAL
2011-03-11 10:09:36 ----D---- C:\Program Files\Atari
2011-03-10 20:29:06 ----D---- C:\DUKE3D
2011-03-10 20:19:19 ----A---- C:\WINDOWS\system32\hidserv.dll
2011-03-10 20:19:16 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2011-03-10 20:19:05 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2011-03-08 18:25:19 ----A---- C:\WINDOWS\system32\Juchinsetmenu.exe
2011-03-08 18:25:18 ----A---- C:\WINDOWS\system32\drivers\Juchin.sys
2011-03-07 12:22:49 ----D---- C:\Program Files\Codemasters
2011-03-07 08:03:00 ----D---- C:\Program Files\Empire Interactive
2011-03-07 07:41:35 ----A---- C:\WINDOWS\mtstack.INI
2011-03-07 00:02:36 ----D---- C:\Program Files\JFDuke3D
2011-03-06 23:25:09 ----D---- C:\Documents and Settings\Notebook\Data aplikací\Help
2011-03-06 23:24:24 ----D---- C:\WINDOWS\OCCACHE
2011-03-06 23:24:10 ----D---- C:\Program Files\Common Files\Autodesk Shared
2011-03-06 23:24:09 ----A---- C:\WINDOWS\system32\TEXTUREW.DLL
2011-03-06 23:24:09 ----A---- C:\WINDOWS\system32\MTLW.DLL
2011-03-06 23:24:09 ----A---- C:\WINDOWS\system32\HEIDIW.DLL
2011-03-06 23:24:08 ----A---- C:\WINDOWS\system32\WHIPTKW.DLL
2011-03-06 23:24:08 ----A---- C:\WINDOWS\system32\DLLONGW.DLL
2011-03-06 23:24:07 ----A---- C:\WINDOWS\system32\HDIMON.DLL
2011-03-06 23:24:06 ----A---- C:\WINDOWS\system32\MTSTACK.EXE
2011-03-06 23:24:06 ----A---- C:\WINDOWS\system32\ADRESC.DLL
2011-03-06 23:24:05 ----A---- C:\WINDOWS\system32\ACLTFICN.DLL
2011-03-06 23:23:14 ----HD---- C:\C_DILLA
2011-03-06 23:22:57 ----D---- C:\Program Files\AcadLT 2000 Trial
2011-03-06 23:22:46 ----A---- C:\WINDOWS\uninst.exe
2011-03-05 00:57:45 ----D---- C:\Program Files\Dealio Toolbar
2011-03-03 17:46:15 ----A---- C:\WINDOWS\system32\ZTAG.DLL
2011-03-03 17:46:15 ----A---- C:\WINDOWS\system32\ZSPOOL.DLL
2011-03-03 17:46:15 ----A---- C:\WINDOWS\system32\ZSHP1020.EXE
2011-03-03 17:46:15 ----A---- C:\WINDOWS\system32\ZLhp1020.DLL
2011-03-03 17:46:15 ----A---- C:\WINDOWS\system32\ZIMF.DLL
2011-03-03 17:46:13 ----D---- C:\Program Files\Hewlett-Packard
2011-03-03 17:27:07 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2011-03-03 08:52:43 ----D---- C:\Documents and Settings\Notebook\Data aplikací\Google
2011-03-03 08:21:15 ----D---- C:\Program Files\EAGLE-5.11.0
2011-03-03 08:21:09 ----D---- C:\Documents and Settings\Notebook\Data aplikací\CadSoft
2011-03-03 00:06:01 ----A---- C:\WINDOWS\MeterBasic Uninstaller.exe
2011-03-03 00:06:00 ----D---- C:\Program Files\MeterBasic
2011-03-03 00:04:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Hagel Technologies
2011-03-02 23:56:13 ----A---- C:\WINDOWS\Meter Uninstaller.exe
2011-03-02 23:56:09 ----D---- C:\Program Files\Meter
2011-02-28 08:51:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\id Software
2011-02-26 15:34:54 ----D---- C:\Documents and Settings\Notebook\Data aplikací\.minecraft
======List of files/folders modified in the last 1 months======
2011-03-25 23:10:36 ----RD---- C:\Program Files
2011-03-25 23:01:00 ----D---- C:\Documents and Settings\Notebook\Data aplikací\.purple
2011-03-25 22:58:24 ----D---- C:\WINDOWS\Prefetch
2011-03-25 22:10:54 ----D---- C:\WINDOWS\Temp
2011-03-25 17:58:40 ----D---- C:\WINDOWS\system32
2011-03-25 17:58:36 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-25 17:58:36 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2011-03-25 17:58:12 ----D---- C:\WINDOWS
2011-03-25 14:46:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-25 13:51:43 ----D---- C:\WINDOWS\system32\drivers
2011-03-25 09:51:05 ----D---- C:\WINDOWS\Minidump
2011-03-25 09:51:05 ----D---- C:\WINDOWS\Debug
2011-03-23 10:25:21 ----RSD---- C:\WINDOWS\Fonts
2011-03-23 10:12:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-03-22 00:15:17 ----D---- C:\Documents and Settings\Notebook\Data aplikací\Skype
2011-03-22 00:01:03 ----D---- C:\Documents and Settings\Notebook\Data aplikací\skypePM
2011-03-21 12:38:52 ----SHD---- C:\WINDOWS\Installer
2011-03-21 12:38:47 ----SD---- C:\WINDOWS\Tasks
2011-03-21 12:38:26 ----HD---- C:\Program Files\InstallShield Installation Information
2011-03-20 14:58:03 ----D---- C:\Documents and Settings\Notebook\Data aplikací\uTorrent
2011-03-20 12:59:58 ----D---- C:\Program Files\GameSpy Arcade
2011-03-20 12:59:46 ----D---- C:\WINDOWS\WinSxS
2011-03-20 12:55:44 ----HD---- C:\WINDOWS\inf
2011-03-20 01:38:37 ----D---- C:\Program Files\Common Files
2011-03-15 15:21:58 ----D---- C:\Program Files\DOSBox-0.74
2011-03-12 16:18:47 ----D---- C:\Program Files\Google
2011-03-11 17:01:40 ----D---- C:\WINDOWS\system32\FxsTmp
2011-03-11 16:16:30 ----SD---- C:\Documents and Settings\Notebook\Data aplikací\Microsoft
2011-03-11 16:04:51 ----RSHD---- C:\WINDOWS\system32\dllcache
2011-03-11 10:17:37 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2011-03-11 10:12:28 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2011-03-11 10:12:28 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2011-03-11 10:12:27 ----D---- C:\WINDOWS\system32\DirectX
2011-03-08 16:35:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2011-03-03 17:46:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 PBADRV;PBADRV; C:\WINDOWS\system32\drivers\pbadrv.sys [2005-12-09 18816]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-01-13 29392]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2007-06-14 218688]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2011-01-18 158736]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2011-01-18 42960]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-01-13 100176]
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2006-11-06 4096]
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\ekauio.sys [2011-01-31 12800]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-11-10 142720]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-01-28 61312]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2009-10-26 4221952]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-02-22 6658592]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2011-01-18 109328]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [2011-01-18 120208]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 Tosrfcom;Tosrfcom; C:\WINDOWS\system32\drivers\Tosrfcom.sys [2005-08-01 64896]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]
S3 NETw3x32;Ovladač adaptéru Intel(R) PRO/Wireless 3945ABG pro Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-10-16 1711104]
S3 pxtdapog;pxtdapog; \??\C:\DOCUME~1\Notebook\LOCALS~1\Temp\pxtdapog.sys []
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-06-13 111232]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-05-29 60672]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-06-09 40192]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-01-28 387072]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 Ç-DillaSrv;Ç-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [1999-03-16 19456]
R2 DataSvr2;DataSvr2; C:\Program Files\Wave Systems Corp\Common\DataServer.exe [2006-09-05 315392]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2007-06-14 153376]
R2 LkCitadelServer;Lookout Citadel Server; C:\WINDOWS\system32\lkcitdl.exe [2007-01-22 695136]
R2 lkClassAds;National Instruments PSP Server Locator; C:\WINDOWS\system32\lkads.exe [2007-02-14 56096]
R2 lkTimeSync;National Instruments Time Synchronization; C:\WINDOWS\system32\lktsrv.exe [2007-02-14 64288]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2007-02-20 475136]
R2 NIDomainService;National Instruments Domain Service; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [2007-02-14 207648]
R2 niSvcLoc;NI Service Locator; C:\WINDOWS\system32\nisvcloc.exe [2007-02-21 56096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-02-22 155716]
R2 tcsd_win32.exe;NTRU Hybrid TSS v2.0.25 TCS; C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe [2006-06-12 180224]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-18 268288]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-03 136176]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-23 30192]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-11 136120]
S3 NILM License Manager;NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2007-01-29 1007616]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe []
S3 WAPSJ;WAPSJ; C:\DOCUME~1\Notebook\LOCALS~1\Temp\WAPSJ.exe [2011-03-25 547712]
S4 Bluetooth Hid Switch Service;Bluetooth Hid Switch Service; C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe [2005-08-30 188416]
-----------------EOF-----------------
Re: pomoc s rootkity
Napsal: 26 bře 2011 11:34
Zavirováno máte. Dejte log z ComboFix a budeme mazat:
nezadoucim kolizim s rezidentem antispywareStahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
Re: pomoc s rootkity
Napsal: 26 bře 2011 23:41
ComboFix 11-03-26.01 - Notebook 26.03.2011 23:19:06.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2046.1576 [GMT 1:00]
Spuštěný z: c:\documents and settings\Notebook\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Notebook\Data aplikací\Dealio
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\IE\4.3\config.ini
c:\program files\Dealio Toolbar\IE\4.3\deALiotoolbarie.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\pdfforge Toolbar\IE\4.3\pdFForgetoolbarie.dll
c:\program files\YouTube Downloader Toolbar\IE\4.3\yoUTubedownloadertoolbarie.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-26 do 2011-03-26 )))))))))))))))))))))))))))))))
.
