Dobrý den, mám v počítači pravděpodobně vir kvadr.gen!a protože se chová úplně stejně jako v tomto topicu dotyčné : http://www.viry.cz/forum/viewtopic.php? ... vadr.gen!a
PC jsem nekolikrat projel MWAVem a Combofixem, a smazal obsah souboru hosts v Windows/drivers/etc/hosts - tam byly presne vypsane blokovane adresy jako zde : http://www.f-secure.com/v-descs/trojan- ... en!a.shtml
Ale teď bych potřeboval vyřešit jak vir z pc úplně odstranit.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Pravděpodobně infekce virem kvadr.gen!a
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pravděpodobně infekce virem kvadr.gen!a
Naposledy upravil(a) ranch24 dne 16 led 2010 15:37, celkem upraveno 1 x.
-
Rudy
- Site Admin
- Příspěvky: 119359
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pravděpodobně infekce virem kvadr.gen!a
Dejte log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=82743 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pravděpodobně infekce virem kvadr.gen!a
Logfile of random's system information tool 1.06 (written by random/random)
Run by Uživatel at 2010-01-16 12:44:01
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 58 GB (35%) free of 167 GB
Total RAM: 2047 MB (78% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:07, on 16.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Uživatel\Plocha\rmclock_230_bin\RMClock.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\RapidBIT\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Uživatel\Plocha\RSIT.exe
C:\Program Files\trend micro\Uživatel.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [RMClock] "C:\Documents and Settings\Uživatel\Plocha\rmclock_230_bin\RMClockLauncher.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Remote Connections Service (FlexService) - BitMicro Software Corporation - C:\Program Files\RapidBIT\cisvc.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 5247 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-07-26 90112]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-06-01 823296]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-06-01 974848]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-19 13762560]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-08-19 86016]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RMClock"=C:\Documents and Settings\Uživatel\Plocha\rmclock_230_bin\RMClockLauncher.exe [2007-08-31 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKHOTKEY]
C:\Program Files\ATK Hotkey\Hcontrol.exe [2007-06-29 225280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2007-08-02 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IFXSPMGT]
C:\WINDOWS\system32\ifxspmgt.exe [2007-02-26 677408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-06-01 974848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-06-01 823296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Documents and Settings\All Users\Data aplikací\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-03-29 222128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-06-20 451872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-08-19 13762560]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2009-08-19 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštìní^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2009-02-23 576000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TOSHIBA Bluetooth Service"=2
"spmgr"=2
"Pml Driver HPZ12"=2
"NBService"=3
"LightScribeService"=2
"CyberLink Media Library Service"=2
"CLSched"=2
"CLCapSvc"=2
"BsHelpCS"=3
"BlueSoleilCS"=2
"ATKGFNEXSrv"=2
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe"="C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\CommViewWiFi\WEPdecoder.exe"="C:\Program Files\CommViewWiFi\WEPdecoder.exe:*:Enabled:WEP key recovery"
"C:\BROOD\StarCraft.exe"="C:\BROOD\StarCraft.exe:*:Enabled:Starcraft"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe"="C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed"
"C:\Documents and Settings\All Users\Data aplikací\csrss.exe"="C:\Documents and Settings\All Users\Data aplikací\csrss.exe:*:Enabled:svchost"
"C:\Documents and Settings\Uživatel\Dokumenty\Need for Speed Underground 2\SPEED2.EXE"="C:\Documents and Settings\Uživatel\Dokumenty\Need for Speed Underground 2\SPEED2.EXE:*:Enabled:SPEED2"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-01-16 12:42:55 ----D---- C:\rsit
2010-01-16 12:42:55 ----D---- C:\Program Files\trend micro
2010-01-16 12:20:38 ----A---- C:\ComboFix.txt
2010-01-16 12:15:57 ----D---- C:\WINDOWS\temp
2010-01-16 12:13:02 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-16 11:42:46 ----AD---- C:\WINDOWS\rundll16.exe
2010-01-16 11:42:46 ----AD---- C:\WINDOWS\logo1_.exe
2010-01-16 00:10:15 ----AD---- C:\WINDOWS\VDLL.DLL
2010-01-16 00:10:15 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-01-16 00:10:15 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-01-16 00:10:15 ----AD---- C:\WINDOWS\logo_1.exe
2010-01-16 00:07:17 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-01-16 00:07:16 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-01-16 00:07:15 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-01-16 00:07:12 ----A---- C:\WINDOWS\system32\T.COM
2010-01-16 00:07:12 ----A---- C:\WINDOWS\R.COM
2010-01-16 00:07:10 ----D---- C:\Program Files\Common Files\MicroWorld
2010-01-16 00:07:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-01-15 23:29:40 ----A---- C:\WINDOWS\MBR.exe
2010-01-15 23:29:39 ----A---- C:\WINDOWS\zip.exe
2010-01-15 23:29:39 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-15 23:29:39 ----A---- C:\WINDOWS\SWSC.exe
2010-01-15 23:29:39 ----A---- C:\WINDOWS\SWREG.exe
2010-01-15 23:29:39 ----A---- C:\WINDOWS\sed.exe
2010-01-15 23:29:39 ----A---- C:\WINDOWS\PEV.exe
2010-01-15 23:29:39 ----A---- C:\WINDOWS\grep.exe
2010-01-15 23:29:34 ----D---- C:\WINDOWS\ERDNT
2010-01-15 23:26:40 ----D---- C:\Qoobox
2010-01-15 23:13:02 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-15 21:57:13 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-01-15 19:30:24 ----AT---- C:\WINDOWS\system32\DRWEBSP.DLL
2010-01-15 19:30:21 ----D---- C:\Program Files\DrWeb
2010-01-15 18:38:59 ----D---- C:\Program Files\My Company Name
2009-12-31 15:35:54 ----A---- C:\WINDOWS\ModemLog_Standardní modem 33 600 bitù za sekundu #2.txt
2009-12-31 15:28:33 ----A---- C:\WINDOWS\system32\BSPRINT.INI
2009-12-31 15:28:02 ----D---- C:\Program Files\IVT Corporation
2009-12-30 18:06:29 ----D---- C:\Program Files\reslists
2009-12-30 18:06:23 ----D---- C:\Program Files\platform
2009-12-30 18:06:23 ----D---- C:\Program Files\gldrv
2009-12-30 18:06:19 ----D---- C:\Program Files\cstrike
2009-12-30 18:06:19 ----D---- C:\Program Files\bin
2009-12-30 18:06:19 ----A---- C:\Program Files\vstdlib_s.dll
2009-12-30 18:06:19 ----A---- C:\Program Files\vstdlib.dll
2009-12-30 18:06:19 ----A---- C:\Program Files\voice_speex.dll
2009-12-30 18:06:19 ----A---- C:\Program Files\voice_miles.dll
2009-12-30 18:06:19 ----A---- C:\Program Files\vgui2.dll
2009-12-30 18:06:19 ----A---- C:\Program Files\vgui.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\unins000.exe
2009-12-30 18:06:18 ----A---- C:\Program Files\tier0_s.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\tier0.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\swds.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\sw.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\steamemu.ini
2009-12-30 18:06:18 ----A---- C:\Program Files\steamclient.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\steam_appid.txt
2009-12-30 18:06:18 ----A---- C:\Program Files\steam_api_c.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\steam_api.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\Steam.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\rev.ini
2009-12-30 18:06:18 ----A---- C:\Program Files\readme.txt
