nový log:
ComboFix 10-01-23.06 - Marek Dvorský 24.01.2010 16:41:50.9.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1341 [GMT 1:00]
Spuštěný z: C:\riffman.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100124-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\winstart.bat"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Marek Dvorskě\Dokumenty\cc_20080810_2337.reg
c:\documents and settings\Marek Dvorskě\Dokumenty\cc_20080810_2337b.reg
c:\documents and settings\Marek Dvorskě\Dokumenty\cc_20090103_1737.reg
c:\documents and settings\Marek Dvorskě\Dokumenty\cc_20090104_1814.reg
c:\windows\winstart.bat
.
--------------- FCopy ---------------
c:\atapi.sys --> c:\windows\System32\drivers\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-24 do 2010-01-24 )))))))))))))))))))))))))))))))
.
2010-01-24 15:29 . 2008-04-13 18:40 96512 ------w- C:\atapi.sys
2010-01-23 21:21 . 2010-01-23 21:37 -------- d-----w- C:\riffman1088r
2010-01-23 21:13 . 2010-01-24 15:37 3835537 ----a-r- C:\riffman.exe
2010-01-23 11:12 . 2010-01-23 11:26 -------- d-----w- C:\riffman1885r
2010-01-23 11:10 . 2010-01-23 11:11 -------- d-----w- C:\riffman
2010-01-23 11:10 . 2010-01-23 11:10 390144 ----a-w- c:\windows\system32\CF19254.exe
2010-01-23 10:46 . 2010-01-23 10:46 -------- d-----w- c:\program files\trend micro
2010-01-23 10:46 . 2010-01-23 10:46 -------- d-----w- C:\rsit
2010-01-17 09:15 . 2010-01-17 09:16 -------- d-----w- c:\program files\PSPad editor
2010-01-12 19:58 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 15:33 . 2008-08-10 17:10 -------- d-----w- c:\program files\LogMeIn
2010-01-24 08:02 . 2008-08-10 16:23 -------- d-----w- c:\program files\Spyware Terminator
2010-01-24 01:22 . 2009-01-20 18:31 -------- d-----w- c:\program files\WinClamAVShield
2010-01-21 13:57 . 2008-08-10 10:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 17:24 . 2008-09-18 14:08 -------- d-----w- c:\program files\Common Files\Java
2010-01-20 17:23 . 2008-09-18 14:14 -------- d-----w- c:\program files\Java
2010-01-20 17:23 . 2006-03-02 12:00 79440 ----a-w- c:\windows\system32\perfc005.dat
2010-01-20 17:23 . 2006-03-02 12:00 432516 ----a-w- c:\windows\system32\perfh005.dat
2010-01-15 23:35 . 2009-01-04 14:30 -------- d-----w- c:\program files\Crawler
2010-01-13 21:48 . 2008-08-10 16:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 15:07 . 2008-08-10 16:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2008-08-10 16:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 14:37 . 2009-01-11 13:08 -------- d-----w- c:\program files\Ufonuv fofr internet
2009-12-30 22:55 . 2009-07-08 13:22 -------- d-----w- c:\program files\netloader.in
2009-12-21 19:08 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 16:14 . 2008-12-12 06:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-13 21:49 . 2009-09-21 16:47 -------- d-----w- c:\program files\Opera
2009-11-24 23:54 . 2008-08-10 12:29 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-08-10 12:30 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-08-10 12:30 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-08-10 12:30 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-08-10 12:30 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-08-10 12:30 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-08-10 12:30 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-08-10 12:30 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-08-10 12:30 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
------- Sigcheck -------
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2006-03-02 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2008-03-18 2508072]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"QIP2005"="c:\program files\QIP\qip.exe" [2009-08-13 3276288]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-24 289584]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-03 39408]
"Google Update"="c:\documents and settings\Marek Dvorský\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-01-22 135664]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-13 166424]
"SkyTel"="SkyTel.EXE" [2007-10-12 1826816]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-26 16855552]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-26 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-17 815104]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-03-05 677408]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-11-13 851968]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-08-10 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-08-10 33136]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-04-02 87336]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-02-22 62760]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe" [2004-06-22 729088]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-07-19 778240]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-13 137752]
"Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 2037352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-13 141848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-12-10 2166784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Marek Dvorskě\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-10 113664]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-8-2 2760704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 17:26 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\Vegas 7.0\\VegSrv70.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [10.8.2008 11:54 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [10.8.2008 11:54 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10.8.2008 13:30 114768]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [30.1.2007 21:07 39080]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10.8.2008 17:24 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.8.2008 13:30 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [3.8.2007 14:09 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [10.8.2008 18:10 47640]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10.8.2008 10:53 36608]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [3.1.2009 18:38 65576]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [10.8.2008 16:59 93440]