.
2011-03-26 22:29 . 2011-03-26 22:29 4096 ----a-w- c:\windows\system32\05.tmp
2011-03-25 22:10 . 2011-03-25 22:10 -------- d-----w- C:\rsit
2011-03-25 22:10 . 2011-03-25 22:10 -------- d-----w- c:\program files\trend micro
2011-03-25 16:57 . 2011-03-25 16:57 4096 ----a-w- c:\windows\system32\04.tmp
2011-03-25 12:57 . 2011-03-25 12:57 -------- d-----r- c:\documents and settings\LocalService\Dokumenty
2011-03-25 08:46 . 2011-03-25 08:46 -------- d-----w- c:\program files\CCleaner
2011-03-24 00:14 . 2011-03-24 00:14 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\dvdcss
2011-03-22 16:43 . 2011-03-22 16:43 -------- d-----w- c:\documents and settings\Notebook\.thumbnails
2011-03-22 16:24 . 2011-03-25 12:53 -------- d-----w- c:\documents and settings\Notebook\.gimp-2.6
2011-03-22 16:24 . 2011-03-22 16:24 -------- d-----w- c:\program files\GIMP-2.0
2011-03-22 11:30 . 2011-03-22 11:30 -------- d-----w- c:\documents and settings\Notebook\Local Settings\Data aplikací\Mozilla
2011-03-21 15:30 . 2011-03-21 15:36 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\PSpad
2011-03-21 15:30 . 2011-03-21 15:30 -------- d-----w- c:\program files\PSPad editor
2011-03-21 14:40 . 2011-03-21 14:40 -------- d-----w- c:\program files\FlashFXP 4
2011-03-21 14:40 . 2011-03-21 14:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FlashFXP
2011-03-21 14:33 . 2011-03-21 14:33 -------- d-----w- c:\documents and settings\Notebook\Local Settings\Data aplikací\GlobalSCAPE
2011-03-21 14:33 . 2011-03-21 14:33 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\GlobalSCAPE
2011-03-21 14:33 . 2011-03-21 14:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\GlobalSCAPE
2011-03-21 11:38 . 2011-03-21 11:38 -------- d-----w- c:\program files\Ask.com
2011-03-21 11:38 . 2011-03-21 11:38 -------- d-----w- c:\program files\GlobalSCAPE
2011-03-21 11:37 . 2011-03-23 21:34 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\FileZilla
2011-03-21 11:37 . 2011-03-21 11:37 -------- d-----w- c:\program files\FileZilla FTP Client
2011-03-20 11:55 . 2011-03-20 11:55 -------- d-----w- c:\program files\Microsoft Games
2011-03-20 00:38 . 2011-03-20 00:38 -------- d-----w- c:\program files\Common Files\DirectX
2011-03-20 00:37 . 2011-03-20 00:37 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\WarlockStudio
2011-03-18 23:41 . 2011-03-18 23:44 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\vlc
2011-03-12 23:27 . 2011-03-22 22:36 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\gtk-2.0
2011-03-11 16:01 . 2011-03-11 16:01 -------- d-----w- c:\program files\pdfforge Toolbar
2011-03-11 16:00 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-03-11 16:00 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-03-11 16:00 . 2011-03-11 16:01 -------- d-----w- c:\program files\PDFCreator
2011-03-11 16:00 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-03-11 15:04 . 2001-10-24 11:25 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2011-03-11 15:04 . 2001-10-24 11:25 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-03-11 15:04 . 2001-10-24 11:24 32768 ----a-w- c:\windows\system32\hpgtmcro.dll
2011-03-11 15:04 . 2001-10-24 11:24 32768 ----a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2011-03-11 15:04 . 2001-10-24 11:24 126976 ----a-w- c:\windows\system32\hpgt34tk.dll
2011-03-11 15:04 . 2001-10-24 11:24 126976 ----a-w- c:\windows\system32\dllcache\hpgt34tk.dll
2011-03-11 15:04 . 2001-10-24 11:24 101376 ----a-w- c:\windows\system32\hpgt34.dll
2011-03-11 15:04 . 2001-10-24 11:24 101376 ----a-w- c:\windows\system32\dllcache\hpgt34.dll
2011-03-11 15:04 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-03-11 15:04 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2011-03-11 09:17 . 2011-03-11 09:17 -------- d-----w- c:\documents and settings\Notebook\Local Settings\Data aplikací\ArmA Demo
2011-03-11 09:12 . 2011-03-11 09:12 -------- d-----w- c:\program files\OpenAL
2011-03-11 09:09 . 2011-03-11 09:09 -------- d-----w- c:\program files\Atari
2011-03-10 19:29 . 2011-03-10 19:29 -------- d-----w- C:\DUKE3D
2011-03-10 19:19 . 2004-08-17 14:49 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-03-10 19:19 . 2004-08-17 14:49 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2011-03-10 19:19 . 2004-08-17 14:45 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-03-10 19:19 . 2004-08-17 14:45 14848 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-03-10 19:19 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-10 19:19 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-03-08 17:25 . 2009-04-12 08:52 81920 ----a-w- c:\windows\system32\Juchinsetmenu.exe
2011-03-08 17:25 . 2009-04-07 14:12 9984 ----a-w- c:\windows\system32\drivers\Juchin.sys
2011-03-07 11:22 . 2011-03-07 11:22 -------- d-----w- c:\program files\Codemasters
2011-03-07 07:24 . 2011-03-07 07:38 61440 ----a-r- c:\documents and settings\Notebook\Data aplikací\Microsoft\Installer\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}\flatout.exe1_853599CE1B5C4FEFB643B8F48F508EDC.exe
2011-03-07 07:24 . 2011-03-07 07:38 61440 ----a-r- c:\documents and settings\Notebook\Data aplikací\Microsoft\Installer\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}\flatout.exe_853599CE1B5C4FEFB643B8F48F508EDC.exe
2011-03-07 07:24 . 2011-03-07 07:38 61440 ----a-r- c:\documents and settings\Notebook\Data aplikací\Microsoft\Installer\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}\ARPPRODUCTICON.exe
2011-03-07 07:03 . 2011-03-07 07:20 -------- d-----w- c:\program files\Empire Interactive
2011-03-06 23:02 . 2011-03-06 23:05 -------- d-----w- c:\program files\JFDuke3D
2011-03-06 22:25 . 2011-03-06 22:25 -------- d-----w- c:\documents and settings\Notebook\Local Settings\Data aplikací\Help
2011-03-06 22:23 . 2011-03-06 22:23 -------- d-----w- C:\C_DILLA
2011-03-06 22:22 . 2011-03-06 22:24 -------- d-----w- c:\program files\AcadLT 2000 Trial
2011-03-06 22:22 . 1999-04-26 10:41 299520 ----a-w- c:\windows\uninst.exe
2011-03-06 22:22 . 2011-03-06 22:22 -------- d-----w- c:\documents and settings\Notebook\WINDOWS
2011-03-03 16:46 . 2007-12-10 07:00 61440 ----a-w- c:\windows\system32\ZIMF.DLL
2011-03-03 16:46 . 2007-12-10 07:00 57344 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ZIMFPRNT.DLL
2011-03-03 16:46 . 2007-12-10 07:00 53248 ----a-w- c:\windows\system32\ZTAG.DLL
2011-03-03 16:46 . 2007-12-10 07:00 430080 ----a-w- c:\windows\system32\ZSHP1020.EXE
2011-03-03 16:46 . 2007-12-10 07:00 106496 ----a-w- c:\windows\system32\ZSPOOL.DLL
2011-03-03 16:46 . 2007-12-10 07:00 102400 ----a-w- c:\windows\system32\ZLhp1020.DLL
2011-03-03 16:46 . 2011-03-03 16:46 -------- d-----w- c:\program files\Hewlett-Packard
2011-03-03 16:27 . 2004-08-03 22:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-03-03 16:27 . 2004-08-03 22:01 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2011-03-03 07:56 . 2011-03-03 07:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-03-03 07:51 . 2011-03-03 07:51 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2011-03-03 07:21 . 2011-03-03 07:21 -------- d-----w- c:\program files\EAGLE-5.11.0