2009-12-30 18:06:18 ----A---- C:\Program Files\proxy.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\Mss32.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\hw.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\HLTV-Readme.txt
2009-12-30 18:06:18 ----A---- C:\Program Files\hltv.exe
2009-12-30 18:06:18 ----A---- C:\Program Files\hlds.exe
2009-12-30 18:06:18 ----A---- C:\Program Files\hl.exe
2009-12-30 18:06:18 ----A---- C:\Program Files\FileSystem_Steam.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\FileSystem_Stdio.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\DemoPlayer.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\dbg.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\Core.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\a3dapi.dll
======List of files/folders modified in the last 1 months======
2010-01-16 12:42:55 ----RD---- C:\Program Files
2010-01-16 12:20:40 ----D---- C:\WINDOWS\system32\drivers
2010-01-16 12:19:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-16 12:17:29 ----D---- C:\WINDOWS
2010-01-16 12:17:29 ----A---- C:\WINDOWS\system.ini
2010-01-16 12:15:48 ----AD---- C:\WINDOWS\system32
2010-01-16 12:15:08 ----D---- C:\WINDOWS\AppPatch
2010-01-16 12:15:04 ----D---- C:\Program Files\Common Files
2010-01-16 12:13:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-16 11:32:09 ----SHD---- C:\System Volume Information
2010-01-16 11:32:09 ----D---- C:\WINDOWS\system32\Restore
2010-01-16 11:19:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-15 23:47:41 ----D---- C:\Program Files\Mozilla Firefox
2010-01-15 23:27:35 ----D---- C:\WINDOWS\security
2010-01-15 22:47:42 ----D---- C:\WINDOWS\Prefetch
2010-01-15 21:54:39 ----D---- C:\WINDOWS\Debug
2010-01-15 21:48:43 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-15 19:30:21 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-15 19:03:44 ----D---- C:\WINDOWS\system32\LogFiles
2010-01-15 18:57:54 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Skype
2010-01-15 18:44:17 ----D---- C:\Program Files\CommViewWiFi
2010-01-15 18:43:52 ----D---- C:\Config.Msi
2010-01-15 18:43:50 ----SHD---- C:\WINDOWS\Installer
2010-01-15 18:42:08 ----A---- C:\WINDOWS\win.ini
2010-01-15 18:41:18 ----D---- C:\Program Files\PowerForPhone
2010-01-15 18:41:05 ----D---- C:\WINDOWS\system32\QuickTime
2010-01-15 18:40:11 ----D---- C:\Program Files\RALINK
2010-01-15 18:39:58 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-15 18:39:57 ----HD---- C:\WINDOWS\inf
2010-01-15 18:38:38 ----D---- C:\Program Files\ASUS
2010-01-15 18:30:16 ----SH---- C:\boot.ini
2010-01-15 18:26:40 ----A---- C:\WINDOWS\system32\bscs.ini
2010-01-15 11:09:32 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\uTorrent
2010-01-15 10:31:42 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\skypePM
2010-01-01 10:18:32 ----A---- C:\WINDOWS\WirelessFTP.INI
2009-12-30 21:10:56 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\U3
2009-12-30 18:22:59 ----D---- C:\Program Files\Valve
2009-12-29 17:28:53 ----RD---- C:\Program Files\Skype
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2005-05-11 32256]
R1 intelppm;Øadiè procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-08-02 39936]
R1 PersonalSecureDrive;PersonalSecureDrive; C:\WINDOWS\System32\drivers\psd.sys [2007-01-24 39080]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-09-08 21393]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys []
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-05-29 12416]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-03-28 140424]
R3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM); C:\WINDOWS\system32\drivers\averhbtv.sys [2007-06-16 304640]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Ovladaè Microsoft UAA pro sbìrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladaè tøídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-24 36608]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-19 4547584]
R3 kbfiltr;Keyboard Filter; C:\WINDOWS\system32\DRIVERS\kbfiltr.sys [2007-01-25 5632]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 mouhid;Ovladaè myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2009-03-04 4202496]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-19 7968448]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2007-08-02 5888]
R3 RTCore32;RTCore32; \??\C:\Documents and Settings\Uživatel\Plocha\rmclock_230_bin\RTCore32.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2007-08-02 67584]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-05-25 1743232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-10-13 198976]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
R3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
R3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
R3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
R3 usbehci;Ovladaè miniportu rozšíøeného radièe hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;Rozboèovaè umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladaè Microsoft univerzálního hostitelského øadièe USB od spoleènosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
S1 kbdhid;Ovladaè klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-08-02 60800]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-12-20 101120]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys []
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys []
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys []
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys []
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\mbr.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NETw4x32;Ovladaè adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-06-21 2208512]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-08-02 61824]
S3 PEEK5;PEEK5 Protocol Driver; \??\C:\DOCUME~1\UIVATE~1\Plocha\AIRCRA~1.3-W\AIRCRA~1.3-W\bin\PEEK5.SYS []
S3 RT73;ASUS USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys []
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2007-01-22 53376]
S3 usbccgp;Obecný nadøazený ovladaè Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2007-08-02 31616]
S3 usbprint;Tøída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladaè skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladaè velkokapacitního pamìového zaøízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;Zobrazovací zaøízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;Dálnopisný kodek svìtového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpùrné prostøedí zprostøedkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2007-08-02 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-06-01 647168]
R2 IFXSpMgtSrv;Security Platform Management Service; C:\WINDOWS\system32\ifxspmgt.exe [2007-02-26 677408]
R2 IFXTCS;Trusted Platform Core Service; C:\WINDOWS\system32\ifxtcs.exe [2007-02-23 849440]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-19 168004]
R2 PersonalSecureDriveService;Personal Secure Drive Service; C:\WINDOWS\system32\IfxPsdSv.exe [2007-02-23 140832]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-06-01 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-06-01 987136]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 FlexService;Remote Connections Service; C:\Program Files\RapidBIT\cisvc.exe [2009-05-17 41984]
S2 nbgjrb;Center Windows; C:\WINDOWS\system32\svchost.exe [2007-08-02 14336]
S2 sqssea;Universal Microsoft; C:\WINDOWS\system32\svchost.exe [2007-08-02 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
S4 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2007-09-14 1155180]
S4 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 57447]
S4 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [2005-05-23 221281]
S4 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [2005-05-23 110687]