S3 nhcNT_driver;Notebook Hardware Control NT Driver;c:\windows\system32\drivers\nhcNT.sys [11.8.2008 18:21 8960]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 15:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-01-22 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-08-10 14:31]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout pomocí FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: Stáhnout vše pomocí FlashGet - c:\program files\FlashGet\jc_all.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Marek Dvorský\Data aplikací\Mozilla\Firefox\Profiles\bgg2pc1l.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - component: c:\progra~1\Crawler\firefox\components\xcomm.dll
FF - component: c:\progra~1\Crawler\firefox\components\xshared.dll
FF - component: c:\progra~1\Crawler\firefox\components\xsupport.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{95289393-33EA-4F8D-B952-483415B9C955} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-24 16:51
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
C:\ADSM_PData_0150
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A1007E0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f57cb8
\Driver\atapi -> 0x8a1007e0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) PRO/Wireless 3945ABG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9de4bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9dd3a0d
SendHandler -> NDIS.sys @ 0xb9de7b40
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="DDF0FDC4AED9F1257EA7343051109860195A3F9E794F6824A01172418E85313815B3D838EFC1293EBE651AD738FC2398F12F79B606AACC23E97F5D90DE9E83BBA9F4EA721A40361977F931BF649159775EB462014980688AC9BF9C045390F6CE28374BCC3B4956982418895626FC4303E8E8A12173DEAD277B3B93179C6709A21CF0B5B92486AD7143E0D7210F28CC17A23C0552788BF197BF50C7D732E496BA188E07B9EA56C4AD56EDF338F52D47629D14FD60117BEDCEDBCFE1684A7C62F131ED44E56CC9052B654BD84877D965E7F247202DB95BBF979802317F65D712F280E112684326401CF9F7269072B1C1FDBD26A5AD318AE78AC11FA6E6C152FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667BA7FD869164D6794A6A0AC4980AC79331573AD8C5B27F2BDD56A060D7F106B26EBDF7460F4742F3ECCBD6C2964A954882ABFB2A5F49B7A75B8B031AC522F2C4B7F73E47850EDC9D73B544CC28B8D0C7752B97237A83B8EE6D4990526223D716A90C1F91B1B66853FB36CC4B0CD500C64FD32224489F187A904B8E56B38FE93980444E8C7F793D9A742057F1FC9BC10BD02C9F746CB4100870576BB6201C7309D1EC6EDF2ADC207F455ED24AD3EB495A516F9B0AA48BF5A81F78D73651183A7F58B6C430227510FC0C04EE3EF0FAB61F2578A8C53FB94B9CBE18D7E421C30A05359282DD0F33438D8BB20EF6FC3AA79B0459ACD93077E064B2DDBD0BA7DDF8399F8C2EF2E46718A3FE22F7E26884CA91D469FBCB62E4E6B9D27AE648432B8FC60435A55DCF4A557A9B3204C862D4380A9205DA4765BE8DA918011B2CA5CF4FD75F05EAB937CFD2E809266957226D1527E8071D5861C4907AB4F6540AAC1E3BDD7A094447E793FE662C7CC1E430B51B47578C7A20C1F7AE9220DDE0FB74CE632BE559474BBB0C19A207C712D4417AD849CFA24641E3B9EBDE0160329F40BF41C1074CC965E876EA73FC2C58DB52B665FB7E19E764BE7EB0407ACAF1A602E97F9E949FB876E0A45B07A8C0E8C4CCB12A83CE821B715C3A98169761472E30CEC119B02B8A9E5E5DA1B3E30677CAE9E5609D42FE90BED8DB7BC8EFB34C8E420A7EB2A31E9E1B3EF5491ABEA3CB5F9F171E960BB0CD9412C8582322C663437850E57CECCCE9ABA9DEE8299DB50923E3332FA71756E10EAA798E244565951A501FAE375AE7541530AF82011063870FEF87EB0CDA84C1B3DAC8AB267318A41EEF6DAE63E17C447C87456DF4E505FB334784C40EF0633F0FB0D09887456CDA7C270B279FEA6F4A1573FFD7B44078141CA90A9A408228688E03CD342F4434C2FCA9D96F8BE65924CB4717AF21859B205223FB79E77F4FE5C9854C27FAA5700831ECEB106BA3CFE"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\LMIinit.dll
- - - - - - - > 'explorer.exe'(4960)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\windows\system32\oodag.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\program files\Infineon\Security Platform Software\PSDrt.exe
c:\program files\Infineon\Security Platform Software\SpTna.exe
c:\windows\system32\ACEngSvr.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
.
**************************************************************************
.
Celkový čas: 2010-01-24 16:58:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-24 15:58
ComboFix2.txt 2010-01-23 21:37
ComboFix3.txt 2010-01-23 11:26
ComboFix4.txt 2009-01-31 20:20
ComboFix5.txt 2010-01-24 15:41
Před spuštěním: Volných bajtů: 10 258 972 672
Po spuštění: Volných bajtů: 10 224 885 760
- - End Of File - - 08A3AB1816BC7BAEEEF8AEA6794BB350
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
krádež hesla u rapidshare premium, co s tím?
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
skorojoerg
- Návštěvník
- Příspěvky: 107
- Registrován: 19 úno 2008 08:19
-
meteorolog
- Vzorný návštěvník
- Příspěvky: 308
- Registrován: 07 led 2007 15:20
- Bydliště: Pardubice
Re: krádež hesla u rapidshare premium, co s tím?
tyto soubory otestujte na http://www.virustotal.com - pokud to napíše, že soubor už byl testován, dejte ho otestovat znovu a vložte sem odkazy na výsledky:
c:\windows\ERDNT\cache\atapi.sys
c:\windows\ServicePackFiles\i386\atapi.sys
c:\windows\system32\dllcache\atapi.sys
c:\windows\system32\drivers\atapi.sys
c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
c:\windows\$NtServicePackUninstall$\atapi.sys
c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
c:\windows\ERDNT\cache\atapi.sys
c:\windows\ServicePackFiles\i386\atapi.sys
c:\windows\system32\dllcache\atapi.sys
c:\windows\system32\drivers\atapi.sys
c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
c:\windows\$NtServicePackUninstall$\atapi.sys
c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
-
skorojoerg
- Návštěvník
- Příspěvky: 107
- Registrován: 19 úno 2008 08:19
Re: krádež hesla u rapidshare premium, co s tím?
