prosím o konzultaci s výsledkem logu
Napsal: 18 čer 2011 07:32
ComboFix 11-06-17.04 - Administrator 18.06.2011 7:56.1.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2918 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
AV: ESET Smart Security 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Majitel\0.35537492909183166.exe
c:\documents and settings\Majitel\Data aplikací\Desktopicon
c:\documents and settings\Majitel\Local Settings\Data aplikací\mhk.exe
c:\drivergenius\DriverGenius.exe
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{240D57C0-234A-4CAD-B6E7-DFDE6B0B1272}\setup.msi
c:\windows\IsUn0405.exe
c:\windows\system32\Drivers\ekjqywaf.sys
E:\resycled
F:\resycled
G:\resycled
H:\resycled
I:\resycled
J:\resycled
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-18 do 2011-06-18 )))))))))))))))))))))))))))))))
.
.
2011-06-18 05:50 . 2011-06-18 05:30 1007120 ----a-w- C:\rkill.scr
2011-06-18 05:50 . 2011-06-18 05:29 1007120 ----a-w- C:\rkill.exe
2011-06-18 05:50 . 2011-06-18 05:29 1007120 ----a-w- C:\rkill.com
2011-06-16 12:54 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-12 15:19 . 2011-05-25 07:25 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-06-12 15:19 . 2011-05-25 07:25 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-06-12 15:19 . 2011-05-25 07:25 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-06-12 15:19 . 2011-05-25 07:25 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-06-12 15:19 . 2011-05-25 07:25 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-06-12 15:19 . 2011-05-25 07:25 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-06-12 15:19 . 2011-05-25 07:25 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-06-11 17:08 . 2005-05-04 07:20 53248 ------w- c:\windows\system32\wdmioctl.dll
2011-06-11 17:08 . 2001-09-11 13:20 1285632 ------w- c:\windows\system32\SMMedia.dll
2011-06-11 17:08 . 2006-07-10 13:42 49152 ------w- c:\windows\system32\DSndUp.exe
2011-06-11 17:08 . 2002-04-17 13:05 45056 ------w- c:\windows\system32\CleanUp.exe
2011-06-11 17:02 . 2006-08-18 08:30 446464 ----a-w- c:\windows\system32\CapabilityTable.exe
2011-06-11 17:01 . 2006-08-07 16:39 52736 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2011-06-11 17:01 . 2006-08-07 16:37 202240 ----a-w- c:\windows\system32\fdco1.dll
2011-06-11 17:01 . 2011-06-11 17:01 -------- d-----w- c:\windows\NV20203364.TMP
2011-06-11 17:01 . 2006-08-07 16:39 110080 ----a-r- c:\windows\system32\drivers\nvtcp.sys
2011-06-11 17:01 . 2006-08-03 23:48 35840 ----a-w- c:\windows\system32\nvconrm.dll
2011-06-11 17:01 . 2006-08-03 23:48 208896 ----a-w- c:\windows\system32\nvunrm.exe
2011-06-11 17:01 . 2006-08-07 16:39 18944 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2011-06-11 17:01 . 2006-08-07 16:39 1104896 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2011-06-11 17:01 . 2006-08-07 16:38 261120 ----a-r- c:\windows\system32\drivers\nvsnpu.sys
2011-06-11 17:01 . 2006-08-07 16:37 10240 ----a-w- c:\windows\system32\bdco1.dll
2011-06-11 16:54 . 2006-10-25 07:48 12288 ----a-r- c:\windows\system32\drivers\EIO.sys
2011-06-11 16:39 . 2011-06-11 16:39 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-11 16:11 . 2011-06-11 16:11 -------- d-----w- c:\documents and settings\UpdatusUser
2011-06-11 16:10 . 2011-06-12 15:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA
2011-06-11 16:10 . 2011-05-25 07:26 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-06-11 16:10 . 2011-05-25 07:25 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-06-11 16:10 . 2011-05-25 07:25 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-06-11 16:01 . 2011-06-11 16:01 -------- d-----w- c:\program files\A4Tech
2011-06-11 15:56 . 2005-09-21 14:25 12800 ----a-r- c:\windows\system32\drivers\Amusbprt.sys
2011-06-11 15:56 . 2004-08-25 15:09 7424 ----a-w- c:\windows\system32\drivers\Arfumftr.sys
2011-06-11 15:56 . 2005-09-29 08:12 49152 ----a-w- c:\windows\system32\Amhooker.dll
2011-06-11 15:56 . 2005-09-21 14:27 12800 ----a-w- c:\windows\system32\drivers\Amps2prt.sys
2011-06-11 15:56 . 2005-09-21 14:26 6656 ----a-r- c:\windows\system32\drivers\Amfilter.sys
2011-06-06 06:33 . 2011-06-06 06:33 -------- d-----w- c:\program files\Real