S4 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [2005-05-23 61440]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S4 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]
-----------------EOF-----------------
Run by Uživatel at 2010-01-16 12:44:01
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 58 GB (35%) free of 167 GB
Total RAM: 2047 MB (78% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:07, on 16.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Uživatel\Plocha\rmclock_230_bin\RMClock.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\RapidBIT\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Uživatel\Plocha\RSIT.exe
C:\Program Files\trend micro\Uživatel.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [RMClock] "C:\Documents and Settings\Uživatel\Plocha\rmclock_230_bin\RMClockLauncher.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Remote Connections Service (FlexService) - BitMicro Software Corporation - C:\Program Files\RapidBIT\cisvc.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 5247 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-07-26 90112]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-06-01 823296]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-06-01 974848]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-19 13762560]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-08-19 86016]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RMClock"=C:\Documents and Settings\Uživatel\Plocha\rmclock_230_bin\RMClockLauncher.exe [2007-08-31 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKHOTKEY]
C:\Program Files\ATK Hotkey\Hcontrol.exe [2007-06-29 225280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2007-08-02 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IFXSPMGT]
C:\WINDOWS\system32\ifxspmgt.exe [2007-02-26 677408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-06-01 974848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-06-01 823296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Documents and Settings\All Users\Data aplikací\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-03-29 222128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-06-20 451872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-08-19 13762560]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2009-08-19 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštìní^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2009-02-23 576000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TOSHIBA Bluetooth Service"=2
"spmgr"=2
"Pml Driver HPZ12"=2
"NBService"=3
"LightScribeService"=2
"CyberLink Media Library Service"=2
"CLSched"=2
"CLCapSvc"=2
"BsHelpCS"=3
"BlueSoleilCS"=2
"ATKGFNEXSrv"=2
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe"="C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\CommViewWiFi\WEPdecoder.exe"="C:\Program Files\CommViewWiFi\WEPdecoder.exe:*:Enabled:WEP key recovery"
"C:\BROOD\StarCraft.exe"="C:\BROOD\StarCraft.exe:*:Enabled:Starcraft"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe"="C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed"
"C:\Documents and Settings\All Users\Data aplikací\csrss.exe"="C:\Documents and Settings\All Users\Data aplikací\csrss.exe:*:Enabled:svchost"
"C:\Documents and Settings\Uživatel\Dokumenty\Need for Speed Underground 2\SPEED2.EXE"="C:\Documents and Settings\Uživatel\Dokumenty\Need for Speed Underground 2\SPEED2.EXE:*:Enabled:SPEED2"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-01-16 12:42:55 ----D---- C:\rsit
2010-01-16 12:42:55 ----D---- C:\Program Files\trend micro
2010-01-16 12:20:38 ----A---- C:\ComboFix.txt
2010-01-16 12:15:57 ----D---- C:\WINDOWS\temp
2010-01-16 12:13:02 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-16 11:42:46 ----AD---- C:\WINDOWS\rundll16.exe
2010-01-16 11:42:46 ----AD---- C:\WINDOWS\logo1_.exe
2010-01-16 00:10:15 ----AD---- C:\WINDOWS\VDLL.DLL
2010-01-16 00:10:15 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-01-16 00:10:15 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-01-16 00:10:15 ----AD---- C:\WINDOWS\logo_1.exe
2010-01-16 00:07:17 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-01-16 00:07:16 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-01-16 00:07:15 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-01-16 00:07:12 ----A---- C:\WINDOWS\system32\T.COM
2010-01-16 00:07:12 ----A---- C:\WINDOWS\R.COM
2010-01-16 00:07:10 ----D---- C:\Program Files\Common Files\MicroWorld
2010-01-16 00:07:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-01-15 23:29:40 ----A---- C:\WINDOWS\MBR.exe
2010-01-15 23:29:39 ----A---- C:\WINDOWS\zip.exe
2010-01-15 23:29:39 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-15 23:29:39 ----A---- C:\WINDOWS\SWSC.exe
2010-01-15 23:29:39 ----A---- C:\WINDOWS\SWREG.exe
2010-01-15 23:29:39 ----A---- C:\WINDOWS\sed.exe
2010-01-15 23:29:39 ----A---- C:\WINDOWS\PEV.exe
2010-01-15 23:29:39 ----A---- C:\WINDOWS\grep.exe
2010-01-15 23:29:34 ----D---- C:\WINDOWS\ERDNT
2010-01-15 23:26:40 ----D---- C:\Qoobox
2010-01-15 23:13:02 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-15 21:57:13 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-01-15 19:30:24 ----AT---- C:\WINDOWS\system32\DRWEBSP.DLL
2010-01-15 19:30:21 ----D---- C:\Program Files\DrWeb
2010-01-15 18:38:59 ----D---- C:\Program Files\My Company Name
2009-12-31 15:35:54 ----A---- C:\WINDOWS\ModemLog_Standardní modem 33 600 bitù za sekundu #2.txt
2009-12-31 15:28:33 ----A---- C:\WINDOWS\system32\BSPRINT.INI
2009-12-31 15:28:02 ----D---- C:\Program Files\IVT Corporation
2009-12-30 18:06:29 ----D---- C:\Program Files\reslists
2009-12-30 18:06:23 ----D---- C:\Program Files\platform
2009-12-30 18:06:23 ----D---- C:\Program Files\gldrv
2009-12-30 18:06:19 ----D---- C:\Program Files\cstrike
2009-12-30 18:06:19 ----D---- C:\Program Files\bin
2009-12-30 18:06:19 ----A---- C:\Program Files\vstdlib_s.dll
2009-12-30 18:06:19 ----A---- C:\Program Files\vstdlib.dll
2009-12-30 18:06:19 ----A---- C:\Program Files\voice_speex.dll
2009-12-30 18:06:19 ----A---- C:\Program Files\voice_miles.dll
2009-12-30 18:06:19 ----A---- C:\Program Files\vgui2.dll
2009-12-30 18:06:19 ----A---- C:\Program Files\vgui.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\unins000.exe
2009-12-30 18:06:18 ----A---- C:\Program Files\tier0_s.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\tier0.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\swds.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\sw.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\steamemu.ini
2009-12-30 18:06:18 ----A---- C:\Program Files\steamclient.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\steam_appid.txt
2009-12-30 18:06:18 ----A---- C:\Program Files\steam_api_c.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\steam_api.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\Steam.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\rev.ini
2009-12-30 18:06:18 ----A---- C:\Program Files\readme.txt
2009-12-30 18:06:18 ----A---- C:\Program Files\proxy.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\Mss32.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\hw.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\HLTV-Readme.txt
2009-12-30 18:06:18 ----A---- C:\Program Files\hltv.exe
2009-12-30 18:06:18 ----A---- C:\Program Files\hlds.exe
2009-12-30 18:06:18 ----A---- C:\Program Files\hl.exe
2009-12-30 18:06:18 ----A---- C:\Program Files\FileSystem_Steam.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\FileSystem_Stdio.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\DemoPlayer.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\dbg.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\Core.dll
2009-12-30 18:06:18 ----A---- C:\Program Files\a3dapi.dll
======List of files/folders modified in the last 1 months======
2010-01-16 12:42:55 ----RD---- C:\Program Files