otestováno v přesném pořadí : čtvrtý řádek nešel viz. hláška
http://www.virustotal.com/cs/analisis/b ... 1264350686
http://www.virustotal.com/cs/analisis/b ... 1264350858
http://www.virustotal.com/cs/analisis/b ... 1264351209
0 bytes size received / Se ha recibido un archivo vacio
http://www.virustotal.com/cs/analisis/0 ... 1264351581
http://www.virustotal.com/cs/analisis/0 ... 1264351832
http://www.virustotal.com/cs/analisis/0 ... 1264352016
http://www.virustotal.com/cs/analisis/b ... 1264350686
http://www.virustotal.com/cs/analisis/b ... 1264350858
http://www.virustotal.com/cs/analisis/b ... 1264351209
0 bytes size received / Se ha recibido un archivo vacio
http://www.virustotal.com/cs/analisis/0 ... 1264351581
http://www.virustotal.com/cs/analisis/0 ... 1264351832
http://www.virustotal.com/cs/analisis/0 ... 1264352016
-
meteorolog
- Vzorný návštěvník
- Příspěvky: 308
- Registrován: 07 led 2007 15:20
- Bydliště: Pardubice
Re: krádež hesla u rapidshare premium, co s tím?
pošlete ještě logy z GMER - http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
-
skorojoerg
- Návštěvník
- Příspěvky: 107
- Registrován: 19 úno 2008 08:19
Re: krádež hesla u rapidshare premium, co s tím?
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2010-01-24 18:42:40
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xB9F815DC]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xB9F8D120]
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 8A5CF570
AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
Device \FileSystem\Fastfat \Fat 89D2B9D0
AttachedDevice \FileSystem\Fastfat \Fat AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- Modules - GMER 1.0.14 ----
Module _________ B9F09000-B9F21000 (98304 bytes)
---- EOF - GMER 1.0.14 ----
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2010-01-24 18:58:56
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA85726B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA8572574]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xB9F80B00]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA8572A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA857214C]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xB9F815DC]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xB9F8D120]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenFile [0xB9F80B40]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA857264E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA857208C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA85720F0]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xB9F815FC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA857276E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA857272E]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xB9F8C550]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA85728AE]
---- Kernel code sections - GMER 1.0.14 ----
? Combo-Fix.sys Systém nemůže nalézt uvedený soubor. !
? C:\riffman18518r\catchme.sys Systém nemůže nalézt uvedený soubor. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Systém nemůže nalézt uvedený soubor. !
? C:\DOCUME~1\MAREKD~1\LOCALS~1\Temp\kflirpob.sys Systém nemůže nalézt uvedený soubor. !
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\WINDOWS\system32\services.exe[868] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[868] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 8A5CF570
AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
Device \FileSystem\Fastfat \FatCdrom 89D2B9D0
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
Device \Driver\Cdrom \Device\CdRom0 8A1004B0
Device \FileSystem\Rdbss \Device\FsWrap 8A2CDE10
Device \Driver\Cdrom \Device\CdRom1 8A1004B0
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A1007E0
Device \Driver\atapi \Device\Ide\IdePort0 8A1007E0
Device \Driver\atapi \Device\Ide\IdePort1 8A1007E0
Device \Driver\atapi \Device\Ide\IdePort2 8A1007E0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8A1007E0
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
Device \FileSystem\Srv \Device\LanmanServer 8A435E60
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A2C3D70
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A2C3D70
Device \FileSystem\Npfs \Device\NamedPipe 8A2BD7A8
Device \FileSystem\Msfs \Device\Mailslot 8A279C50
Device \Driver\a347scsi \Device\Scsi\a347scsi1 8A21EC50
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 8A21EC50
Device \FileSystem\Fastfat \Fat 89D2B9D0
AttachedDevice \FileSystem\Fastfat \Fat AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8A270678
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8A270678
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8A270678
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8A270678
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8A270678
Device \FileSystem\Cdfs \Cdfs 8A1AF758
---- Modules - GMER 1.0.14 ----
Module _________ B9F09000-B9F21000 (98304 bytes)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION DDF0FDC4AED9F1257EA7343051109860195A3F9E794F6824A01172418E85313815B3D838EFC1293EBE651AD738FC2398F12F79B606AACC23E97F5D90DE9E83BBA9F4EA721A40361977F931BF649159775EB462014980688AC9BF9C045390F6CE28374BCC3B4956982418895626FC4303E8E8A12173DEAD277B3B93179C6709A21CF0B5B92486AD7143E0D7210F28CC17A23C0552788BF197BF50C7D732E496BA188E07B9EA56C4AD56EDF338F52D47629D14FD60117BEDCEDBCFE1684A7C62F131ED44E56CC9052B654BD84877D965E7F247202DB95BBF979802317F65D712F280E112684326401CF9F7269072B1C1FDBD26A5AD318AE78AC11FA6E6C152FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667BA7FD869164D6794A6A0AC4980AC79331573AD8C5B27F2BDD56A060D7F106B26EBDF7460F4742F3ECCBD6C2964A954882ABFB2A5F49B7A75B8B031AC522F2C4B7F73E47850EDC9D73B544CC28B8D0C7752B97237A83B8EE6D4990526223D716A90C1F91B1B66853FB36CC4B0CD500C64FD32224489F187A904B8E56B38FE93980444E8C7F793D9A742057F1FC9BC10BD02C9F746CB4100870576BB6201C7309D1EC6EDF2ADC207F455ED24AD3EB495A516F9B0AA48BF5A81F78D73651183A7F58B6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName Alcohol 120%
Reg HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName Alcohol 120%
---- Files - GMER 1.0.14 ----
File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes
Rootkit scan 2010-01-24 18:42:40
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xB9F815DC]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xB9F8D120]
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 8A5CF570
AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
Device \FileSystem\Fastfat \Fat 89D2B9D0
AttachedDevice \FileSystem\Fastfat \Fat AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- Modules - GMER 1.0.14 ----
Module _________ B9F09000-B9F21000 (98304 bytes)
---- EOF - GMER 1.0.14 ----
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2010-01-24 18:58:56
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA85726B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA8572574]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xB9F80B00]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA8572A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA857214C]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xB9F815DC]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xB9F8D120]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenFile [0xB9F80B40]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA857264E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA857208C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA85720F0]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xB9F815FC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA857276E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA857272E]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xB9F8C550]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA85728AE]
---- Kernel code sections - GMER 1.0.14 ----
? Combo-Fix.sys Systém nemůže nalézt uvedený soubor. !