2011-06-06 06:33 . 2011-06-06 06:33 -------- d-----w- c:\program files\Common Files\xing shared
2011-06-02 09:44 . 2011-06-06 14:09 -------- d-----w- C:\Mozilla Firefox 4
2011-05-29 07:09 . 2011-05-29 07:09 35296 ----a-w- c:\windows\system32\drivers\Dvd43.sys
2011-05-29 06:28 . 2011-06-18 06:00 -------- d-----w- C:\DriverGenius
2011-05-28 15:04 . 2010-09-30 15:57 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2011-05-28 15:01 . 2011-05-28 15:01 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2011-05-28 14:48 . 2011-05-29 05:40 -------- d-----w- C:\YouTube Converter
2011-05-27 16:32 . 2011-05-27 16:32 10240 ----a-r- c:\documents and settings\Majitel\Data aplikací\Microsoft\Installer\{B94C3B9D-9996-42DC-B58C-A73A91A8FAF8}\IconB94C3B9D.exe
2011-05-27 16:31 . 2011-05-27 16:31 -------- d-----w- C:\InfoMapa 18 HE SPECIAL
2011-05-27 14:58 . 2011-05-27 14:58 -------- d-----w- C:\Virtual
2011-05-27 14:56 . 2011-05-29 07:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\BufferZone
2011-05-27 14:32 . 2011-05-27 14:32 -------- d-----w- c:\documents and settings\Majitel\Data aplikací\Ashampoo
2011-05-27 14:31 . 2011-05-27 14:31 -------- d-----w- c:\documents and settings\Majitel\Local Settings\Data aplikací\ashampoo
2011-05-27 14:31 . 2011-05-27 14:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ashampoo
2011-05-27 14:31 . 2011-05-27 14:31 -------- d-----w- C:\Ashampoo Photo Commander 8
2011-05-27 14:18 . 2011-02-23 14:54 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-05-27 14:18 . 2011-02-23 15:04 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-05-27 14:18 . 2011-05-27 14:18 -------- d-----w- c:\program files\IObit
2011-05-27 14:18 . 2011-05-27 14:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FreeApp
2011-05-27 14:15 . 2011-06-11 10:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2011-05-22 05:33 . 2011-05-30 08:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-21 18:49 . 2011-05-21 18:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\GARMIN
2011-05-21 18:47 . 2011-05-21 18:54 -------- d-----w- C:\Garmin
2011-05-21 17:00 . 2011-05-21 17:00 -------- d-----w- c:\program files\Garmin GPS Plugin
2011-05-21 17:00 . 2011-05-21 17:00 -------- d-----w- c:\program files\Garmin
2011-05-21 06:29 . 2011-05-21 18:49 -------- d-----w- c:\documents and settings\Majitel\Data aplikací\GARMIN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:06 . 2009-04-11 17:50 1390730 ----a-w- c:\windows\system32\AutoPartNt.exe
2011-05-29 07:11 . 2009-07-08 17:01 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2009-07-08 17:01 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-29 06:04 . 2011-02-23 12:30 14886 ----a-w- c:\windows\system32\cleartmp.cmd
2011-05-25 07:25 . 2008-10-27 07:38 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 07:25 . 2008-10-27 07:38 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-02 15:32 . 2008-10-28 11:58 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 07:25 . 2009-07-23 10:16 796672 ----a-w- c:\windows\GPInstall.exe
2011-04-25 16:06 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-18 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FullShot 9.5"="c:\fullshot 9\FULLSHOT.exe" [2011-05-29 3997696]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Fraps"="c:\fraps\FRAPS.EXE" [2008-01-14 3182248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\eset smart security\egui.exe" [2009-05-14 2029640]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-10-05 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes' Anti-Malware"="x:\malwarebytes' anti-malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Majitel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Obsah aplikace OneNote.onetoc2 [2011-3-9 3656]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Orbit.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-05-25 07:26 13895272 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"O&O Defrag Container (Win32)"=c:\o&o defrag pro 10\oodcnt.exe
"Address Book"=c:\program files\Outlook Express\wab.exe /showexisting
"Google Update"="c:\documents and settings\Majitel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
"Titan Backup"="i:\nainst~1\TITANB~1.5\TITANB~1\TITANB~2.EXE" /startup