2010-01-16 12:20:40 ----D---- C:\WINDOWS\system32\drivers
2010-01-16 12:19:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-16 12:17:29 ----D---- C:\WINDOWS
2010-01-16 12:17:29 ----A---- C:\WINDOWS\system.ini
2010-01-16 12:15:48 ----AD---- C:\WINDOWS\system32
2010-01-16 12:15:08 ----D---- C:\WINDOWS\AppPatch
2010-01-16 12:15:04 ----D---- C:\Program Files\Common Files
2010-01-16 12:13:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-16 11:32:09 ----SHD---- C:\System Volume Information
2010-01-16 11:32:09 ----D---- C:\WINDOWS\system32\Restore
2010-01-16 11:19:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-15 23:47:41 ----D---- C:\Program Files\Mozilla Firefox
2010-01-15 23:27:35 ----D---- C:\WINDOWS\security
2010-01-15 22:47:42 ----D---- C:\WINDOWS\Prefetch
2010-01-15 21:54:39 ----D---- C:\WINDOWS\Debug
2010-01-15 21:48:43 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-15 19:30:21 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-15 19:03:44 ----D---- C:\WINDOWS\system32\LogFiles
2010-01-15 18:57:54 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Skype
2010-01-15 18:44:17 ----D---- C:\Program Files\CommViewWiFi
2010-01-15 18:43:52 ----D---- C:\Config.Msi
2010-01-15 18:43:50 ----SHD---- C:\WINDOWS\Installer
2010-01-15 18:42:08 ----A---- C:\WINDOWS\win.ini
2010-01-15 18:41:18 ----D---- C:\Program Files\PowerForPhone
2010-01-15 18:41:05 ----D---- C:\WINDOWS\system32\QuickTime
2010-01-15 18:40:11 ----D---- C:\Program Files\RALINK
2010-01-15 18:39:58 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-15 18:39:57 ----HD---- C:\WINDOWS\inf
2010-01-15 18:38:38 ----D---- C:\Program Files\ASUS
2010-01-15 18:30:16 ----SH---- C:\boot.ini
2010-01-15 18:26:40 ----A---- C:\WINDOWS\system32\bscs.ini
2010-01-15 11:09:32 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\uTorrent
2010-01-15 10:31:42 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\skypePM
2010-01-01 10:18:32 ----A---- C:\WINDOWS\WirelessFTP.INI
2009-12-30 21:10:56 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\U3
2009-12-30 18:22:59 ----D---- C:\Program Files\Valve
2009-12-29 17:28:53 ----RD---- C:\Program Files\Skype
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2005-05-11 32256]
R1 intelppm;Øadiè procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-08-02 39936]
R1 PersonalSecureDrive;PersonalSecureDrive; C:\WINDOWS\System32\drivers\psd.sys [2007-01-24 39080]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-09-08 21393]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys []
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-05-29 12416]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-03-28 140424]
R3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM); C:\WINDOWS\system32\drivers\averhbtv.sys [2007-06-16 304640]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Ovladaè Microsoft UAA pro sbìrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladaè tøídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-24 36608]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-19 4547584]
R3 kbfiltr;Keyboard Filter; C:\WINDOWS\system32\DRIVERS\kbfiltr.sys [2007-01-25 5632]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 mouhid;Ovladaè myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2009-03-04 4202496]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-19 7968448]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2007-08-02 5888]
R3 RTCore32;RTCore32; \??\C:\Documents and Settings\Uživatel\Plocha\rmclock_230_bin\RTCore32.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2007-08-02 67584]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-05-25 1743232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-10-13 198976]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
R3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
R3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
R3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
R3 usbehci;Ovladaè miniportu rozšíøeného radièe hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;Rozboèovaè umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladaè Microsoft univerzálního hostitelského øadièe USB od spoleènosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
S1 kbdhid;Ovladaè klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-08-02 60800]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-12-20 101120]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys []
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys []
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys []
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys []
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\mbr.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NETw4x32;Ovladaè adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-06-21 2208512]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-08-02 61824]
S3 PEEK5;PEEK5 Protocol Driver; \??\C:\DOCUME~1\UIVATE~1\Plocha\AIRCRA~1.3-W\AIRCRA~1.3-W\bin\PEEK5.SYS []
S3 RT73;ASUS USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys []
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2007-01-22 53376]
S3 usbccgp;Obecný nadøazený ovladaè Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2007-08-02 31616]
S3 usbprint;Tøída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladaè skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladaè velkokapacitního pamìového zaøízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;Zobrazovací zaøízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;Dálnopisný kodek svìtového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpùrné prostøedí zprostøedkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2007-08-02 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-06-01 647168]
R2 IFXSpMgtSrv;Security Platform Management Service; C:\WINDOWS\system32\ifxspmgt.exe [2007-02-26 677408]
R2 IFXTCS;Trusted Platform Core Service; C:\WINDOWS\system32\ifxtcs.exe [2007-02-23 849440]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-19 168004]
R2 PersonalSecureDriveService;Personal Secure Drive Service; C:\WINDOWS\system32\IfxPsdSv.exe [2007-02-23 140832]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-06-01 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-06-01 987136]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 FlexService;Remote Connections Service; C:\Program Files\RapidBIT\cisvc.exe [2009-05-17 41984]
S2 nbgjrb;Center Windows; C:\WINDOWS\system32\svchost.exe [2007-08-02 14336]
S2 sqssea;Universal Microsoft; C:\WINDOWS\system32\svchost.exe [2007-08-02 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
S4 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2007-09-14 1155180]
S4 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 57447]
S4 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [2005-05-23 221281]
S4 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [2005-05-23 110687]
S4 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [2005-05-23 61440]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S4 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119359
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pravděpodobně infekce virem kvadr.gen!a
Pokud jste dělal sken ComboFix (15.1.), je logické, že zde nic nenajdu. Dejte z něj log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pravděpodobně infekce virem kvadr.gen!a
ComboFix 10-01-15.01 - Uživatel 16.01.2010 11:32:59.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1602 [GMT 1:00]
Spuštìný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
VAROVÁNÍ - NA TOMTO POÈÍTAÈI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\U§ivatel\Dokumenty\cc_20091206_135734.reg
c:\documents and settings\U§ivatel\Dokumenty\zalohregistr….reg
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((( Soubory vytvoøené od 2009-12-16 do 2010-01-16 )))))))))))))))))))))))))))))))
.