? C:\riffman18518r\catchme.sys Systém nemůže nalézt uvedený soubor. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Systém nemůže nalézt uvedený soubor. !
? C:\DOCUME~1\MAREKD~1\LOCALS~1\Temp\kflirpob.sys Systém nemůže nalézt uvedený soubor. !
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\WINDOWS\system32\services.exe[868] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[868] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 8A5CF570
AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
Device \FileSystem\Fastfat \FatCdrom 89D2B9D0
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
Device \Driver\Cdrom \Device\CdRom0 8A1004B0
Device \FileSystem\Rdbss \Device\FsWrap 8A2CDE10
Device \Driver\Cdrom \Device\CdRom1 8A1004B0
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A1007E0
Device \Driver\atapi \Device\Ide\IdePort0 8A1007E0
Device \Driver\atapi \Device\Ide\IdePort1 8A1007E0
Device \Driver\atapi \Device\Ide\IdePort2 8A1007E0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8A1007E0
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
Device \FileSystem\Srv \Device\LanmanServer 8A435E60
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A2C3D70
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A2C3D70
Device \FileSystem\Npfs \Device\NamedPipe 8A2BD7A8
Device \FileSystem\Msfs \Device\Mailslot 8A279C50
Device \Driver\a347scsi \Device\Scsi\a347scsi1 8A21EC50
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 8A21EC50
Device \FileSystem\Fastfat \Fat 89D2B9D0
AttachedDevice \FileSystem\Fastfat \Fat AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8A270678
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8A270678
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8A270678
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8A270678
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8A270678
Device \FileSystem\Cdfs \Cdfs 8A1AF758
---- Modules - GMER 1.0.14 ----
Module _________ B9F09000-B9F21000 (98304 bytes)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION DDF0FDC4AED9F1257EA7343051109860195A3F9E794F6824A01172418E85313815B3D838EFC1293EBE651AD738FC2398F12F79B606AACC23E97F5D90DE9E83BBA9F4EA721A40361977F931BF649159775EB462014980688AC9BF9C045390F6CE28374BCC3B4956982418895626FC4303E8E8A12173DEAD277B3B93179C6709A21CF0B5B92486AD7143E0D7210F28CC17A23C0552788BF197BF50C7D732E496BA188E07B9EA56C4AD56EDF338F52D47629D14FD60117BEDCEDBCFE1684A7C62F131ED44E56CC9052B654BD84877D965E7F247202DB95BBF979802317F65D712F280E112684326401CF9F7269072B1C1FDBD26A5AD318AE78AC11FA6E6C152FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667BA7FD869164D6794A6A0AC4980AC79331573AD8C5B27F2BDD56A060D7F106B26EBDF7460F4742F3ECCBD6C2964A954882ABFB2A5F49B7A75B8B031AC522F2C4B7F73E47850EDC9D73B544CC28B8D0C7752B97237A83B8EE6D4990526223D716A90C1F91B1B66853FB36CC4B0CD500C64FD32224489F187A904B8E56B38FE93980444E8C7F793D9A742057F1FC9BC10BD02C9F746CB4100870576BB6201C7309D1EC6EDF2ADC207F455ED24AD3EB495A516F9B0AA48BF5A81F78D73651183A7F58B6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName Alcohol 120%
Reg HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName Alcohol 120%
---- Files - GMER 1.0.14 ----
File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes
-
meteorolog
- Vzorný návštěvník
- Příspěvky: 308
- Registrován: 07 led 2007 15:20
- Bydliště: Pardubice
Re: krádež hesla u rapidshare premium, co s tím?
stáhněte avenger - http://www.viry.cz/forum/viewtopic.php?f=15&t=19832 a použijte tento script:
potom pošlete log (C:\avenger.txt) a nový log z Combofix (normální spuštění bez scriptu)Begin copying here:
Files to move:
c:\atapi.sys | c:\windows\system32\drivers\atapi.sys
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
-
skorojoerg
- Návštěvník
- Příspěvky: 107
- Registrován: 19 úno 2008 08:19
Re: krádež hesla u rapidshare premium, co s tím?