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"PC Suite Tray"="c:\nokia pc suite 7\Nokia PC Suite 7\PCSuite.exe" -onlytray
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
"AlcoholAutomount"="c:\alcohol 120 black and bloody edit.4\axcmd.exe" /automount
"ICQ"="i:\nainstalovane programy\ICQ7.2\ICQ.exe" silent loginmode=4
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"SlimDrivers"="i:\nainstalovane programy\SLIM DRIVERS 2.0\SlimDrivers.exe" -boot
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SSS2007 HotKeys"="c:\steganos security suite 2007\SteganosHotKeyService.exe"
"SSS2007 File Redirection Starter"="c:\steganos security suite 2007\fredirstarter.exe"
"SSS2007 PasswordManagerFFAutoFill"="c:\steganos security suite 2007\PasswordManagerFFAutoFill.exe"
"PWRISOVM.EXE"=c:\power iso\PowerISO\PWRISOVM.EXE
"OpwareSE2"="c:\scansoft\OmniPageSE2.0\OpwareSE2.exe"
"Adobe Reader Speed Launcher"="c:\adobe reader 9\Reader\Reader_sl.exe"
"AsusStartupHelp"=c:\program files\ASUS\AASP\1.00.14\AsRunHelp.exe
"OSSelectorReinstall"=c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
"TrueImageMonitor.exe"=i:\nainstalovane programy\ACRONIS TRUE IMAGE\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"AcronisTimounterMonitor"=i:\nainstalovane programy\ACRONIS TRUE IMAGE\TimounterMonitor.exe
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe"
"boincmgr"="c:\boinc\bionic\boincmgr.exe" /a /s
"boinctray"="c:\boinc\bionic\boinctray.exe"
"GrooveMonitor"="c:\microsoft office 2007\Office12\GrooveMonitor.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"TkBellExe"="i:\nainstalovane programy\RealPlayer\update\realsched.exe" -osboot
"rfagent"="c:\program files\RFA 8\rfagent32.exe"
"SpyHunter Security Suite"=c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\MICROSOFT OFFICE 2007\\Office12\\OUTLOOK.EXE"=
"c:\\MICROSOFT OFFICE 2007\\Office12\\GROOVE.EXE"=
"c:\\MICROSOFT OFFICE 2007\\Office12\\ONENOTE.EXE"=
"c:\\ORBIT DOWNLOADER\\orbitdm.exe"=
"c:\\ORBIT DOWNLOADER\\orbitnet.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"i:\\NAINSTALOVANE PROGRAMY\\ICQ7.2\\ICQ.exe"=
"i:\\NAINSTALOVANE PROGRAMY\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Activision\\Wolfenstein Lite Server\\Wolf2MPLite.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 hotcore3;Hotcore helper;c:\windows\system32\drivers\hotcore3.sys [15.5.2009 19:30 40496]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 SLEE_15_DRIVER;Steganos Live Encryption Engine 15 [Driver];c:\windows\system32\drivers\sleen15.sys [21.2.2007 13:33 80232]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9.5.2009 20:38 141312]
R2 ekrn;ESET Service;c:\eset smart security\ekrn.exe [14.5.2009 15:47 731840]
R2 MBAMService;MBAMService;x:\malwarebytes' anti-malware\mbamservice.exe [17.6.2011 20:06 366640]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [11.6.2011 18:10 2214504]
R3 Dvd43;Dvd43;c:\windows\system32\drivers\Dvd43.sys [29.5.2011 9:09 35296]
R3 MaplomL;MaplomL;c:\windows\system32\drivers\maploml.sys [27.11.2008 12:00 38848]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8.7.2009 19:01 22712]
S0 ogqtx;ogqtx;c:\windows\system32\drivers\pyanwbj.sys --> c:\windows\system32\drivers\pyanwbj.sys [?]
S3 FileObjInfo;STFileDriver;c:\documents and settings\All Users\Data aplikací\Spyware Terminator\fileobjinfo.sys [9.5.2009 20:38 5632]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8.7.2009 19:01 39984]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 14:00 14336]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WUAUSERV
*Deregistered* - Ndisprot.sys
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-1214440339-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-06-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-1214440339-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
IE: Analyzovat LeechGetem - file://i:\nainstalovane programy\LeechGet 2007\\Parser.html
IE: Download LeechGetem - file://i:\nainstalovane programy\LeechGet 2007\\AddUrl.html
IE: Download s průvodcem LeechGetu - file://i:\nainstalovane programy\LeechGet 2007\\Wizard.html
IE: Send to &Bluetooth Device... - c:\program files\AirLive\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: DhcpNameServer = 81.25.16.250 81.25.28.250