2010-01-15 23:10 . 2010-01-15 23:10 -------- d---a-w- c:\windows\VDLL.DLL
2010-01-15 23:10 . 2010-01-15 23:10 -------- d---a-w- c:\windows\system32\runouce.exe
2010-01-15 23:10 . 2010-01-15 23:10 -------- d---a-w- c:\windows\rundll16.exe
2010-01-15 23:10 . 2010-01-15 23:10 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-01-15 23:10 . 2010-01-15 23:10 -------- d---a-w- c:\windows\logo1_.exe
2010-01-15 23:10 . 2010-01-15 23:10 -------- d---a-w- c:\windows\logo_1.exe
2010-01-15 23:07 . 2010-01-15 23:07 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-01-15 23:07 . 2010-01-15 23:07 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-01-15 23:07 . 2010-01-15 23:07 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-01-15 23:07 . 2007-08-02 12:00 147968 ----a-w- c:\windows\R.COM
2010-01-15 23:07 . 2007-08-02 12:00 137216 ----a-w- c:\windows\system32\T.COM
2010-01-15 23:07 . 2010-01-15 23:07 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-01-15 22:47 . 2010-01-15 23:32 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-15 20:57 . 2010-01-15 20:59 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-01-15 18:30 . 2010-01-15 18:30 77824 ----atw- c:\windows\system32\DRWEBSP.DLL
2010-01-15 18:30 . 2010-01-15 18:58 -------- d-----w- c:\program files\DrWeb
2010-01-15 17:38 . 2010-01-15 17:38 -------- d-----w- c:\program files\My Company Name
2009-12-31 14:28 . 2009-12-31 14:28 -------- d-----w- c:\program files\IVT Corporation
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 10:19 . 2007-08-02 12:00 76154 ----a-w- c:\windows\system32\perfc005.dat
2010-01-16 10:19 . 2007-08-02 12:00 405244 ----a-w- c:\windows\system32\perfh005.dat
2010-01-15 18:30 . 2008-02-21 13:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-15 17:44 . 2008-11-04 14:38 -------- d-----w- c:\program files\CommViewWiFi
2010-01-15 17:41 . 2008-02-21 14:04 -------- d-----w- c:\program files\PowerForPhone
2010-01-15 17:40 . 2009-07-04 19:13 -------- d-----w- c:\program files\RALINK
2010-01-15 17:38 . 2008-02-21 13:58 -------- d-----w- c:\program files\ASUS
2009-12-30 17:22 . 2009-01-30 18:13 -------- d-----w- c:\program files\Valve
2009-12-30 17:06 . 2009-12-30 17:06 94243 ----a-w- c:\program files\unins000.dat
2009-12-30 17:06 . 2009-12-30 17:06 -------- d-----w- c:\program files\reslists
2009-12-30 17:06 . 2009-12-30 17:06 -------- d-----w- c:\program files\platform
2009-12-30 17:06 . 2009-12-30 17:06 -------- d-----w- c:\program files\gldrv
.
------- Sigcheck -------
[-] 2009-09-16 . 3C966F647BAB332093CB0F92692B5CB8 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\50ce127b6bb5262be7f814de23be86b4\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-01-15_22.35.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-16 10:34 . 2010-01-16 10:34 16384 c:\windows\temp\Perflib_Perfdata_614.dat
+ 2010-01-16 10:31 . 2010-01-16 10:31 16384 c:\windows\temp\Perflib_Perfdata_2cc.dat
+ 2007-08-02 12:00 . 2010-01-16 10:19 65096 c:\windows\system32\perfc009.dat
+ 2007-08-02 12:00 . 2010-01-16 10:19 406260 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštìcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RMClock"="c:\documents and settings\Uživatel\Plocha\rmclock_230_bin\RMClockLauncher.exe" [2007-08-31 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13762560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-19 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-08-02 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštìní^MagicDisc.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštìní\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKHOTKEY]
2007-06-29 14:44 225280 ----a-w- c:\program files\ATK Hotkey\HControl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2006-11-02 07:27 61440 ----a-w- c:\program files\ASUS\ATK Media\DMedia.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2007-08-02 12:00 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IFXSPMGT]
2007-02-26 18:29 677408 ----a-w- c:\windows\system32\IFXSPMGT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-06-01 09:49 974848 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-06-01 09:51 823296 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 13:41 222128 ----a-w- c:\documents and settings\All Users\Data aplikací\Macrovision\FLEXnet Connect\6\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 11:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-08-19 13:40 13762560 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-08-19 13:40 86016 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-08-19 13:41 1657376 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TOSHIBA Bluetooth Service"=2 (0x2)
"spmgr"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"NBService"=3 (0x3)
"LightScribeService"=2 (0x2)
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"BsHelpCS"=3 (0x3)
"BlueSoleilCS"=2 (0x2)
"ATKGFNEXSrv"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\CommViewWiFi\\WEPdecoder.exe"=
"c:\\BROOD\\StarCraft.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\csrss.exe"=
"c:\\Documents and Settings\\Uživatel\\Dokumenty\\Need for Speed Underground 2\\SPEED2.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"110:TCP"= 110:TCP:svchost
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [24.1.2007 4:07 39080]
R3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [21.2.2008 15:15 304640]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21.2.2008 14:57 36608]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 FlexService;Remote Connections Service;c:\program files\RapidBIT\cisvc.exe [17.5.2009 4:16 41984]
S2 nbgjrb;Center Windows;c:\windows\system32\svchost.exe -k netsvcs [2.8.2007 13:00 14336]
S2 sqssea;Universal Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2.8.2007 13:00 14336]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [21.2.2008 14:52 38656]
S3 PEEK5;PEEK5 Protocol Driver;\??\c:\docume~1\UIVATE~1\Plocha\AIRCRA~1.3-W\AIRCRA~1.3-W\bin\PEEK5.SYS --> c:\docume~1\UIVATE~1\Plocha\AIRCRA~1.3-W\AIRCRA~1.3-W\bin\PEEK5.SYS [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sqssea
nbgjrb
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáøe 'Naplánované úlohy'
2010-01-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 13:17]
.
.
------- Doplòkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\cka1dbtw.default\
FF - prefs.js: browser.startup.homepage - hxxp://cs.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:cs:official
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-16 11:36
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesù ...
skenování skrytých položek 'Po spuštìní' ...
skenování skrytých souborù ...
sken byl úspešnì dokonèen
skryté soubory: 0
**************************************************************************
.