Posílám log z Avengeru,při pokusu o log z Combofix mě při vytváření logu vytuhl ntb, musel jsem ho natvrdo vypnout, mám se pokusit znovu?
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File move operation "c:\atapi.sys|c:\windows\system32\drivers\atapi.sys" completed successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File move operation "c:\atapi.sys|c:\windows\system32\drivers\atapi.sys" completed successfully.
Completed script processing.
*******************
Finished! Terminate.
-
meteorolog
- Vzorný návštěvník
- Příspěvky: 308
- Registrován: 07 led 2007 15:20
- Bydliště: Pardubice
Re: krádež hesla u rapidshare premium, co s tím?
a log se nevytvořil?
použijte http://sweb.cz/Marinus/T-Cleaner.exe - pro potvrzení stiskněte vždy klávesu A nebo Enter restartujte PC a postup zopakujte - dojde k odebrání všech komponent Combofixu
(utilita může být označena antivirem jako vir - po použití ji smažte)
s dalším použitím Combofixu zatím vyčkejte, v programu byla objevena nějaká chyba a na její odstranění se pracuje
použijte http://sweb.cz/Marinus/T-Cleaner.exe - pro potvrzení stiskněte vždy klávesu A nebo Enter restartujte PC a postup zopakujte - dojde k odebrání všech komponent Combofixu
(utilita může být označena antivirem jako vir - po použití ji smažte)
s dalším použitím Combofixu zatím vyčkejte, v programu byla objevena nějaká chyba a na její odstranění se pracuje
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
-
meteorolog
- Vzorný návštěvník
- Příspěvky: 308
- Registrován: 07 led 2007 15:20
- Bydliště: Pardubice
Re: krádež hesla u rapidshare premium, co s tím?
chyba opravena - stáhněte Combofix opět na plochu a pošlete nový log
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
-
skorojoerg
- Návštěvník
- Příspěvky: 107
- Registrován: 19 úno 2008 08:19
Re: krádež hesla u rapidshare premium, co s tím?
ComboFix 10-01-24.05 - Marek Dvorský 25.01.2010 15:18:30.11.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1484 [GMT 1:00]
Spuštěný z: c:\documents and settings\Marek Dvorský\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100125-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Marek Dvorskě\Dokumenty\cc_20080810_2337.reg
c:\documents and settings\Marek Dvorskě\Dokumenty\cc_20080810_2337b.reg
c:\documents and settings\Marek Dvorskě\Dokumenty\cc_20090103_1737.reg
c:\documents and settings\Marek Dvorskě\Dokumenty\cc_20090104_1814.reg
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-25 do 2010-01-25 )))))))))))))))))))))))))))))))
.
2010-01-23 11:10 . 2010-01-23 11:11 -------- d-----w- C:\riffman
2010-01-23 10:46 . 2010-01-23 10:46 -------- d-----w- c:\program files\trend micro
2010-01-17 09:15 . 2010-01-17 09:16 -------- d-----w- c:\program files\PSPad editor
2010-01-12 19:58 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 23:33 . 2008-08-10 17:10 -------- d-----w- c:\program files\LogMeIn
2010-01-24 08:02 . 2008-08-10 16:23 -------- d-----w- c:\program files\Spyware Terminator
2010-01-24 01:22 . 2009-01-20 18:31 -------- d-----w- c:\program files\WinClamAVShield
2010-01-21 13:57 . 2008-08-10 10:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 17:24 . 2008-09-18 14:08 -------- d-----w- c:\program files\Common Files\Java
2010-01-20 17:23 . 2008-09-18 14:14 -------- d-----w- c:\program files\Java
2010-01-20 17:23 . 2006-03-02 12:00 79440 ----a-w- c:\windows\system32\perfc005.dat
2010-01-20 17:23 . 2006-03-02 12:00 432516 ----a-w- c:\windows\system32\perfh005.dat
2010-01-15 23:35 . 2009-01-04 14:30 -------- d-----w- c:\program files\Crawler
2010-01-13 21:48 . 2008-08-10 16:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 15:07 . 2008-08-10 16:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2008-08-10 16:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 14:37 . 2009-01-11 13:08 -------- d-----w- c:\program files\Ufonuv fofr internet
2009-12-30 22:55 . 2009-07-08 13:22 -------- d-----w- c:\program files\netloader.in
2009-12-21 19:08 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 16:14 . 2008-12-12 06:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-13 21:49 . 2009-09-21 16:47 -------- d-----w- c:\program files\Opera
2009-11-24 23:54 . 2008-08-10 12:29 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-08-10 12:30 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-08-10 12:30 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-08-10 12:30 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-08-10 12:30 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-08-10 12:30 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-08-10 12:30 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-08-10 12:30 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-08-10 12:30 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2008-03-18 2508072]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"QIP2005"="c:\program files\QIP\qip.exe" [2009-08-13 3276288]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-24 289584]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-03 39408]
"Google Update"="c:\documents and settings\Marek Dvorský\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-01-22 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-13 166424]
"SkyTel"="SkyTel.EXE" [2007-10-12 1826816]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-26 16855552]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-26 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-17 815104]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-03-05 677408]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-11-13 851968]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-08-10 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-08-10 33136]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-04-02 87336]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-02-22 62760]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe" [2004-06-22 729088]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-07-19 778240]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-13 137752]
"Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 2037352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-13 141848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-12-10 2166784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Marek Dvorskě\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-10 113664]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-8-2 2760704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 17:26 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\Vegas 7.0\\VegSrv70.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [10.8.2008 11:54 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10.8.2008 13:30 114768]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [30.1.2007 21:07 39080]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10.8.2008 17:24 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.8.2008 13:30 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [3.8.2007 14:09 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [10.8.2008 18:10 47640]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10.8.2008 10:53 36608]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [3.1.2009 18:38 65576]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [10.8.2008 11:54 160640]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [10.8.2008 16:59 93440]
S3 nhcNT_driver;Notebook Hardware Control NT Driver;c:\windows\system32\drivers\nhcNT.sys [11.8.2008 18:21 8960]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 15:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-01-22 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-08-10 14:31]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout pomocí FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: Stáhnout vše pomocí FlashGet - c:\program files\FlashGet\jc_all.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Marek Dvorský\Data aplikací\Mozilla\Firefox\Profiles\bgg2pc1l.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - component: c:\progra~1\Crawler\firefox\components\xcomm.dll
FF - component: c:\progra~1\Crawler\firefox\components\xshared.dll
FF - component: c:\progra~1\Crawler\firefox\components\xsupport.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{95289393-33EA-4F8D-B952-483415B9C955} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 15:24
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
C:\ADSM_PData_0150
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="DDF0FDC4AED9F1257EA7343051109860195A3F9E794F6824A01172418E85313815B3D838EFC1293EBE651AD738FC2398F12F79B606AACC23E97F5D90DE9E83BBA9F4EA721A40361977F931BF649159775EB462014980688AC9BF9C045390F6CE28374BCC3B4956982418895626FC4303E8E8A12173DEAD277B3B93179C6709A21CF0B5B92486AD7143E0D7210F28CC17A23C0552788BF197BF50C7D732E496BA188E07B9EA56C4AD56EDF338F52D47629D14FD60117BEDCEDBCFE1684A7C62F131ED44E56CC9052B654BD84877D965E7F247202DB95BBF979802317F65D712F280E112684326401CF9F7269072B1C1FDBD26A5AD318AE78AC11FA6E6C152FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667BA7FD869164D6794A6A0AC4980AC79331573AD8C5B27F2BDD56A060D7F106B26EBDF7460F4742F3ECCBD6C2964A954882ABFB2A5F49B7A75B8B031AC522F2C4B7F73E47850EDC9D73B544CC28B8D0C7752B97237A83B8EE6D4990526223D716A90C1F91B1B66853FB36CC4B0CD500C64FD32224489F187A904B8E56B38FE93980444E8C7F793D9A742057F1FC9BC10BD02C9F746CB4100870576BB6201C7309D1EC6EDF2ADC207F455ED24AD3EB495A516F9B0AA48BF5A81F78D73651183A7F58B6C430227510FC0C04EE3EF0FAB61F2578A8C53FB94B9CBE18D7E421C30A05359282DD0F33438D8BB20EF6FC3AA79B0459ACD93077E064B2DDBD0BA7DDF8399F8C2EF2E46718A3FE22F7E26884CA91D469FBCB62E4E6B9D27AE648432B8FC60435A55DCF4A557A9B3204C862D4380A9205DA4765BE8DA918011B2CA5CF4FD75F05EAB937CFD2E809266957226D1527E8071D5861C4907AB4F6540AAC1E3BDD7A094447E793FE662C7CC1E430B51B47578C7A20C1F7AE9220DDE0FB74CE632BE559474BBB0C19A207C712D4417AD849CFA24641E3B9EBDE0160329F40BF41C1074CC965E876EA73FC2C58DB52B665FB7E19E764BE7EB0407ACAF1A602E97F9E949FB876E0A45B07A8C0E8C4CCB12A83CE821B715C3A98169761472E30CEC119B02B8A9E5E5DA1B3E30677CAE9E5609D42FE90BED8DB7BC8EFB34C8E420A7EB2A31E9E1B3EF5491ABEA3CB5F9F171E960BB0CD9412C8582322C663437850E57CECCCE9ABA9DEE8299DB50923E3332FA71756E10EAA798E244565951A501FAE375AE7541530AF82011063870FEF87EB0CDA84C1B3DAC8AB267318A41EEF6DAE63E17C447C87456DF4E505FB334784C40EF0633F0FB0D09887456CDA7C270B279FEA6F4A1573FFD7B44078141CA90A9A408228688E03CD342F4434C2FCA9D96F8BE65924CB4717AF21859B205223FB79E77F4FE5C9854C27FAA5700831ECEB106BA3CFE"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\LMIinit.dll
.
Celkový čas: 2010-01-25 15:26:54
ComboFix-quarantined-files.txt 2010-01-25 14:26
Před spuštěním: Volných bajtů: 12 592 934 912
Po spuštění: Volných bajtů: 12 556 206 080
- - End Of File - - D27553E628E39C772CF17EAE6ADC8D20
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1484 [GMT 1:00]
Spuštěný z: c:\documents and settings\Marek Dvorský\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100125-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Marek Dvorskě\Dokumenty\cc_20080810_2337.reg
c:\documents and settings\Marek Dvorskě\Dokumenty\cc_20080810_2337b.reg
c:\documents and settings\Marek Dvorskě\Dokumenty\cc_20090103_1737.reg
c:\documents and settings\Marek Dvorskě\Dokumenty\cc_20090104_1814.reg
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-25 do 2010-01-25 )))))))))))))))))))))))))))))))
.