FF - ProfilePath - c:\documents and settings\Majitel\Data aplikací\Mozilla\Firefox\Profiles\o2vo0ivh.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://my.daemon-search.com/|http://cs.start3.mozilla.com/firefox?cl ... s:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-706282573 - c:\documents and settings\Majitel\Local Settings\Data aplikací\mhk.exe
ShellExecuteHooks-{93994DE8-8239-4655-B1D1-5F4E91300429} - (no file)
MSConfigStartUp-nwiz - nwiz.exe
AddRemove-2009 - c:\windows\IsUn0405.exe
AddRemove-IDOS - IDS JMK - c:\windows\IsUn0405.exe
AddRemove-IDOS - Letový řád Galileo - c:\windows\IsUn0405.exe
AddRemove-IDOS - MHD Olomouc - c:\windows\IsUn0405.exe
AddRemove-IDOS - MHD Ostrava - c:\windows\IsUn0405.exe
AddRemove-IDOS - MHD Plzeň - c:\windows\IsUn0405.exe
AddRemove-IDOS - MHD České Budějovice - c:\windows\IsUn0405.exe
AddRemove-IDOS - Pražská integrovaná doprava - c:\windows\IsUn0405.exe
AddRemove-IDOS - ProgramTT - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-18 08:07
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD501LJ rev.CR100-10 -> Harddisk0\DR0 -> \Device\0000009a
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-1214440339-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="CD7288AD6CBCAFC52AF6132A8E5E34DCBF42B9005978CF4184C1565CB6810446FA86DA64AFDA944A0E417365725C0AAAB542728A975306CC721A8A28CEABE7259233DD1AC71BC4644F145A2874DE25A5B09DE387990BA0AEC8E553DCB1693B453D9D41FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933FEBC9E127BECC74CFEBC9E127BECC74CD18DB4229DD50E51CB40E8034333074F6CA32F1632EF40300497FC3CFCA8687372D506290C864A5535D51D4DF2D0321A81F89E80C83EE5A96B0EF28DA5A1AA00A5A21A879EDF5DE4C49D4D68DABA937BA1B8A70936E8591EBEB96D68707B7289C406513BF49CB4DA8C02D951289069DB37444DCCCD144820DF8E2EA37A817E6F4DAB4FF7144CC0044181E9B8E7467416520C5515C73966395795BFC8C3D11208DECF7BA5E65376233EAE65818B257A78A5184A663F28E9E4D0E96995B1DFF51DBF4405DFBA6ACDEE802EFA47EBCA454607057AF4B2810D129C3C3D7D8AF0746A59EDD775BF1B440FAA3C99D3412723367102772A06BA8FA52E500DA77BA0DD21B5C52CE90CC6D9A3812677292B7FE57485D01725819D32789D7FEF6D965E85E5095977F598A1933FEFCD8EFAAB6B611F04497535CEC8BD55A736C15DCDECC3D2A54A760443B1FA6683A99B3329D97149D5D7ED617FADFAFB2AF321BBFB62747486CDA9B44DD31B936F459DEB6D89F17A047A25E28511B9A22A4C71FCDB29F54B462DD5DA5CB7853407BD5D782810452DBEC4FE27B78DCBEED068D94C8D022C4C2844817D79614EABC545615B6B55D0CFD8DE28CED29209FEE706C48996FC01E110067A5813A78ECEC9A278CDAC18FEC7C7828CB0765FCBDFE0F162445F035CE806F8CFDBF83862E7D33032BCC667BD69A8805FD5A489F1984E1426C6B3CD31B03832D5AAE1906BB5CB5C634779A8FC01393B97FBC5FC5F9FE9E24608C3EB710077E2251CE5064EE9B9282844E415344D5C29EC1525F5F8E18EE93D39A4C0948E384B993D0440B2A94CAA5B3A11B85B8119D75F467108AABEBACA4B3B4E04170B93BFD24C9B39C48F540F9DE5687471C41AE4B1E7BE96E30A94B974259DBEF89346A937BC74C3382AC992D53937FDF6B22E04698884DB150D637EFD42534FBC4132876BB6B681BDFAC408ABD6B25CF258C97C4E6A9E67B50292F4748F12EAE999D9E9DD95EE6A11F804548E99EFED6DBA81A87202CA19C11AB20FA5C163168E9B68F43F68104B6D0D6974AC0B69E2755091F9A5F82D29B6F8F64FA63CB42EB7372A648272EE4213157AF37C6EFD3F1D0459F17E2DCE1E173738CE4D9C545F79D18F83DE2DC445C763E27638B6EEDDF7B4D928573098D76ADF71B9B430782C6C452D3453C12F1AD33F6D315C8D63"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2276)
c:\fullshot 9\SHOT8.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\nokia pc suite 7\Nokia PC Suite 7\PhoneBrowser.dll
c:\nokia pc suite 7\Nokia PC Suite 7\NGSCM.DLL
c:\nokia pc suite 7\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\nokia pc suite 7\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
m:\virtual pc 1 w98\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\AirLive\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
i:\nainstalovane programy\CDBurnerXP\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\spyware terminator\sp_rsser.exe
c:\alcohol 120 black and bloody edit.4\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RunDLL32.exe
.
**************************************************************************
.
Celkový čas: 2011-06-18 08:12:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-06-18 06:12
.
Před spuštěním: 9 506 103 296
Po spuštění: 9 937 027 072
.