Celkový èas: 2010-01-16 11:37:10
ComboFix-quarantined-files.txt 2010-01-16 10:37
ComboFix2.txt 2010-01-15 22:37
Pøed spuštìním: Volných bajtù: 59 295 510 528
Po spuštìní: Volných bajtù: 60 516 454 400
- - End Of File - - FB0B537813B32FB936B114C989C4C76E
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1602 [GMT 1:00]
Spuštìný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
VAROVÁNÍ - NA TOMTO POÈÍTAÈI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\U§ivatel\Dokumenty\cc_20091206_135734.reg
c:\documents and settings\U§ivatel\Dokumenty\zalohregistr….reg
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((( Soubory vytvoøené od 2009-12-16 do 2010-01-16 )))))))))))))))))))))))))))))))
.
2010-01-15 23:10 . 2010-01-15 23:10 -------- d---a-w- c:\windows\VDLL.DLL
2010-01-15 23:10 . 2010-01-15 23:10 -------- d---a-w- c:\windows\system32\runouce.exe
2010-01-15 23:10 . 2010-01-15 23:10 -------- d---a-w- c:\windows\rundll16.exe
2010-01-15 23:10 . 2010-01-15 23:10 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-01-15 23:10 . 2010-01-15 23:10 -------- d---a-w- c:\windows\logo1_.exe
2010-01-15 23:10 . 2010-01-15 23:10 -------- d---a-w- c:\windows\logo_1.exe
2010-01-15 23:07 . 2010-01-15 23:07 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-01-15 23:07 . 2010-01-15 23:07 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-01-15 23:07 . 2010-01-15 23:07 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-01-15 23:07 . 2007-08-02 12:00 147968 ----a-w- c:\windows\R.COM
2010-01-15 23:07 . 2007-08-02 12:00 137216 ----a-w- c:\windows\system32\T.COM
2010-01-15 23:07 . 2010-01-15 23:07 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-01-15 22:47 . 2010-01-15 23:32 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-15 20:57 . 2010-01-15 20:59 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-01-15 18:30 . 2010-01-15 18:30 77824 ----atw- c:\windows\system32\DRWEBSP.DLL
2010-01-15 18:30 . 2010-01-15 18:58 -------- d-----w- c:\program files\DrWeb
2010-01-15 17:38 . 2010-01-15 17:38 -------- d-----w- c:\program files\My Company Name
2009-12-31 14:28 . 2009-12-31 14:28 -------- d-----w- c:\program files\IVT Corporation
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 10:19 . 2007-08-02 12:00 76154 ----a-w- c:\windows\system32\perfc005.dat
2010-01-16 10:19 . 2007-08-02 12:00 405244 ----a-w- c:\windows\system32\perfh005.dat
2010-01-15 18:30 . 2008-02-21 13:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-15 17:44 . 2008-11-04 14:38 -------- d-----w- c:\program files\CommViewWiFi
2010-01-15 17:41 . 2008-02-21 14:04 -------- d-----w- c:\program files\PowerForPhone
2010-01-15 17:40 . 2009-07-04 19:13 -------- d-----w- c:\program files\RALINK
2010-01-15 17:38 . 2008-02-21 13:58 -------- d-----w- c:\program files\ASUS
2009-12-30 17:22 . 2009-01-30 18:13 -------- d-----w- c:\program files\Valve
2009-12-30 17:06 . 2009-12-30 17:06 94243 ----a-w- c:\program files\unins000.dat
2009-12-30 17:06 . 2009-12-30 17:06 -------- d-----w- c:\program files\reslists
2009-12-30 17:06 . 2009-12-30 17:06 -------- d-----w- c:\program files\platform
2009-12-30 17:06 . 2009-12-30 17:06 -------- d-----w- c:\program files\gldrv
.
------- Sigcheck -------
[-] 2009-09-16 . 3C966F647BAB332093CB0F92692B5CB8 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\50ce127b6bb5262be7f814de23be86b4\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-01-15_22.35.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-16 10:34 . 2010-01-16 10:34 16384 c:\windows\temp\Perflib_Perfdata_614.dat
+ 2010-01-16 10:31 . 2010-01-16 10:31 16384 c:\windows\temp\Perflib_Perfdata_2cc.dat
+ 2007-08-02 12:00 . 2010-01-16 10:19 65096 c:\windows\system32\perfc009.dat
+ 2007-08-02 12:00 . 2010-01-16 10:19 406260 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštìcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RMClock"="c:\documents and settings\Uživatel\Plocha\rmclock_230_bin\RMClockLauncher.exe" [2007-08-31 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13762560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-19 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-08-02 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštìní^MagicDisc.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštìní\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKHOTKEY]
2007-06-29 14:44 225280 ----a-w- c:\program files\ATK Hotkey\HControl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2006-11-02 07:27 61440 ----a-w- c:\program files\ASUS\ATK Media\DMedia.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2007-08-02 12:00 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IFXSPMGT]
2007-02-26 18:29 677408 ----a-w- c:\windows\system32\IFXSPMGT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-06-01 09:49 974848 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-06-01 09:51 823296 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 13:41 222128 ----a-w- c:\documents and settings\All Users\Data aplikací\Macrovision\FLEXnet Connect\6\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 11:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-08-19 13:40 13762560 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-08-19 13:40 86016 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-08-19 13:41 1657376 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TOSHIBA Bluetooth Service"=2 (0x2)
"spmgr"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"NBService"=3 (0x3)
"LightScribeService"=2 (0x2)
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"BsHelpCS"=3 (0x3)
"BlueSoleilCS"=2 (0x2)
"ATKGFNEXSrv"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\CommViewWiFi\\WEPdecoder.exe"=
"c:\\BROOD\\StarCraft.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\csrss.exe"=
"c:\\Documents and Settings\\Uživatel\\Dokumenty\\Need for Speed Underground 2\\SPEED2.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"110:TCP"= 110:TCP:svchost
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [24.1.2007 4:07 39080]
R3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [21.2.2008 15:15 304640]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21.2.2008 14:57 36608]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 FlexService;Remote Connections Service;c:\program files\RapidBIT\cisvc.exe [17.5.2009 4:16 41984]
S2 nbgjrb;Center Windows;c:\windows\system32\svchost.exe -k netsvcs [2.8.2007 13:00 14336]
S2 sqssea;Universal Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2.8.2007 13:00 14336]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [21.2.2008 14:52 38656]
S3 PEEK5;PEEK5 Protocol Driver;\??\c:\docume~1\UIVATE~1\Plocha\AIRCRA~1.3-W\AIRCRA~1.3-W\bin\PEEK5.SYS --> c:\docume~1\UIVATE~1\Plocha\AIRCRA~1.3-W\AIRCRA~1.3-W\bin\PEEK5.SYS [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sqssea
nbgjrb
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáøe 'Naplánované úlohy'
2010-01-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 13:17]
.
.
------- Doplòkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\cka1dbtw.default\
FF - prefs.js: browser.startup.homepage - hxxp://cs.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:cs:official
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-16 11:36
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesù ...
skenování skrytých položek 'Po spuštìní' ...
skenování skrytých souborù ...
sken byl úspešnì dokonèen
skryté soubory: 0
**************************************************************************
.