2010-01-23 11:10 . 2010-01-23 11:11 -------- d-----w- C:\riffman
2010-01-23 10:46 . 2010-01-23 10:46 -------- d-----w- c:\program files\trend micro
2010-01-17 09:15 . 2010-01-17 09:16 -------- d-----w- c:\program files\PSPad editor
2010-01-12 19:58 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 23:33 . 2008-08-10 17:10 -------- d-----w- c:\program files\LogMeIn
2010-01-24 08:02 . 2008-08-10 16:23 -------- d-----w- c:\program files\Spyware Terminator
2010-01-24 01:22 . 2009-01-20 18:31 -------- d-----w- c:\program files\WinClamAVShield
2010-01-21 13:57 . 2008-08-10 10:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 17:24 . 2008-09-18 14:08 -------- d-----w- c:\program files\Common Files\Java
2010-01-20 17:23 . 2008-09-18 14:14 -------- d-----w- c:\program files\Java
2010-01-20 17:23 . 2006-03-02 12:00 79440 ----a-w- c:\windows\system32\perfc005.dat
2010-01-20 17:23 . 2006-03-02 12:00 432516 ----a-w- c:\windows\system32\perfh005.dat
2010-01-15 23:35 . 2009-01-04 14:30 -------- d-----w- c:\program files\Crawler
2010-01-13 21:48 . 2008-08-10 16:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 15:07 . 2008-08-10 16:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2008-08-10 16:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 14:37 . 2009-01-11 13:08 -------- d-----w- c:\program files\Ufonuv fofr internet
2009-12-30 22:55 . 2009-07-08 13:22 -------- d-----w- c:\program files\netloader.in
2009-12-21 19:08 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 16:14 . 2008-12-12 06:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-13 21:49 . 2009-09-21 16:47 -------- d-----w- c:\program files\Opera
2009-11-24 23:54 . 2008-08-10 12:29 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-08-10 12:30 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-08-10 12:30 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-08-10 12:30 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-08-10 12:30 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-08-10 12:30 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-08-10 12:30 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-08-10 12:30 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-08-10 12:30 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2008-03-18 2508072]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"QIP2005"="c:\program files\QIP\qip.exe" [2009-08-13 3276288]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-24 289584]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-03 39408]
"Google Update"="c:\documents and settings\Marek Dvorský\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-01-22 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-13 166424]
"SkyTel"="SkyTel.EXE" [2007-10-12 1826816]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-26 16855552]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-26 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-17 815104]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-03-05 677408]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-11-13 851968]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-08-10 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-08-10 33136]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-04-02 87336]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-02-22 62760]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe" [2004-06-22 729088]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-07-19 778240]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-13 137752]
"Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 2037352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-13 141848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-12-10 2166784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Marek Dvorskě\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-10 113664]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-8-2 2760704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 17:26 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\Vegas 7.0\\VegSrv70.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [10.8.2008 11:54 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10.8.2008 13:30 114768]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [30.1.2007 21:07 39080]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10.8.2008 17:24 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.8.2008 13:30 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [3.8.2007 14:09 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [10.8.2008 18:10 47640]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10.8.2008 10:53 36608]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [3.1.2009 18:38 65576]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [10.8.2008 11:54 160640]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [10.8.2008 16:59 93440]
S3 nhcNT_driver;Notebook Hardware Control NT Driver;c:\windows\system32\drivers\nhcNT.sys [11.8.2008 18:21 8960]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 15:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-01-22 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-08-10 14:31]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout pomocí FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: Stáhnout vše pomocí FlashGet - c:\program files\FlashGet\jc_all.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Marek Dvorský\Data aplikací\Mozilla\Firefox\Profiles\bgg2pc1l.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - component: c:\progra~1\Crawler\firefox\components\xcomm.dll