Current=9 Default=9 Failed=8 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 98307B6843F008C2D9A8F68084B99CA4
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2918 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
AV: ESET Smart Security 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Majitel\0.35537492909183166.exe
c:\documents and settings\Majitel\Data aplikací\Desktopicon
c:\documents and settings\Majitel\Local Settings\Data aplikací\mhk.exe
c:\drivergenius\DriverGenius.exe
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{240D57C0-234A-4CAD-B6E7-DFDE6B0B1272}\setup.msi
c:\windows\IsUn0405.exe
c:\windows\system32\Drivers\ekjqywaf.sys
E:\resycled
F:\resycled
G:\resycled
H:\resycled
I:\resycled
J:\resycled
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-18 do 2011-06-18 )))))))))))))))))))))))))))))))
.
.
2011-06-18 05:50 . 2011-06-18 05:30 1007120 ----a-w- C:\rkill.scr
2011-06-18 05:50 . 2011-06-18 05:29 1007120 ----a-w- C:\rkill.exe
2011-06-18 05:50 . 2011-06-18 05:29 1007120 ----a-w- C:\rkill.com
2011-06-16 12:54 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-12 15:19 . 2011-05-25 07:25 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-06-12 15:19 . 2011-05-25 07:25 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-06-12 15:19 . 2011-05-25 07:25 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-06-12 15:19 . 2011-05-25 07:25 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-06-12 15:19 . 2011-05-25 07:25 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-06-12 15:19 . 2011-05-25 07:25 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-06-12 15:19 . 2011-05-25 07:25 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-06-11 17:08 . 2005-05-04 07:20 53248 ------w- c:\windows\system32\wdmioctl.dll
2011-06-11 17:08 . 2001-09-11 13:20 1285632 ------w- c:\windows\system32\SMMedia.dll
2011-06-11 17:08 . 2006-07-10 13:42 49152 ------w- c:\windows\system32\DSndUp.exe
2011-06-11 17:08 . 2002-04-17 13:05 45056 ------w- c:\windows\system32\CleanUp.exe
2011-06-11 17:02 . 2006-08-18 08:30 446464 ----a-w- c:\windows\system32\CapabilityTable.exe
2011-06-11 17:01 . 2006-08-07 16:39 52736 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2011-06-11 17:01 . 2006-08-07 16:37 202240 ----a-w- c:\windows\system32\fdco1.dll
2011-06-11 17:01 . 2011-06-11 17:01 -------- d-----w- c:\windows\NV20203364.TMP
2011-06-11 17:01 . 2006-08-07 16:39 110080 ----a-r- c:\windows\system32\drivers\nvtcp.sys
2011-06-11 17:01 . 2006-08-03 23:48 35840 ----a-w- c:\windows\system32\nvconrm.dll
2011-06-11 17:01 . 2006-08-03 23:48 208896 ----a-w- c:\windows\system32\nvunrm.exe
2011-06-11 17:01 . 2006-08-07 16:39 18944 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2011-06-11 17:01 . 2006-08-07 16:39 1104896 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2011-06-11 17:01 . 2006-08-07 16:38 261120 ----a-r- c:\windows\system32\drivers\nvsnpu.sys
2011-06-11 17:01 . 2006-08-07 16:37 10240 ----a-w- c:\windows\system32\bdco1.dll
2011-06-11 16:54 . 2006-10-25 07:48 12288 ----a-r- c:\windows\system32\drivers\EIO.sys
2011-06-11 16:39 . 2011-06-11 16:39 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-11 16:11 . 2011-06-11 16:11 -------- d-----w- c:\documents and settings\UpdatusUser
2011-06-11 16:10 . 2011-06-12 15:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA
2011-06-11 16:10 . 2011-05-25 07:26 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-06-11 16:10 . 2011-05-25 07:25 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-06-11 16:10 . 2011-05-25 07:25 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-06-11 16:01 . 2011-06-11 16:01 -------- d-----w- c:\program files\A4Tech
2011-06-11 15:56 . 2005-09-21 14:25 12800 ----a-r- c:\windows\system32\drivers\Amusbprt.sys
2011-06-11 15:56 . 2004-08-25 15:09 7424 ----a-w- c:\windows\system32\drivers\Arfumftr.sys
2011-06-11 15:56 . 2005-09-29 08:12 49152 ----a-w- c:\windows\system32\Amhooker.dll
2011-06-11 15:56 . 2005-09-21 14:27 12800 ----a-w- c:\windows\system32\drivers\Amps2prt.sys
2011-06-11 15:56 . 2005-09-21 14:26 6656 ----a-r- c:\windows\system32\drivers\Amfilter.sys
2011-06-06 06:33 . 2011-06-06 06:33 -------- d-----w- c:\program files\Real
2011-06-06 06:33 . 2011-06-06 06:33 -------- d-----w- c:\program files\Common Files\xing shared