Celkový èas: 2010-01-16 11:37:10
ComboFix-quarantined-files.txt 2010-01-16 10:37
ComboFix2.txt 2010-01-15 22:37
Pøed spuštìním: Volných bajtù: 59 295 510 528
Po spuštìní: Volných bajtù: 60 516 454 400
- - End Of File - - FB0B537813B32FB936B114C989C4C76E
-
Rudy
- Site Admin
- Příspěvky: 119359
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pravděpodobně infekce virem kvadr.gen!a
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Driver::
nbgjrb
sqssea
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pravděpodobně infekce virem kvadr.gen!a
ComboFix 10-01-15.01 - Uživatel 17.01.2010 0:47.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1497 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFScript.txt
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\U§ivatel\Dokumenty\cc_20091206_135734.reg
c:\documents and settings\U§ivatel\Dokumenty\zalohregistr….reg
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NBGJRB
-------\Legacy_SQSSEA
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-16 do 2010-01-16 )))))))))))))))))))))))))))))))
.
2010-01-16 15:43 . 2010-01-16 15:43 5987789 ----a-w- c:\windows\REGBK00.ZIP
2010-01-16 11:42 . 2010-01-16 11:44 -------- d-----w- c:\program files\trend micro
2010-01-16 11:42 . 2010-01-16 11:42 -------- d-----w- C:\rsit
2010-01-15 23:10 . 2010-01-15 23:10 -------- d---a-w- c:\windows\VDLL.DLL
2010-01-15 23:10 . 2010-01-15 23:10 -------- d---a-w- c:\windows\system32\runouce.exe
2010-01-15 23:10 . 2010-01-15 23:10 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-01-15 23:10 . 2010-01-15 23:10 -------- d---a-w- c:\windows\logo_1.exe
2010-01-15 23:07 . 2010-01-15 23:07 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-01-15 23:07 . 2010-01-15 23:07 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-01-15 23:07 . 2010-01-15 23:07 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-01-15 23:07 . 2007-08-02 12:00 147968 ----a-w- c:\windows\R.COM
2010-01-15 23:07 . 2007-08-02 12:00 137216 ----a-w- c:\windows\system32\T.COM
2010-01-15 23:07 . 2010-01-15 23:07 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-01-15 22:47 . 2010-01-15 23:32 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-15 20:57 . 2010-01-15 20:59 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-01-15 18:30 . 2010-01-15 18:30 77824 ----atw- c:\windows\system32\DRWEBSP.DLL
2010-01-15 18:30 . 2010-01-15 18:58 -------- d-----w- c:\program files\DrWeb
2010-01-15 17:38 . 2010-01-15 17:38 -------- d-----w- c:\program files\My Company Name
2009-12-31 14:28 . 2009-12-31 14:28 -------- d-----w- c:\program files\IVT Corporation
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 18:09 . 2009-09-16 16:35 -------- d-----w- c:\program files\Electronic Arts
2010-01-16 18:01 . 2009-07-04 19:45 -------- d-----w- c:\program files\EA GAMES
2010-01-16 17:42 . 2009-12-08 16:45 -------- d-----w- c:\program files\BFG
2010-01-16 10:19 . 2007-08-02 12:00 76154 ----a-w- c:\windows\system32\perfc005.dat
2010-01-16 10:19 . 2007-08-02 12:00 405244 ----a-w- c:\windows\system32\perfh005.dat
2010-01-15 18:30 . 2008-02-21 13:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-15 17:44 . 2008-11-04 14:38 -------- d-----w- c:\program files\CommViewWiFi
2010-01-15 17:41 . 2008-02-21 14:04 -------- d-----w- c:\program files\PowerForPhone
2010-01-15 17:40 . 2009-07-04 19:13 -------- d-----w- c:\program files\RALINK
2010-01-15 17:38 . 2008-02-21 13:58 -------- d-----w- c:\program files\ASUS
2009-12-30 17:22 . 2009-01-30 18:13 -------- d-----w- c:\program files\Valve
2009-12-30 17:06 . 2009-12-30 17:06 94243 ----a-w- c:\program files\unins000.dat
2009-12-30 17:06 . 2009-12-30 17:06 -------- d-----w- c:\program files\reslists
2009-12-30 17:06 . 2009-12-30 17:06 -------- d-----w- c:\program files\platform
.
------- Sigcheck -------
[-] 2009-09-16 . 3C966F647BAB332093CB0F92692B5CB8 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\50ce127b6bb5262be7f814de23be86b4\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-01-15_22.35.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-16 23:51 . 2010-01-16 23:51 16384 c:\windows\temp\Perflib_Perfdata_7d8.dat
+ 2010-01-16 11:17 . 2010-01-16 11:17 16384 c:\windows\temp\Perflib_Perfdata_2f0.dat
+ 2007-08-02 12:00 . 2010-01-16 10:19 65096 c:\windows\system32\perfc009.dat
+ 2007-08-02 12:00 . 2010-01-16 10:19 406260 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RMClock"="c:\documents and settings\Uživatel\Plocha\rmclock_230_bin\RMClockLauncher.exe" [2007-08-31 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13762560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-19 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-08-02 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TOSHIBA Bluetooth Service"=2 (0x2)
"spmgr"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"NBService"=3 (0x3)
"LightScribeService"=2 (0x2)
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"BsHelpCS"=3 (0x3)
"BlueSoleilCS"=2 (0x2)
"ATKGFNEXSrv"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\CommViewWiFi\\WEPdecoder.exe"=
"c:\\BROOD\\StarCraft.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"c:\\Documents and Settings\\Uživatel\\Dokumenty\\Need for Speed Underground 2\\SPEED2.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"110:TCP"= 110:TCP:svchost
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [24.1.2007 4:07 39080]
R3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [21.2.2008 15:15 304640]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21.2.2008 14:57 36608]
R3 RTCore32;RTCore32;c:\documents and settings\Uživatel\Plocha\rmclock_230_bin\RTCore32.sys [7.9.2009 20:56 4608]
S2 FlexService;Remote Connections Service;"c:\program files\RapidBIT\cisvc.exe" --> c:\program files\RapidBIT\cisvc.exe [?]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [21.2.2008 14:52 38656]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-01-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 13:17]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\cka1dbtw.default\
FF - prefs.js: browser.startup.homepage - google.cz|sps-sou.cz
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 00:52
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\ifxspmgt.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\IfxPsdSv.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\documents and settings\Uživatel\Plocha\rmclock_230_bin\RMClock.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-01-17 00:55:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-16 23:55
ComboFix2.txt 2010-01-16 11:20
ComboFix3.txt 2010-01-16 10:37
ComboFix4.txt 2010-01-15 22:37
Před spuštěním: Volných bajtů: 64 605 995 008
Po spuštění: Volných bajtů: 64 705 851 392
- - End Of File - - B764A6B74168036C36BB80007F23960F
-------------------------------------------------
Jinak jsem předtím projel kompletně PC aktualizovanym a aktivovanym MWAVem takze to neco mazalo..
log z MWAV http://www.edisk.cz/stahni/89790/log.txt_7.05MB.html
-------------------------------------------------
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1497 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFScript.txt
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\U§ivatel\Dokumenty\cc_20091206_135734.reg
c:\documents and settings\U§ivatel\Dokumenty\zalohregistr….reg
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NBGJRB
-------\Legacy_SQSSEA
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-16 do 2010-01-16 )))))))))))))))))))))))))))))))
.