2011-03-03 07:21 . 2011-03-03 07:21 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\CadSoft
2011-03-02 23:06 . 2011-03-02 23:06 127469 ----a-w- c:\windows\MeterBasic Uninstaller.exe
2011-03-02 23:04 . 2011-03-02 23:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Hagel Technologies
2011-03-02 23:03 . 2011-03-02 23:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Hagel Technologies
2011-03-02 22:56 . 2011-03-02 22:56 97560 ----a-w- c:\windows\Meter Uninstaller.exe
2011-03-02 22:56 . 2011-03-02 22:56 -------- d-----w- c:\program files\Meter
2011-02-28 07:51 . 2011-02-28 07:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\id Software
2011-02-26 14:34 . 2011-02-27 18:58 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\.minecraft
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-11 09:17 . 2007-06-16 00:30 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-03-11 09:12 . 2003-11-07 12:28 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-11 09:12 . 2003-11-07 12:28 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2011-01-31 21:03 . 2011-01-31 20:53 53248 ----a-w- c:\windows\unrar.dll
2011-01-31 12:30 . 2011-01-31 12:30 12800 ----a-w- c:\windows\system32\drivers\ekauio.sys
2011-01-18 16:43 . 2011-02-07 06:34 42960 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-01-18 16:43 . 2011-01-18 16:43 109328 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-01-18 16:43 . 2011-02-07 06:34 158736 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-01-18 16:43 . 2011-01-18 16:43 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2011-01-18 16:43 . 2011-01-18 16:43 120208 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-01-13 08:47 . 2011-02-01 13:26 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2011-02-01 13:26 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2011-02-01 13:26 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2011-02-01 13:26 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2011-02-01 13:26 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2011-02-01 13:26 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2011-02-01 13:26 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2011-02-01 13:26 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2011-02-01 13:26 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 10:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 16:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Notebook\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2007-06-14 136176]
"ModemOnHold"="c:\program files\NetWaiting\NetWaiting.exe" [2003-09-10 20480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 102400]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 86016]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-28 526336]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-23 30192]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
2x-Office.lnk - c:\program files\Juchin\Office Mouse\Juchin Mouse.exe [N/A]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-5 24576]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-8-25 192512]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Notebook\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Vietcong\\Vietcong.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Atari\\ArmA Demo\\ArmADemo.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2497:TCP"= 2497:TCP:jpqzg
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.2.2011 14:26 294608]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [14.6.2007 23:16 218688]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [7.2.2011 7:34 158736]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [7.2.2011 7:34 42960]
R2 Ç-DillaSrv;Ç-DillaSrv;c:\windows\system32\drivers\CDANTSRV.EXE [16.3.1999 20:49 19456]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28.1.2011 17:10 387072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.2.2011 14:26 17744]
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol;c:\windows\system32\drivers\ekauio.sys [31.1.2011 13:30 12800]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [6.12.2010 8:31 1238408]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [18.1.2011 17:43 109328]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [18.1.2011 17:43 120208]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.3.2011 8:51 136176]
S2 hfwdnynvu;dztxchipl;c:\windows\system32\svchost.exe -k netsvcs [13.9.2004 16:20 14336]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [23.2.2011 21:25 30192]
S3 WAPSJ;WAPSJ;c:\docume~1\Notebook\LOCALS~1\Temp\WAPSJ.exe --> c:\docume~1\Notebook\LOCALS~1\Temp\WAPSJ.exe [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hfwdnynvu
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 07:50]
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 07:50]
.
2011-03-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 16:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=cz&l=cs&s=bsd
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=cz&l=cs&s=bsd
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\uTorrentBar\tbuTor.dll
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\uTorrentBar\tbuTor.dll
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\uTorrentBar\tbuTor.dll
HKCU-Run-DU Meter - c:\program files\DU Meter\DUMeter.exe
HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
AddRemove-Achtung, die Kurve! - c:\program files\Achtung
AddRemove-BenchMarX - c:\program files\BenchMarX\uninstall.exe
AddRemove-Flashpoint - c:\program files\Codemasters\UnInstall.exe
AddRemove-FlightForFight - c:\program files\WarlockStudio\FlightForFight\UnInstall.exe
AddRemove-Mozilla Firefox 4.0 (x86 cs) - c:\program files\Mozilla Firefox\uninstall\helper.exe
AddRemove-uTorrentBar Toolbar - c:\progra~1\UTORRE~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-26 23:31
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hfwdnynvu]
"ServiceDll"="c:\windows\system32\vnkja.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2792)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\stsystra.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Wave Systems Corp\Common\DataServer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-03-26 23:35:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-26 22:35
.
Před spuštěním: Volných bajtů: 14 635 704 320
Po spuštění: Volných bajtů: 14 587 596 800
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8CAC0DB1B0FE97F67228D64D11BCC42C
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2046.1576 [GMT 1:00]
Spuštěný z: c:\documents and settings\Notebook\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Notebook\Data aplikací\Dealio
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\IE\4.3\config.ini
c:\program files\Dealio Toolbar\IE\4.3\deALiotoolbarie.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\pdfforge Toolbar\IE\4.3\pdFForgetoolbarie.dll
c:\program files\YouTube Downloader Toolbar\IE\4.3\yoUTubedownloadertoolbarie.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-26 do 2011-03-26 )))))))))))))))))))))))))))))))
.
.