2011-06-02 09:44 . 2011-06-06 14:09 -------- d-----w- C:\Mozilla Firefox 4
2011-05-29 07:09 . 2011-05-29 07:09 35296 ----a-w- c:\windows\system32\drivers\Dvd43.sys
2011-05-29 06:28 . 2011-06-18 06:00 -------- d-----w- C:\DriverGenius
2011-05-28 15:04 . 2010-09-30 15:57 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2011-05-28 15:01 . 2011-05-28 15:01 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2011-05-28 14:48 . 2011-05-29 05:40 -------- d-----w- C:\YouTube Converter
2011-05-27 16:32 . 2011-05-27 16:32 10240 ----a-r- c:\documents and settings\Majitel\Data aplikací\Microsoft\Installer\{B94C3B9D-9996-42DC-B58C-A73A91A8FAF8}\IconB94C3B9D.exe
2011-05-27 16:31 . 2011-05-27 16:31 -------- d-----w- C:\InfoMapa 18 HE SPECIAL
2011-05-27 14:58 . 2011-05-27 14:58 -------- d-----w- C:\Virtual
2011-05-27 14:56 . 2011-05-29 07:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\BufferZone
2011-05-27 14:32 . 2011-05-27 14:32 -------- d-----w- c:\documents and settings\Majitel\Data aplikací\Ashampoo
2011-05-27 14:31 . 2011-05-27 14:31 -------- d-----w- c:\documents and settings\Majitel\Local Settings\Data aplikací\ashampoo
2011-05-27 14:31 . 2011-05-27 14:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ashampoo
2011-05-27 14:31 . 2011-05-27 14:31 -------- d-----w- C:\Ashampoo Photo Commander 8
2011-05-27 14:18 . 2011-02-23 14:54 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-05-27 14:18 . 2011-02-23 15:04 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-05-27 14:18 . 2011-05-27 14:18 -------- d-----w- c:\program files\IObit
2011-05-27 14:18 . 2011-05-27 14:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FreeApp
2011-05-27 14:15 . 2011-06-11 10:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2011-05-22 05:33 . 2011-05-30 08:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-21 18:49 . 2011-05-21 18:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\GARMIN
2011-05-21 18:47 . 2011-05-21 18:54 -------- d-----w- C:\Garmin
2011-05-21 17:00 . 2011-05-21 17:00 -------- d-----w- c:\program files\Garmin GPS Plugin
2011-05-21 17:00 . 2011-05-21 17:00 -------- d-----w- c:\program files\Garmin
2011-05-21 06:29 . 2011-05-21 18:49 -------- d-----w- c:\documents and settings\Majitel\Data aplikací\GARMIN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:06 . 2009-04-11 17:50 1390730 ----a-w- c:\windows\system32\AutoPartNt.exe
2011-05-29 07:11 . 2009-07-08 17:01 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2009-07-08 17:01 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-29 06:04 . 2011-02-23 12:30 14886 ----a-w- c:\windows\system32\cleartmp.cmd
2011-05-25 07:25 . 2008-10-27 07:38 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 07:25 . 2008-10-27 07:38 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-02 15:32 . 2008-10-28 11:58 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 07:25 . 2009-07-23 10:16 796672 ----a-w- c:\windows\GPInstall.exe
2011-04-25 16:06 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-18 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FullShot 9.5"="c:\fullshot 9\FULLSHOT.exe" [2011-05-29 3997696]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Fraps"="c:\fraps\FRAPS.EXE" [2008-01-14 3182248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\eset smart security\egui.exe" [2009-05-14 2029640]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-10-05 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes' Anti-Malware"="x:\malwarebytes' anti-malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Majitel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Obsah aplikace OneNote.onetoc2 [2011-3-9 3656]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Orbit.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-05-25 07:26 13895272 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"O&O Defrag Container (Win32)"=c:\o&o defrag pro 10\oodcnt.exe
"Address Book"=c:\program files\Outlook Express\wab.exe /showexisting
"Google Update"="c:\documents and settings\Majitel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
"Titan Backup"="i:\nainst~1\TITANB~1.5\TITANB~1\TITANB~2.EXE" /startup
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"PC Suite Tray"="c:\nokia pc suite 7\Nokia PC Suite 7\PCSuite.exe" -onlytray