2010-01-16 15:43 . 2010-01-16 15:43 5987789 ----a-w- c:\windows\REGBK00.ZIP
2010-01-16 11:42 . 2010-01-16 11:44 -------- d-----w- c:\program files\trend micro
2010-01-16 11:42 . 2010-01-16 11:42 -------- d-----w- C:\rsit
2010-01-15 23:10 . 2010-01-15 23:10 -------- d---a-w- c:\windows\VDLL.DLL
2010-01-15 23:10 . 2010-01-15 23:10 -------- d---a-w- c:\windows\system32\runouce.exe
2010-01-15 23:10 . 2010-01-15 23:10 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-01-15 23:10 . 2010-01-15 23:10 -------- d---a-w- c:\windows\logo_1.exe
2010-01-15 23:07 . 2010-01-15 23:07 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-01-15 23:07 . 2010-01-15 23:07 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-01-15 23:07 . 2010-01-15 23:07 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-01-15 23:07 . 2007-08-02 12:00 147968 ----a-w- c:\windows\R.COM
2010-01-15 23:07 . 2007-08-02 12:00 137216 ----a-w- c:\windows\system32\T.COM
2010-01-15 23:07 . 2010-01-15 23:07 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-01-15 22:47 . 2010-01-15 23:32 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-15 20:57 . 2010-01-15 20:59 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-01-15 18:30 . 2010-01-15 18:30 77824 ----atw- c:\windows\system32\DRWEBSP.DLL
2010-01-15 18:30 . 2010-01-15 18:58 -------- d-----w- c:\program files\DrWeb
2010-01-15 17:38 . 2010-01-15 17:38 -------- d-----w- c:\program files\My Company Name
2009-12-31 14:28 . 2009-12-31 14:28 -------- d-----w- c:\program files\IVT Corporation
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 18:09 . 2009-09-16 16:35 -------- d-----w- c:\program files\Electronic Arts
2010-01-16 18:01 . 2009-07-04 19:45 -------- d-----w- c:\program files\EA GAMES
2010-01-16 17:42 . 2009-12-08 16:45 -------- d-----w- c:\program files\BFG
2010-01-16 10:19 . 2007-08-02 12:00 76154 ----a-w- c:\windows\system32\perfc005.dat
2010-01-16 10:19 . 2007-08-02 12:00 405244 ----a-w- c:\windows\system32\perfh005.dat
2010-01-15 18:30 . 2008-02-21 13:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-15 17:44 . 2008-11-04 14:38 -------- d-----w- c:\program files\CommViewWiFi
2010-01-15 17:41 . 2008-02-21 14:04 -------- d-----w- c:\program files\PowerForPhone
2010-01-15 17:40 . 2009-07-04 19:13 -------- d-----w- c:\program files\RALINK
2010-01-15 17:38 . 2008-02-21 13:58 -------- d-----w- c:\program files\ASUS
2009-12-30 17:22 . 2009-01-30 18:13 -------- d-----w- c:\program files\Valve
2009-12-30 17:06 . 2009-12-30 17:06 94243 ----a-w- c:\program files\unins000.dat
2009-12-30 17:06 . 2009-12-30 17:06 -------- d-----w- c:\program files\reslists
2009-12-30 17:06 . 2009-12-30 17:06 -------- d-----w- c:\program files\platform
.
------- Sigcheck -------
[-] 2009-09-16 . 3C966F647BAB332093CB0F92692B5CB8 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\50ce127b6bb5262be7f814de23be86b4\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-01-15_22.35.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-16 23:51 . 2010-01-16 23:51 16384 c:\windows\temp\Perflib_Perfdata_7d8.dat
+ 2010-01-16 11:17 . 2010-01-16 11:17 16384 c:\windows\temp\Perflib_Perfdata_2f0.dat
+ 2007-08-02 12:00 . 2010-01-16 10:19 65096 c:\windows\system32\perfc009.dat
+ 2007-08-02 12:00 . 2010-01-16 10:19 406260 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RMClock"="c:\documents and settings\Uživatel\Plocha\rmclock_230_bin\RMClockLauncher.exe" [2007-08-31 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13762560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-19 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-08-02 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TOSHIBA Bluetooth Service"=2 (0x2)
"spmgr"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"NBService"=3 (0x3)
"LightScribeService"=2 (0x2)
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"BsHelpCS"=3 (0x3)
"BlueSoleilCS"=2 (0x2)
"ATKGFNEXSrv"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\CommViewWiFi\\WEPdecoder.exe"=
"c:\\BROOD\\StarCraft.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"c:\\Documents and Settings\\Uživatel\\Dokumenty\\Need for Speed Underground 2\\SPEED2.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"110:TCP"= 110:TCP:svchost
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [24.1.2007 4:07 39080]
R3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [21.2.2008 15:15 304640]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21.2.2008 14:57 36608]
R3 RTCore32;RTCore32;c:\documents and settings\Uživatel\Plocha\rmclock_230_bin\RTCore32.sys [7.9.2009 20:56 4608]
S2 FlexService;Remote Connections Service;"c:\program files\RapidBIT\cisvc.exe" --> c:\program files\RapidBIT\cisvc.exe [?]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [21.2.2008 14:52 38656]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-01-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 13:17]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\cka1dbtw.default\
FF - prefs.js: browser.startup.homepage - google.cz|sps-sou.cz
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 00:52
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\ifxspmgt.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\IfxPsdSv.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\documents and settings\Uživatel\Plocha\rmclock_230_bin\RMClock.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-01-17 00:55:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-16 23:55
ComboFix2.txt 2010-01-16 11:20
ComboFix3.txt 2010-01-16 10:37
ComboFix4.txt 2010-01-15 22:37
Před spuštěním: Volných bajtů: 64 605 995 008
Po spuštění: Volných bajtů: 64 705 851 392
- - End Of File - - B764A6B74168036C36BB80007F23960F
-------------------------------------------------
Jinak jsem předtím projel kompletně PC aktualizovanym a aktivovanym MWAVem takze to neco mazalo..
log z MWAV http://www.edisk.cz/stahni/89790/log.txt_7.05MB.html
-------------------------------------------------
-
Rudy
- Site Admin
- Příspěvky: 119359
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pravděpodobně infekce virem kvadr.gen!a
Log již vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?