2011-03-26 22:29 . 2011-03-26 22:29 4096 ----a-w- c:\windows\system32\05.tmp
2011-03-25 22:10 . 2011-03-25 22:10 -------- d-----w- C:\rsit
2011-03-25 22:10 . 2011-03-25 22:10 -------- d-----w- c:\program files\trend micro
2011-03-25 16:57 . 2011-03-25 16:57 4096 ----a-w- c:\windows\system32\04.tmp
2011-03-25 12:57 . 2011-03-25 12:57 -------- d-----r- c:\documents and settings\LocalService\Dokumenty
2011-03-25 08:46 . 2011-03-25 08:46 -------- d-----w- c:\program files\CCleaner
2011-03-24 00:14 . 2011-03-24 00:14 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\dvdcss
2011-03-22 16:43 . 2011-03-22 16:43 -------- d-----w- c:\documents and settings\Notebook\.thumbnails
2011-03-22 16:24 . 2011-03-25 12:53 -------- d-----w- c:\documents and settings\Notebook\.gimp-2.6
2011-03-22 16:24 . 2011-03-22 16:24 -------- d-----w- c:\program files\GIMP-2.0
2011-03-22 11:30 . 2011-03-22 11:30 -------- d-----w- c:\documents and settings\Notebook\Local Settings\Data aplikací\Mozilla
2011-03-21 15:30 . 2011-03-21 15:36 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\PSpad
2011-03-21 15:30 . 2011-03-21 15:30 -------- d-----w- c:\program files\PSPad editor
2011-03-21 14:40 . 2011-03-21 14:40 -------- d-----w- c:\program files\FlashFXP 4
2011-03-21 14:40 . 2011-03-21 14:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FlashFXP
2011-03-21 14:33 . 2011-03-21 14:33 -------- d-----w- c:\documents and settings\Notebook\Local Settings\Data aplikací\GlobalSCAPE
2011-03-21 14:33 . 2011-03-21 14:33 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\GlobalSCAPE
2011-03-21 14:33 . 2011-03-21 14:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\GlobalSCAPE
2011-03-21 11:38 . 2011-03-21 11:38 -------- d-----w- c:\program files\Ask.com
2011-03-21 11:38 . 2011-03-21 11:38 -------- d-----w- c:\program files\GlobalSCAPE
2011-03-21 11:37 . 2011-03-23 21:34 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\FileZilla
2011-03-21 11:37 . 2011-03-21 11:37 -------- d-----w- c:\program files\FileZilla FTP Client
2011-03-20 11:55 . 2011-03-20 11:55 -------- d-----w- c:\program files\Microsoft Games
2011-03-20 00:38 . 2011-03-20 00:38 -------- d-----w- c:\program files\Common Files\DirectX
2011-03-20 00:37 . 2011-03-20 00:37 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\WarlockStudio
2011-03-18 23:41 . 2011-03-18 23:44 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\vlc
2011-03-12 23:27 . 2011-03-22 22:36 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\gtk-2.0
2011-03-11 16:01 . 2011-03-11 16:01 -------- d-----w- c:\program files\pdfforge Toolbar
2011-03-11 16:00 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-03-11 16:00 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-03-11 16:00 . 2011-03-11 16:01 -------- d-----w- c:\program files\PDFCreator
2011-03-11 16:00 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-03-11 15:04 . 2001-10-24 11:25 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2011-03-11 15:04 . 2001-10-24 11:25 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-03-11 15:04 . 2001-10-24 11:24 32768 ----a-w- c:\windows\system32\hpgtmcro.dll
2011-03-11 15:04 . 2001-10-24 11:24 32768 ----a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2011-03-11 15:04 . 2001-10-24 11:24 126976 ----a-w- c:\windows\system32\hpgt34tk.dll
2011-03-11 15:04 . 2001-10-24 11:24 126976 ----a-w- c:\windows\system32\dllcache\hpgt34tk.dll
2011-03-11 15:04 . 2001-10-24 11:24 101376 ----a-w- c:\windows\system32\hpgt34.dll
2011-03-11 15:04 . 2001-10-24 11:24 101376 ----a-w- c:\windows\system32\dllcache\hpgt34.dll
2011-03-11 15:04 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-03-11 15:04 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2011-03-11 09:17 . 2011-03-11 09:17 -------- d-----w- c:\documents and settings\Notebook\Local Settings\Data aplikací\ArmA Demo
2011-03-11 09:12 . 2011-03-11 09:12 -------- d-----w- c:\program files\OpenAL
2011-03-11 09:09 . 2011-03-11 09:09 -------- d-----w- c:\program files\Atari
2011-03-10 19:29 . 2011-03-10 19:29 -------- d-----w- C:\DUKE3D
2011-03-10 19:19 . 2004-08-17 14:49 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-03-10 19:19 . 2004-08-17 14:49 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2011-03-10 19:19 . 2004-08-17 14:45 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-03-10 19:19 . 2004-08-17 14:45 14848 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-03-10 19:19 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-10 19:19 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-03-08 17:25 . 2009-04-12 08:52 81920 ----a-w- c:\windows\system32\Juchinsetmenu.exe
2011-03-08 17:25 . 2009-04-07 14:12 9984 ----a-w- c:\windows\system32\drivers\Juchin.sys
2011-03-07 11:22 . 2011-03-07 11:22 -------- d-----w- c:\program files\Codemasters
2011-03-07 07:24 . 2011-03-07 07:38 61440 ----a-r- c:\documents and settings\Notebook\Data aplikací\Microsoft\Installer\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}\flatout.exe1_853599CE1B5C4FEFB643B8F48F508EDC.exe
2011-03-07 07:24 . 2011-03-07 07:38 61440 ----a-r- c:\documents and settings\Notebook\Data aplikací\Microsoft\Installer\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}\flatout.exe_853599CE1B5C4FEFB643B8F48F508EDC.exe
2011-03-07 07:24 . 2011-03-07 07:38 61440 ----a-r- c:\documents and settings\Notebook\Data aplikací\Microsoft\Installer\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}\ARPPRODUCTICON.exe
2011-03-07 07:03 . 2011-03-07 07:20 -------- d-----w- c:\program files\Empire Interactive
2011-03-06 23:02 . 2011-03-06 23:05 -------- d-----w- c:\program files\JFDuke3D
2011-03-06 22:25 . 2011-03-06 22:25 -------- d-----w- c:\documents and settings\Notebook\Local Settings\Data aplikací\Help
2011-03-06 22:23 . 2011-03-06 22:23 -------- d-----w- C:\C_DILLA
2011-03-06 22:22 . 2011-03-06 22:24 -------- d-----w- c:\program files\AcadLT 2000 Trial
2011-03-06 22:22 . 1999-04-26 10:41 299520 ----a-w- c:\windows\uninst.exe
2011-03-06 22:22 . 2011-03-06 22:22 -------- d-----w- c:\documents and settings\Notebook\WINDOWS
2011-03-03 16:46 . 2007-12-10 07:00 61440 ----a-w- c:\windows\system32\ZIMF.DLL
2011-03-03 16:46 . 2007-12-10 07:00 57344 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ZIMFPRNT.DLL
2011-03-03 16:46 . 2007-12-10 07:00 53248 ----a-w- c:\windows\system32\ZTAG.DLL
2011-03-03 16:46 . 2007-12-10 07:00 430080 ----a-w- c:\windows\system32\ZSHP1020.EXE
2011-03-03 16:46 . 2007-12-10 07:00 106496 ----a-w- c:\windows\system32\ZSPOOL.DLL
2011-03-03 16:46 . 2007-12-10 07:00 102400 ----a-w- c:\windows\system32\ZLhp1020.DLL
2011-03-03 16:46 . 2011-03-03 16:46 -------- d-----w- c:\program files\Hewlett-Packard
2011-03-03 16:27 . 2004-08-03 22:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-03-03 16:27 . 2004-08-03 22:01 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2011-03-03 07:56 . 2011-03-03 07:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-03-03 07:51 . 2011-03-03 07:51 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2011-03-03 07:21 . 2011-03-03 07:21 -------- d-----w- c:\program files\EAGLE-5.11.0
2011-03-03 07:21 . 2011-03-03 07:21 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\CadSoft
2011-03-02 23:06 . 2011-03-02 23:06 127469 ----a-w- c:\windows\MeterBasic Uninstaller.exe
2011-03-02 23:04 . 2011-03-02 23:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Hagel Technologies
2011-03-02 23:03 . 2011-03-02 23:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Hagel Technologies
2011-03-02 22:56 . 2011-03-02 22:56 97560 ----a-w- c:\windows\Meter Uninstaller.exe
2011-03-02 22:56 . 2011-03-02 22:56 -------- d-----w- c:\program files\Meter
2011-02-28 07:51 . 2011-02-28 07:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\id Software
2011-02-26 14:34 . 2011-02-27 18:58 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\.minecraft
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-11 09:17 . 2007-06-16 00:30 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-03-11 09:12 . 2003-11-07 12:28 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-11 09:12 . 2003-11-07 12:28 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2011-01-31 21:03 . 2011-01-31 20:53 53248 ----a-w- c:\windows\unrar.dll
2011-01-31 12:30 . 2011-01-31 12:30 12800 ----a-w- c:\windows\system32\drivers\ekauio.sys
2011-01-18 16:43 . 2011-02-07 06:34 42960 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-01-18 16:43 . 2011-01-18 16:43 109328 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-01-18 16:43 . 2011-02-07 06:34 158736 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-01-18 16:43 . 2011-01-18 16:43 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2011-01-18 16:43 . 2011-01-18 16:43 120208 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-01-13 08:47 . 2011-02-01 13:26 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2011-02-01 13:26 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2011-02-01 13:26 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2011-02-01 13:26 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2011-02-01 13:26 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2011-02-01 13:26 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2011-02-01 13:26 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2011-02-01 13:26 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2011-02-01 13:26 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 10:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 16:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Notebook\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2007-06-14 136176]
"ModemOnHold"="c:\program files\NetWaiting\NetWaiting.exe" [2003-09-10 20480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 102400]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 86016]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-28 526336]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-23 30192]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
2x-Office.lnk - c:\program files\Juchin\Office Mouse\Juchin Mouse.exe [N/A]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-5 24576]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-8-25 192512]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Notebook\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Vietcong\\Vietcong.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Atari\\ArmA Demo\\ArmADemo.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2497:TCP"= 2497:TCP:jpqzg
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.2.2011 14:26 294608]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [14.6.2007 23:16 218688]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [7.2.2011 7:34 158736]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [7.2.2011 7:34 42960]
R2 Ç-DillaSrv;Ç-DillaSrv;c:\windows\system32\drivers\CDANTSRV.EXE [16.3.1999 20:49 19456]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28.1.2011 17:10 387072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.2.2011 14:26 17744]
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol;c:\windows\system32\drivers\ekauio.sys [31.1.2011 13:30 12800]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [6.12.2010 8:31 1238408]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [18.1.2011 17:43 109328]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [18.1.2011 17:43 120208]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.3.2011 8:51 136176]
S2 hfwdnynvu;dztxchipl;c:\windows\system32\svchost.exe -k netsvcs [13.9.2004 16:20 14336]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [23.2.2011 21:25 30192]
S3 WAPSJ;WAPSJ;c:\docume~1\Notebook\LOCALS~1\Temp\WAPSJ.exe --> c:\docume~1\Notebook\LOCALS~1\Temp\WAPSJ.exe [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hfwdnynvu
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 07:50]
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 07:50]
.