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
"AlcoholAutomount"="c:\alcohol 120 black and bloody edit.4\axcmd.exe" /automount
"ICQ"="i:\nainstalovane programy\ICQ7.2\ICQ.exe" silent loginmode=4
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"SlimDrivers"="i:\nainstalovane programy\SLIM DRIVERS 2.0\SlimDrivers.exe" -boot
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SSS2007 HotKeys"="c:\steganos security suite 2007\SteganosHotKeyService.exe"
"SSS2007 File Redirection Starter"="c:\steganos security suite 2007\fredirstarter.exe"
"SSS2007 PasswordManagerFFAutoFill"="c:\steganos security suite 2007\PasswordManagerFFAutoFill.exe"
"PWRISOVM.EXE"=c:\power iso\PowerISO\PWRISOVM.EXE
"OpwareSE2"="c:\scansoft\OmniPageSE2.0\OpwareSE2.exe"
"Adobe Reader Speed Launcher"="c:\adobe reader 9\Reader\Reader_sl.exe"
"AsusStartupHelp"=c:\program files\ASUS\AASP\1.00.14\AsRunHelp.exe
"OSSelectorReinstall"=c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
"TrueImageMonitor.exe"=i:\nainstalovane programy\ACRONIS TRUE IMAGE\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"AcronisTimounterMonitor"=i:\nainstalovane programy\ACRONIS TRUE IMAGE\TimounterMonitor.exe
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe"
"boincmgr"="c:\boinc\bionic\boincmgr.exe" /a /s
"boinctray"="c:\boinc\bionic\boinctray.exe"
"GrooveMonitor"="c:\microsoft office 2007\Office12\GrooveMonitor.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"TkBellExe"="i:\nainstalovane programy\RealPlayer\update\realsched.exe" -osboot
"rfagent"="c:\program files\RFA 8\rfagent32.exe"
"SpyHunter Security Suite"=c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\MICROSOFT OFFICE 2007\\Office12\\OUTLOOK.EXE"=
"c:\\MICROSOFT OFFICE 2007\\Office12\\GROOVE.EXE"=
"c:\\MICROSOFT OFFICE 2007\\Office12\\ONENOTE.EXE"=
"c:\\ORBIT DOWNLOADER\\orbitdm.exe"=
"c:\\ORBIT DOWNLOADER\\orbitnet.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"i:\\NAINSTALOVANE PROGRAMY\\ICQ7.2\\ICQ.exe"=
"i:\\NAINSTALOVANE PROGRAMY\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Activision\\Wolfenstein Lite Server\\Wolf2MPLite.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 hotcore3;Hotcore helper;c:\windows\system32\drivers\hotcore3.sys [15.5.2009 19:30 40496]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 SLEE_15_DRIVER;Steganos Live Encryption Engine 15 [Driver];c:\windows\system32\drivers\sleen15.sys [21.2.2007 13:33 80232]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9.5.2009 20:38 141312]
R2 ekrn;ESET Service;c:\eset smart security\ekrn.exe [14.5.2009 15:47 731840]
R2 MBAMService;MBAMService;x:\malwarebytes' anti-malware\mbamservice.exe [17.6.2011 20:06 366640]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [11.6.2011 18:10 2214504]
R3 Dvd43;Dvd43;c:\windows\system32\drivers\Dvd43.sys [29.5.2011 9:09 35296]
R3 MaplomL;MaplomL;c:\windows\system32\drivers\maploml.sys [27.11.2008 12:00 38848]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8.7.2009 19:01 22712]
S0 ogqtx;ogqtx;c:\windows\system32\drivers\pyanwbj.sys --> c:\windows\system32\drivers\pyanwbj.sys [?]
S3 FileObjInfo;STFileDriver;c:\documents and settings\All Users\Data aplikací\Spyware Terminator\fileobjinfo.sys [9.5.2009 20:38 5632]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8.7.2009 19:01 39984]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 14:00 14336]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WUAUSERV
*Deregistered* - Ndisprot.sys
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-1214440339-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-06-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-1214440339-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
IE: Analyzovat LeechGetem - file://i:\nainstalovane programy\LeechGet 2007\\Parser.html
IE: Download LeechGetem - file://i:\nainstalovane programy\LeechGet 2007\\AddUrl.html
IE: Download s průvodcem LeechGetu - file://i:\nainstalovane programy\LeechGet 2007\\Wizard.html
IE: Send to &Bluetooth Device... - c:\program files\AirLive\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: DhcpNameServer = 81.25.16.250 81.25.28.250