2011-03-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 16:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=cz&l=cs&s=bsd
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=cz&l=cs&s=bsd
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\uTorrentBar\tbuTor.dll
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\uTorrentBar\tbuTor.dll
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\uTorrentBar\tbuTor.dll
HKCU-Run-DU Meter - c:\program files\DU Meter\DUMeter.exe
HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
AddRemove-Achtung, die Kurve! - c:\program files\Achtung
AddRemove-BenchMarX - c:\program files\BenchMarX\uninstall.exe
AddRemove-Flashpoint - c:\program files\Codemasters\UnInstall.exe
AddRemove-FlightForFight - c:\program files\WarlockStudio\FlightForFight\UnInstall.exe
AddRemove-Mozilla Firefox 4.0 (x86 cs) - c:\program files\Mozilla Firefox\uninstall\helper.exe
AddRemove-uTorrentBar Toolbar - c:\progra~1\UTORRE~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-26 23:31
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hfwdnynvu]
"ServiceDll"="c:\windows\system32\vnkja.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2792)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\stsystra.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Wave Systems Corp\Common\DataServer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-03-26 23:35:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-26 22:35
.
Před spuštěním: Volných bajtů: 14 635 704 320
Po spuštění: Volných bajtů: 14 587 596 800
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8CAC0DB1B0FE97F67228D64D11BCC42C
Re: pomoc s rootkity
Napsal: 27 bře 2011 09:02
Ještě dočistíme. Otevřte poznámkový bloka zkopírujte do něj:
Uložte na plochu jako CFSCript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Collect::
c:\windows\system32\05.tmp
c:\windows\system32\04.tmp
c:\docume~1\Notebook\LOCALS~1\Temp\WAPSJ.exe
Folder::
c:\program files\Ask.com
c:\program files\pdfforge Toolbar
c:\program files\Common Files\Spigot
Driver::
hfwdnynvu
WAPSJ
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2497:TCP"=-
Re: pomoc s rootkity
Napsal: 27 bře 2011 12:17
ComboFix 11-03-26.01 - Notebook 27.03.2011 12:54:27.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2046.1606 [GMT 2:00]
Spuštěný z: c:\documents and settings\Notebook\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Notebook\Plocha\CFSCript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
file zipped: c:\windows\system32\04.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\pdfforge Toolbar
c:\program files\pdfforge Toolbar\IE\4.3\config.ini
c:\program files\pdfforge Toolbar\Res\amazon.gif
c:\program files\pdfforge Toolbar\Res\ebay.gif
c:\program files\pdfforge Toolbar\Res\icon_settings.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\Res\pdfc_icon.gif
c:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\Res\search-button-hover.gif
c:\program files\pdfforge Toolbar\Res\search-button.gif
c:\program files\pdfforge Toolbar\Res\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\Res\search-chevron.gif
c:\program files\pdfforge Toolbar\Res\search_amazon.gif
c:\program files\pdfforge Toolbar\Res\search_ebay.gif
c:\program files\pdfforge Toolbar\Res\search_yahoo.gif
c:\program files\pdfforge Toolbar\Res\widgets.xml
c:\program files\pdfforge Toolbar\WidgiHelper.exe
c:\windows\system32\04.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_HFWDNYNVU
-------\Legacy_WAPSJ
-------\Service_hfwdnynvu
-------\Service_WAPSJ
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-27 do 2011-03-27 )))))))))))))))))))))))))))))))
.
.
2011-03-25 22:10 . 2011-03-25 22:10 -------- d-----w- C:\rsit
2011-03-25 22:10 . 2011-03-25 22:10 -------- d-----w- c:\program files\trend micro
2011-03-25 12:57 . 2011-03-25 12:57 -------- d-----r- c:\documents and settings\LocalService\Dokumenty
2011-03-25 08:46 . 2011-03-25 08:46 -------- d-----w- c:\program files\CCleaner
2011-03-24 00:14 . 2011-03-24 00:14 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\dvdcss
2011-03-22 16:43 . 2011-03-22 16:43 -------- d-----w- c:\documents and settings\Notebook\.thumbnails
2011-03-22 16:24 . 2011-03-25 12:53 -------- d-----w- c:\documents and settings\Notebook\.gimp-2.6
2011-03-22 16:24 . 2011-03-22 16:24 -------- d-----w- c:\program files\GIMP-2.0
2011-03-22 11:30 . 2011-03-22 11:30 -------- d-----w- c:\documents and settings\Notebook\Local Settings\Data aplikací\Mozilla
2011-03-21 15:30 . 2011-03-21 15:36 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\PSpad
2011-03-21 15:30 . 2011-03-21 15:30 -------- d-----w- c:\program files\PSPad editor
2011-03-21 14:40 . 2011-03-21 14:40 -------- d-----w- c:\program files\FlashFXP 4
2011-03-21 14:40 . 2011-03-21 14:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FlashFXP
2011-03-21 14:33 . 2011-03-21 14:33 -------- d-----w- c:\documents and settings\Notebook\Local Settings\Data aplikací\GlobalSCAPE
2011-03-21 14:33 . 2011-03-21 14:33 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\GlobalSCAPE
2011-03-21 14:33 . 2011-03-21 14:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\GlobalSCAPE
2011-03-21 11:38 . 2011-03-21 11:38 -------- d-----w- c:\program files\GlobalSCAPE
2011-03-21 11:37 . 2011-03-23 21:34 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\FileZilla
2011-03-21 11:37 . 2011-03-21 11:37 -------- d-----w- c:\program files\FileZilla FTP Client
2011-03-20 11:55 . 2011-03-20 11:55 -------- d-----w- c:\program files\Microsoft Games
2011-03-20 00:38 . 2011-03-20 00:38 -------- d-----w- c:\program files\Common Files\DirectX
2011-03-20 00:37 . 2011-03-20 00:37 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\WarlockStudio
2011-03-18 23:41 . 2011-03-18 23:44 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\vlc
2011-03-12 23:27 . 2011-03-22 22:36 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\gtk-2.0
2011-03-11 16:00 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-03-11 16:00 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-03-11 16:00 . 2011-03-11 16:01 -------- d-----w- c:\program files\PDFCreator
2011-03-11 16:00 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-03-11 15:04 . 2001-10-24 11:25 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2011-03-11 15:04 . 2001-10-24 11:25 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-03-11 15:04 . 2001-10-24 11:24 32768 ----a-w- c:\windows\system32\hpgtmcro.dll
2011-03-11 15:04 . 2001-10-24 11:24 32768 ----a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2011-03-11 15:04 . 2001-10-24 11:24 126976 ----a-w- c:\windows\system32\hpgt34tk.dll
2011-03-11 15:04 . 2001-10-24 11:24 126976 ----a-w- c:\windows\system32\dllcache\hpgt34tk.dll
2011-03-11 15:04 . 2001-10-24 11:24 101376 ----a-w- c:\windows\system32\hpgt34.dll
2011-03-11 15:04 . 2001-10-24 11:24 101376 ----a-w- c:\windows\system32\dllcache\hpgt34.dll
2011-03-11 15:04 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-03-11 15:04 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2011-03-11 09:17 . 2011-03-11 09:17 -------- d-----w- c:\documents and settings\Notebook\Local Settings\Data aplikací\ArmA Demo
2011-03-11 09:12 . 2011-03-11 09:12 -------- d-----w- c:\program files\OpenAL
2011-03-11 09:09 . 2011-03-11 09:09 -------- d-----w- c:\program files\Atari
2011-03-10 19:29 . 2011-03-10 19:29 -------- d-----w- C:\DUKE3D
2011-03-10 19:19 . 2004-08-17 14:49 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-03-10 19:19 . 2004-08-17 14:49 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2011-03-10 19:19 . 2004-08-17 14:45 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-03-10 19:19 . 2004-08-17 14:45 14848 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-03-10 19:19 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-10 19:19 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-03-08 17:25 . 2009-04-12 08:52 81920 ----a-w- c:\windows\system32\Juchinsetmenu.exe