FF - ProfilePath - c:\documents and settings\Majitel\Data aplikací\Mozilla\Firefox\Profiles\o2vo0ivh.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://my.daemon-search.com/|http://cs.start3.mozilla.com/firefox?cl ... s:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-706282573 - c:\documents and settings\Majitel\Local Settings\Data aplikací\mhk.exe
ShellExecuteHooks-{93994DE8-8239-4655-B1D1-5F4E91300429} - (no file)
MSConfigStartUp-nwiz - nwiz.exe
AddRemove-2009 - c:\windows\IsUn0405.exe
AddRemove-IDOS - IDS JMK - c:\windows\IsUn0405.exe
AddRemove-IDOS - Letový řád Galileo - c:\windows\IsUn0405.exe
AddRemove-IDOS - MHD Olomouc - c:\windows\IsUn0405.exe
AddRemove-IDOS - MHD Ostrava - c:\windows\IsUn0405.exe
AddRemove-IDOS - MHD Plzeň - c:\windows\IsUn0405.exe
AddRemove-IDOS - MHD České Budějovice - c:\windows\IsUn0405.exe
AddRemove-IDOS - Pražská integrovaná doprava - c:\windows\IsUn0405.exe
AddRemove-IDOS - ProgramTT - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-18 08:07
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD501LJ rev.CR100-10 -> Harddisk0\DR0 -> \Device\0000009a
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-1214440339-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="CD7288AD6CBCAFC52AF6132A8E5E34DCBF42B9005978CF4184C1565CB6810446FA86DA64AFDA944A0E417365725C0AAAB542728A975306CC721A8A28CEABE7259233DD1AC71BC4644F145A2874DE25A5B09DE387990BA0AEC8E553DCB1693B453D9D41FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933FEBC9E127BECC74CFEBC9E127BECC74CD18DB4229DD50E51CB40E8034333074F6CA32F1632EF40300497FC3CFCA8687372D506290C864A5535D51D4DF2D0321A81F89E80C83EE5A96B0EF28DA5A1AA00A5A21A879EDF5DE4C49D4D68DABA937BA1B8A70936E8591EBEB96D68707B7289C406513BF49CB4DA8C02D951289069DB37444DCCCD144820DF8E2EA37A817E6F4DAB4FF7144CC0044181E9B8E7467416520C5515C73966395795BFC8C3D11208DECF7BA5E65376233EAE65818B257A78A5184A663F28E9E4D0E96995B1DFF51DBF4405DFBA6ACDEE802EFA47EBCA454607057AF4B2810D129C3C3D7D8AF0746A59EDD775BF1B440FAA3C99D3412723367102772A06BA8FA52E500DA77BA0DD21B5C52CE90CC6D9A3812677292B7FE57485D01725819D32789D7FEF6D965E85E5095977F598A1933FEFCD8EFAAB6B611F04497535CEC8BD55A736C15DCDECC3D2A54A760443B1FA6683A99B3329D97149D5D7ED617FADFAFB2AF321BBFB62747486CDA9B44DD31B936F459DEB6D89F17A047A25E28511B9A22A4C71FCDB29F54B462DD5DA5CB7853407BD5D782810452DBEC4FE27B78DCBEED068D94C8D022C4C2844817D79614EABC545615B6B55D0CFD8DE28CED29209FEE706C48996FC01E110067A5813A78ECEC9A278CDAC18FEC7C7828CB0765FCBDFE0F162445F035CE806F8CFDBF83862E7D33032BCC667BD69A8805FD5A489F1984E1426C6B3CD31B03832D5AAE1906BB5CB5C634779A8FC01393B97FBC5FC5F9FE9E24608C3EB710077E2251CE5064EE9B9282844E415344D5C29EC1525F5F8E18EE93D39A4C0948E384B993D0440B2A94CAA5B3A11B85B8119D75F467108AABEBACA4B3B4E04170B93BFD24C9B39C48F540F9DE5687471C41AE4B1E7BE96E30A94B974259DBEF89346A937BC74C3382AC992D53937FDF6B22E04698884DB150D637EFD42534FBC4132876BB6B681BDFAC408ABD6B25CF258C97C4E6A9E67B50292F4748F12EAE999D9E9DD95EE6A11F804548E99EFED6DBA81A87202CA19C11AB20FA5C163168E9B68F43F68104B6D0D6974AC0B69E2755091F9A5F82D29B6F8F64FA63CB42EB7372A648272EE4213157AF37C6EFD3F1D0459F17E2DCE1E173738CE4D9C545F79D18F83DE2DC445C763E27638B6EEDDF7B4D928573098D76ADF71B9B430782C6C452D3453C12F1AD33F6D315C8D63"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2276)
c:\fullshot 9\SHOT8.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\nokia pc suite 7\Nokia PC Suite 7\PhoneBrowser.dll
c:\nokia pc suite 7\Nokia PC Suite 7\NGSCM.DLL
c:\nokia pc suite 7\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\nokia pc suite 7\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
m:\virtual pc 1 w98\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\AirLive\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
i:\nainstalovane programy\CDBurnerXP\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\spyware terminator\sp_rsser.exe
c:\alcohol 120 black and bloody edit.4\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RunDLL32.exe
.
**************************************************************************
.
Celkový čas: 2011-06-18 08:12:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-06-18 06:12
.
Před spuštěním: 9 506 103 296
Po spuštění: 9 937 027 072
.
Current=9 Default=9 Failed=8 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 98307B6843F008C2D9A8F68084B99CA4
VY umite pouzivat ComboFix a lustit jeho logy 
Jelikoz toto je utilita urcena primarne pro radce a ne pro svevolne pouzitit - vizte nebezpeceni nize 
Takze jak to s nim je