2011-03-08 17:25 . 2009-04-07 14:12 9984 ----a-w- c:\windows\system32\drivers\Juchin.sys
2011-03-07 11:22 . 2011-03-07 11:22 -------- d-----w- c:\program files\Codemasters
2011-03-07 07:24 . 2011-03-07 07:38 61440 ----a-r- c:\documents and settings\Notebook\Data aplikací\Microsoft\Installer\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}\flatout.exe1_853599CE1B5C4FEFB643B8F48F508EDC.exe
2011-03-07 07:24 . 2011-03-07 07:38 61440 ----a-r- c:\documents and settings\Notebook\Data aplikací\Microsoft\Installer\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}\flatout.exe_853599CE1B5C4FEFB643B8F48F508EDC.exe
2011-03-07 07:24 . 2011-03-07 07:38 61440 ----a-r- c:\documents and settings\Notebook\Data aplikací\Microsoft\Installer\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}\ARPPRODUCTICON.exe
2011-03-07 07:03 . 2011-03-07 07:20 -------- d-----w- c:\program files\Empire Interactive
2011-03-06 23:02 . 2011-03-06 23:05 -------- d-----w- c:\program files\JFDuke3D
2011-03-06 22:25 . 2011-03-06 22:25 -------- d-----w- c:\documents and settings\Notebook\Local Settings\Data aplikací\Help
2011-03-06 22:23 . 2011-03-06 22:23 -------- d-----w- C:\C_DILLA
2011-03-06 22:22 . 2011-03-06 22:24 -------- d-----w- c:\program files\AcadLT 2000 Trial
2011-03-06 22:22 . 1999-04-26 10:41 299520 ----a-w- c:\windows\uninst.exe
2011-03-06 22:22 . 2011-03-06 22:22 -------- d-----w- c:\documents and settings\Notebook\WINDOWS
2011-03-03 16:46 . 2007-12-10 07:00 61440 ----a-w- c:\windows\system32\ZIMF.DLL
2011-03-03 16:46 . 2007-12-10 07:00 57344 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ZIMFPRNT.DLL
2011-03-03 16:46 . 2007-12-10 07:00 53248 ----a-w- c:\windows\system32\ZTAG.DLL
2011-03-03 16:46 . 2007-12-10 07:00 430080 ----a-w- c:\windows\system32\ZSHP1020.EXE
2011-03-03 16:46 . 2007-12-10 07:00 106496 ----a-w- c:\windows\system32\ZSPOOL.DLL
2011-03-03 16:46 . 2007-12-10 07:00 102400 ----a-w- c:\windows\system32\ZLhp1020.DLL
2011-03-03 16:46 . 2011-03-03 16:46 -------- d-----w- c:\program files\Hewlett-Packard
2011-03-03 16:27 . 2004-08-03 22:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-03-03 16:27 . 2004-08-03 22:01 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2011-03-03 07:56 . 2011-03-03 07:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-03-03 07:51 . 2011-03-03 07:51 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2011-03-03 07:21 . 2011-03-03 07:21 -------- d-----w- c:\program files\EAGLE-5.11.0
2011-03-03 07:21 . 2011-03-03 07:21 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\CadSoft
2011-03-02 23:06 . 2011-03-02 23:06 127469 ----a-w- c:\windows\MeterBasic Uninstaller.exe
2011-03-02 23:04 . 2011-03-02 23:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Hagel Technologies
2011-03-02 23:03 . 2011-03-02 23:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Hagel Technologies
2011-03-02 22:56 . 2011-03-02 22:56 97560 ----a-w- c:\windows\Meter Uninstaller.exe
2011-03-02 22:56 . 2011-03-02 22:56 -------- d-----w- c:\program files\Meter
2011-02-28 07:51 . 2011-02-28 07:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\id Software
2011-02-26 14:34 . 2011-02-27 18:58 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\.minecraft
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-11 09:17 . 2007-06-16 00:30 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-03-11 09:12 . 2003-11-07 12:28 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-11 09:12 . 2003-11-07 12:28 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2011-01-31 21:03 . 2011-01-31 20:53 53248 ----a-w- c:\windows\unrar.dll
2011-01-31 12:30 . 2011-01-31 12:30 12800 ----a-w- c:\windows\system32\drivers\ekauio.sys
2011-01-18 16:43 . 2011-02-07 06:34 42960 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-01-18 16:43 . 2011-01-18 16:43 109328 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-01-18 16:43 . 2011-02-07 06:34 158736 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-01-18 16:43 . 2011-01-18 16:43 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2011-01-18 16:43 . 2011-01-18 16:43 120208 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-01-13 08:47 . 2011-02-01 13:26 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2011-02-01 13:26 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2011-02-01 13:26 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2011-02-01 13:26 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2011-02-01 13:26 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2011-02-01 13:26 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2011-02-01 13:26 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2011-02-01 13:26 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2011-02-01 13:26 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 10:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Notebook\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2007-06-14 136176]
"ModemOnHold"="c:\program files\NetWaiting\NetWaiting.exe" [2003-09-10 20480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 102400]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 86016]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-23 30192]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
2x-Office.lnk - c:\program files\Juchin\Office Mouse\Juchin Mouse.exe [N/A]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-5 24576]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-8-25 192512]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Notebook\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Vietcong\\Vietcong.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Atari\\ArmA Demo\\ArmADemo.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.2.2011 15:26 294608]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [15.6.2007 0:16 218688]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [7.2.2011 8:34 158736]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [7.2.2011 8:34 42960]
R2 Ç-DillaSrv;Ç-DillaSrv;c:\windows\system32\drivers\CDANTSRV.EXE [16.3.1999 21:49 19456]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28.1.2011 18:10 387072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.2.2011 15:26 17744]
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol;c:\windows\system32\drivers\ekauio.sys [31.1.2011 14:30 12800]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [6.12.2010 9:31 1238408]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [18.1.2011 18:43 109328]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [18.1.2011 18:43 120208]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.3.2011 9:51 136176]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [23.2.2011 22:25 30192]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 07:50]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 07:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=cz&l=cs&s=bsd
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=cz&l=cs&s=bsd
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-27 13:07
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3596)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\stsystra.exe
c:\program files\Apoint\HidFind.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Apoint\Apntex.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Wave Systems Corp\Common\DataServer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\SoftwareDistribution\Download\ae4ac74864a34bda5a1d4d2ed27ee4c8\update\update.exe
.
**************************************************************************
.
Celkový čas: 2011-03-27 13:12:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-27 11:12
ComboFix2.txt 2011-03-26 22:35
.
Před spuštěním: Volných bajtů: 14 801 698 816
Po spuštění: Volných bajtů: 15 558 758 400
.
- - End Of File - - 32CF91F55991C6DAD302BB7DFF01FB2A
Nahr nˇ probŘhlo ŁspŘçnŘ
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2046.1606 [GMT 2:00]
Spuštěný z: c:\documents and settings\Notebook\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Notebook\Plocha\CFSCript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
file zipped: c:\windows\system32\04.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\pdfforge Toolbar
c:\program files\pdfforge Toolbar\IE\4.3\config.ini
c:\program files\pdfforge Toolbar\Res\amazon.gif
c:\program files\pdfforge Toolbar\Res\ebay.gif
c:\program files\pdfforge Toolbar\Res\icon_settings.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\Res\pdfc_icon.gif
c:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\Res\search-button-hover.gif
c:\program files\pdfforge Toolbar\Res\search-button.gif
c:\program files\pdfforge Toolbar\Res\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\Res\search-chevron.gif
c:\program files\pdfforge Toolbar\Res\search_amazon.gif
c:\program files\pdfforge Toolbar\Res\search_ebay.gif
c:\program files\pdfforge Toolbar\Res\search_yahoo.gif
c:\program files\pdfforge Toolbar\Res\widgets.xml
c:\program files\pdfforge Toolbar\WidgiHelper.exe
c:\windows\system32\04.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_HFWDNYNVU
-------\Legacy_WAPSJ
-------\Service_hfwdnynvu
-------\Service_WAPSJ
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-27 do 2011-03-27 )))))))))))))))))))))))))))))))
.
.
2011-03-25 22:10 . 2011-03-25 22:10 -------- d-----w- C:\rsit
2011-03-25 22:10 . 2011-03-25 22:10 -------- d-----w- c:\program files\trend micro
2011-03-25 12:57 . 2011-03-25 12:57 -------- d-----r- c:\documents and settings\LocalService\Dokumenty
2011-03-25 08:46 . 2011-03-25 08:46 -------- d-----w- c:\program files\CCleaner
2011-03-24 00:14 . 2011-03-24 00:14 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\dvdcss
2011-03-22 16:43 . 2011-03-22 16:43 -------- d-----w- c:\documents and settings\Notebook\.thumbnails
2011-03-22 16:24 . 2011-03-25 12:53 -------- d-----w- c:\documents and settings\Notebook\.gimp-2.6
2011-03-22 16:24 . 2011-03-22 16:24 -------- d-----w- c:\program files\GIMP-2.0
2011-03-22 11:30 . 2011-03-22 11:30 -------- d-----w- c:\documents and settings\Notebook\Local Settings\Data aplikací\Mozilla
2011-03-21 15:30 . 2011-03-21 15:36 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\PSpad
2011-03-21 15:30 . 2011-03-21 15:30 -------- d-----w- c:\program files\PSPad editor
2011-03-21 14:40 . 2011-03-21 14:40 -------- d-----w- c:\program files\FlashFXP 4
2011-03-21 14:40 . 2011-03-21 14:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FlashFXP
2011-03-21 14:33 . 2011-03-21 14:33 -------- d-----w- c:\documents and settings\Notebook\Local Settings\Data aplikací\GlobalSCAPE
2011-03-21 14:33 . 2011-03-21 14:33 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\GlobalSCAPE
2011-03-21 14:33 . 2011-03-21 14:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\GlobalSCAPE
2011-03-21 11:38 . 2011-03-21 11:38 -------- d-----w- c:\program files\GlobalSCAPE
2011-03-21 11:37 . 2011-03-23 21:34 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\FileZilla
2011-03-21 11:37 . 2011-03-21 11:37 -------- d-----w- c:\program files\FileZilla FTP Client
2011-03-20 11:55 . 2011-03-20 11:55 -------- d-----w- c:\program files\Microsoft Games
2011-03-20 00:38 . 2011-03-20 00:38 -------- d-----w- c:\program files\Common Files\DirectX
2011-03-20 00:37 . 2011-03-20 00:37 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\WarlockStudio
2011-03-18 23:41 . 2011-03-18 23:44 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\vlc
2011-03-12 23:27 . 2011-03-22 22:36 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\gtk-2.0
2011-03-11 16:00 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-03-11 16:00 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-03-11 16:00 . 2011-03-11 16:01 -------- d-----w- c:\program files\PDFCreator
2011-03-11 16:00 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-03-11 15:04 . 2001-10-24 11:25 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2011-03-11 15:04 . 2001-10-24 11:25 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-03-11 15:04 . 2001-10-24 11:24 32768 ----a-w- c:\windows\system32\hpgtmcro.dll
2011-03-11 15:04 . 2001-10-24 11:24 32768 ----a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2011-03-11 15:04 . 2001-10-24 11:24 126976 ----a-w- c:\windows\system32\hpgt34tk.dll
2011-03-11 15:04 . 2001-10-24 11:24 126976 ----a-w- c:\windows\system32\dllcache\hpgt34tk.dll
2011-03-11 15:04 . 2001-10-24 11:24 101376 ----a-w- c:\windows\system32\hpgt34.dll
2011-03-11 15:04 . 2001-10-24 11:24 101376 ----a-w- c:\windows\system32\dllcache\hpgt34.dll
2011-03-11 15:04 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-03-11 15:04 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2011-03-11 09:17 . 2011-03-11 09:17 -------- d-----w- c:\documents and settings\Notebook\Local Settings\Data aplikací\ArmA Demo
2011-03-11 09:12 . 2011-03-11 09:12 -------- d-----w- c:\program files\OpenAL
2011-03-11 09:09 . 2011-03-11 09:09 -------- d-----w- c:\program files\Atari
2011-03-10 19:29 . 2011-03-10 19:29 -------- d-----w- C:\DUKE3D
2011-03-10 19:19 . 2004-08-17 14:49 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-03-10 19:19 . 2004-08-17 14:49 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2011-03-10 19:19 . 2004-08-17 14:45 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-03-10 19:19 . 2004-08-17 14:45 14848 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-03-10 19:19 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-10 19:19 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-03-08 17:25 . 2009-04-12 08:52 81920 ----a-w- c:\windows\system32\Juchinsetmenu.exe
2011-03-08 17:25 . 2009-04-07 14:12 9984 ----a-w- c:\windows\system32\drivers\Juchin.sys
2011-03-07 11:22 . 2011-03-07 11:22 -------- d-----w- c:\program files\Codemasters
2011-03-07 07:24 . 2011-03-07 07:38 61440 ----a-r- c:\documents and settings\Notebook\Data aplikací\Microsoft\Installer\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}\flatout.exe1_853599CE1B5C4FEFB643B8F48F508EDC.exe
2011-03-07 07:24 . 2011-03-07 07:38 61440 ----a-r- c:\documents and settings\Notebook\Data aplikací\Microsoft\Installer\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}\flatout.exe_853599CE1B5C4FEFB643B8F48F508EDC.exe
2011-03-07 07:24 . 2011-03-07 07:38 61440 ----a-r- c:\documents and settings\Notebook\Data aplikací\Microsoft\Installer\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}\ARPPRODUCTICON.exe
2011-03-07 07:03 . 2011-03-07 07:20 -------- d-----w- c:\program files\Empire Interactive
2011-03-06 23:02 . 2011-03-06 23:05 -------- d-----w- c:\program files\JFDuke3D
2011-03-06 22:25 . 2011-03-06 22:25 -------- d-----w- c:\documents and settings\Notebook\Local Settings\Data aplikací\Help
2011-03-06 22:23 . 2011-03-06 22:23 -------- d-----w- C:\C_DILLA
2011-03-06 22:22 . 2011-03-06 22:24 -------- d-----w- c:\program files\AcadLT 2000 Trial
2011-03-06 22:22 . 1999-04-26 10:41 299520 ----a-w- c:\windows\uninst.exe
2011-03-06 22:22 . 2011-03-06 22:22 -------- d-----w- c:\documents and settings\Notebook\WINDOWS
2011-03-03 16:46 . 2007-12-10 07:00 61440 ----a-w- c:\windows\system32\ZIMF.DLL
2011-03-03 16:46 . 2007-12-10 07:00 57344 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ZIMFPRNT.DLL
2011-03-03 16:46 . 2007-12-10 07:00 53248 ----a-w- c:\windows\system32\ZTAG.DLL
2011-03-03 16:46 . 2007-12-10 07:00 430080 ----a-w- c:\windows\system32\ZSHP1020.EXE
2011-03-03 16:46 . 2007-12-10 07:00 106496 ----a-w- c:\windows\system32\ZSPOOL.DLL
2011-03-03 16:46 . 2007-12-10 07:00 102400 ----a-w- c:\windows\system32\ZLhp1020.DLL
2011-03-03 16:46 . 2011-03-03 16:46 -------- d-----w- c:\program files\Hewlett-Packard
2011-03-03 16:27 . 2004-08-03 22:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-03-03 16:27 . 2004-08-03 22:01 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2011-03-03 07:56 . 2011-03-03 07:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-03-03 07:51 . 2011-03-03 07:51 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2011-03-03 07:21 . 2011-03-03 07:21 -------- d-----w- c:\program files\EAGLE-5.11.0
2011-03-03 07:21 . 2011-03-03 07:21 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\CadSoft
2011-03-02 23:06 . 2011-03-02 23:06 127469 ----a-w- c:\windows\MeterBasic Uninstaller.exe
2011-03-02 23:04 . 2011-03-02 23:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Hagel Technologies
2011-03-02 23:03 . 2011-03-02 23:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Hagel Technologies
2011-03-02 22:56 . 2011-03-02 22:56 97560 ----a-w- c:\windows\Meter Uninstaller.exe
2011-03-02 22:56 . 2011-03-02 22:56 -------- d-----w- c:\program files\Meter
2011-02-28 07:51 . 2011-02-28 07:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\id Software
2011-02-26 14:34 . 2011-02-27 18:58 -------- d-----w- c:\documents and settings\Notebook\Data aplikací\.minecraft
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-11 09:17 . 2007-06-16 00:30 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-03-11 09:12 . 2003-11-07 12:28 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-11 09:12 . 2003-11-07 12:28 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2011-01-31 21:03 . 2011-01-31 20:53 53248 ----a-w- c:\windows\unrar.dll
2011-01-31 12:30 . 2011-01-31 12:30 12800 ----a-w- c:\windows\system32\drivers\ekauio.sys
2011-01-18 16:43 . 2011-02-07 06:34 42960 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-01-18 16:43 . 2011-01-18 16:43 109328 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-01-18 16:43 . 2011-02-07 06:34 158736 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-01-18 16:43 . 2011-01-18 16:43 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2011-01-18 16:43 . 2011-01-18 16:43 120208 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-01-13 08:47 . 2011-02-01 13:26 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2011-02-01 13:26 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2011-02-01 13:26 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2011-02-01 13:26 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2011-02-01 13:26 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2011-02-01 13:26 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2011-02-01 13:26 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2011-02-01 13:26 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2011-02-01 13:26 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 10:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Notebook\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2007-06-14 136176]
"ModemOnHold"="c:\program files\NetWaiting\NetWaiting.exe" [2003-09-10 20480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 102400]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 86016]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-23 30192]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
2x-Office.lnk - c:\program files\Juchin\Office Mouse\Juchin Mouse.exe [N/A]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-5 24576]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-8-25 192512]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Notebook\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Vietcong\\Vietcong.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Atari\\ArmA Demo\\ArmADemo.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.2.2011 15:26 294608]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [15.6.2007 0:16 218688]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [7.2.2011 8:34 158736]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [7.2.2011 8:34 42960]
R2 Ç-DillaSrv;Ç-DillaSrv;c:\windows\system32\drivers\CDANTSRV.EXE [16.3.1999 21:49 19456]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28.1.2011 18:10 387072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.2.2011 15:26 17744]
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol;c:\windows\system32\drivers\ekauio.sys [31.1.2011 14:30 12800]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [6.12.2010 9:31 1238408]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [18.1.2011 18:43 109328]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [18.1.2011 18:43 120208]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.3.2011 9:51 136176]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [23.2.2011 22:25 30192]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 07:50]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 07:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=cz&l=cs&s=bsd
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=cz&l=cs&s=bsd
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-27 13:07
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3596)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\stsystra.exe
c:\program files\Apoint\HidFind.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Apoint\Apntex.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Wave Systems Corp\Common\DataServer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\SoftwareDistribution\Download\ae4ac74864a34bda5a1d4d2ed27ee4c8\update\update.exe
.
**************************************************************************
.
Celkový čas: 2011-03-27 13:12:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-27 11:12
ComboFix2.txt 2011-03-26 22:35
.
Před spuštěním: Volných bajtů: 14 801 698 816
Po spuštění: Volných bajtů: 15 558 758 400
.
- - End Of File - - 32CF91F55991C6DAD302BB7DFF01FB2A
Nahr nˇ probŘhlo ŁspŘçnŘ
Re: pomoc s rootkity
Napsal: 27 bře 2011 15:46
Vše smazáno, zbytek logu vypadá čistý. Nastala nějaká změna?
Re: pomoc s rootkity
Napsal: 27 bře 2011 17:00
Počítač je o poznání pomalejší než před řešením problému. Načítání systému trvá cca 5 min. Některé programy ani nespustím nebo spustím ale jdou velice pomalu (Virtual box).
Re: pomoc s rootkity
Napsal: 27 bře 2011 17:03
Ještě zkuste sken IceSword: http://www.viry.cz/forum/viewtopic.php?f=29&t=11394 . Dejte logy Process a KernelModule.
Re: pomoc s rootkity
Napsal: 27 bře 2011 17:44
Process:
System Idle Process
System
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Notebook\Local Settings\Data aplikacˇ\Google\Chrome\Application\chrome.exe
C:\Program Files\Apoint\hidfind.exe
C:\Documents and Settings\Notebook\Local Settings\Data aplikacˇ\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Notebook\Local Settings\Data aplikacˇ\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Documents and Settings\Notebook\Local Settings\Data aplikacˇ\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\smss.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDANTSRV.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Notebook\Plocha\IceSword122en\IceSword.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Documents and Settings\Notebook\Local Settings\Data aplikacˇ\Google\Chrome\Application\chrome.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\system32\nvsvc32.exe
Kernel Module:
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
pbadrv.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
Mup.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5x32.sys
\SystemRoot\system32\DRIVERS\b57xp32.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\oz776.sys
\SystemRoot\System32\Drivers\SMCLIB.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\ekauio.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\cvintdrv.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll
System Idle Process
System
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Notebook\Local Settings\Data aplikacˇ\Google\Chrome\Application\chrome.exe
C:\Program Files\Apoint\hidfind.exe
C:\Documents and Settings\Notebook\Local Settings\Data aplikacˇ\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Notebook\Local Settings\Data aplikacˇ\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Documents and Settings\Notebook\Local Settings\Data aplikacˇ\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\smss.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDANTSRV.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Notebook\Plocha\IceSword122en\IceSword.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Documents and Settings\Notebook\Local Settings\Data aplikacˇ\Google\Chrome\Application\chrome.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\system32\nvsvc32.exe
Kernel Module:
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
pbadrv.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
Mup.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5x32.sys
\SystemRoot\system32\DRIVERS\b57xp32.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\oz776.sys
\SystemRoot\System32\Drivers\SMCLIB.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\ekauio.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\cvintdrv.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll
Re: pomoc s rootkity
Napsal: 27 bře 2011 17:52
Žádný roiotkit již v PC není. Zkuste obnovu systému k datu, kdy korketně fungoval.
Re: pomoc s rootkity
Napsal: 27 bře 2011 19:08
Systém se už načítá jako obvykle. Díky moc že jste mi pomohli.
Jenom se mě nenačítají žádné oficiální stránky antivirů. např: Avast, Eset, Norton antivirus
Jenom se mě nenačítají žádné oficiální stránky antivirů. např: Avast, Eset, Norton antivirus
Re: pomoc s rootkity
Napsal: 27 bře 2011 19:37
Ještě zkuste kompletní sken MBAM: http://www.malwarebytes.org/mbam.php . Dejte log a předem nic nemažte.
Re: pomoc s rootkity
Napsal: 27 bře 2011 21:16
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Verze databáze: 6185
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
27.3.2011 22:13:22
mbam-log-2011-03-27 (22-13-17).txt
Typ kontroly: Úplný test (C:\|)
Testované objekty: 204470
Uplynulý čas: 47 minut, 23 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 1
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
www.malwarebytes.org
Verze databáze: 6185
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
27.3.2011 22:13:22
mbam-log-2011-03-27 (22-13-17).txt
Typ kontroly: Úplný test (C:\|)
Testované objekty: 204470
Uplynulý čas: 47 minut, 23 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 1
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)