FF - component: c:\progra~1\Crawler\firefox\components\xshared.dll
FF - component: c:\progra~1\Crawler\firefox\components\xsupport.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{95289393-33EA-4F8D-B952-483415B9C955} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 15:24
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
C:\ADSM_PData_0150
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="DDF0FDC4AED9F1257EA7343051109860195A3F9E794F6824A01172418E85313815B3D838EFC1293EBE651AD738FC2398F12F79B606AACC23E97F5D90DE9E83BBA9F4EA721A40361977F931BF649159775EB462014980688AC9BF9C045390F6CE28374BCC3B4956982418895626FC4303E8E8A12173DEAD277B3B93179C6709A21CF0B5B92486AD7143E0D7210F28CC17A23C0552788BF197BF50C7D732E496BA188E07B9EA56C4AD56EDF338F52D47629D14FD60117BEDCEDBCFE1684A7C62F131ED44E56CC9052B654BD84877D965E7F247202DB95BBF979802317F65D712F280E112684326401CF9F7269072B1C1FDBD26A5AD318AE78AC11FA6E6C152FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667BA7FD869164D6794A6A0AC4980AC79331573AD8C5B27F2BDD56A060D7F106B26EBDF7460F4742F3ECCBD6C2964A954882ABFB2A5F49B7A75B8B031AC522F2C4B7F73E47850EDC9D73B544CC28B8D0C7752B97237A83B8EE6D4990526223D716A90C1F91B1B66853FB36CC4B0CD500C64FD32224489F187A904B8E56B38FE93980444E8C7F793D9A742057F1FC9BC10BD02C9F746CB4100870576BB6201C7309D1EC6EDF2ADC207F455ED24AD3EB495A516F9B0AA48BF5A81F78D73651183A7F58B6C430227510FC0C04EE3EF0FAB61F2578A8C53FB94B9CBE18D7E421C30A05359282DD0F33438D8BB20EF6FC3AA79B0459ACD93077E064B2DDBD0BA7DDF8399F8C2EF2E46718A3FE22F7E26884CA91D469FBCB62E4E6B9D27AE648432B8FC60435A55DCF4A557A9B3204C862D4380A9205DA4765BE8DA918011B2CA5CF4FD75F05EAB937CFD2E809266957226D1527E8071D5861C4907AB4F6540AAC1E3BDD7A094447E793FE662C7CC1E430B51B47578C7A20C1F7AE9220DDE0FB74CE632BE559474BBB0C19A207C712D4417AD849CFA24641E3B9EBDE0160329F40BF41C1074CC965E876EA73FC2C58DB52B665FB7E19E764BE7EB0407ACAF1A602E97F9E949FB876E0A45B07A8C0E8C4CCB12A83CE821B715C3A98169761472E30CEC119B02B8A9E5E5DA1B3E30677CAE9E5609D42FE90BED8DB7BC8EFB34C8E420A7EB2A31E9E1B3EF5491ABEA3CB5F9F171E960BB0CD9412C8582322C663437850E57CECCCE9ABA9DEE8299DB50923E3332FA71756E10EAA798E244565951A501FAE375AE7541530AF82011063870FEF87EB0CDA84C1B3DAC8AB267318A41EEF6DAE63E17C447C87456DF4E505FB334784C40EF0633F0FB0D09887456CDA7C270B279FEA6F4A1573FFD7B44078141CA90A9A408228688E03CD342F4434C2FCA9D96F8BE65924CB4717AF21859B205223FB79E77F4FE5C9854C27FAA5700831ECEB106BA3CFE"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\LMIinit.dll
.
Celkový čas: 2010-01-25 15:26:54
ComboFix-quarantined-files.txt 2010-01-25 14:26
Před spuštěním: Volných bajtů: 12 592 934 912
Po spuštění: Volných bajtů: 12 556 206 080
- - End Of File - - D27553E628E39C772CF17EAE6ADC8D20
-
meteorolog
- Vzorný návštěvník
- Příspěvky: 308
- Registrován: 07 led 2007 15:20
- Bydliště: Pardubice
Re: krádež hesla u rapidshare premium, co s tím?
už je to v pořádku, tak to dočistíme
znovu použijte http://sweb.cz/Marinus/T-Cleaner.exe - pro potvrzení stiskněte vždy klávesu A nebo Enter
(utilita může být označena antivirem jako vir - po použití ji smažte)
potom CCleaner - položky Čistič a Registry - čištění opakujte do odstranění všech problémů
a nakonec ATF Cleaner - http://www.atribune.org/ccount/click.php?id=1:
po spuštění staženého souboru se objeví okno:
zatrhněte Select All, klikněte na Empty Selected a Exit
stejným způsobem vymažte případně cache Firefoxu a Opery
restartujte PC
a nainstalujte ten ZoneAlarm
znovu použijte http://sweb.cz/Marinus/T-Cleaner.exe - pro potvrzení stiskněte vždy klávesu A nebo Enter
(utilita může být označena antivirem jako vir - po použití ji smažte)
potom CCleaner - položky Čistič a Registry - čištění opakujte do odstranění všech problémů
a nakonec ATF Cleaner - http://www.atribune.org/ccount/click.php?id=1:
po spuštění staženého souboru se objeví okno:
zatrhněte Select All, klikněte na Empty Selected a Exit
stejným způsobem vymažte případně cache Firefoxu a Opery
restartujte PC
a nainstalujte ten ZoneAlarm
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
-
skorojoerg
- Návštěvník
- Příspěvky: 107
- Registrován: 19 úno 2008 08:19
Re: krádež hesla u rapidshare premium, co s tím?
Hotovo, díky, tak teď ještě abych poslal log z toho druhýho ntb, kde je můj přístup na rapid.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Eduard Šurin at 2010-01-25 18:11:08
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 16 GB (21%) free of 76 GB
Total RAM: 1014 MB (24% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:30, on 25.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\emMON.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSI\Digi VOX AD II\HyperMediaCenter\DTVR\Scheduled.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\spoolsv.exe
C:\DOCUME~1\EDUARD~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Eduard Šurin\Plocha\RSIT.exe
C:\Program Files\trend micro\Eduard Šurin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [emMON] emMON.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Center Agent] C:\Program Files\MSI\Digi VOX AD II\HyperMediaCenter\DTVR\Scheduled.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1482476501-1647877149-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19561F45-13A1-4C25-A549-F53BCEA5A2ED}: NameServer = 10.254.254.254,10.254.254.253
O17 - HKLM\System\CS1\Services\Tcpip\..\{19561F45-13A1-4C25-A549-F53BCEA5A2ED}: NameServer = 10.254.254.254,10.254.254.253
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c9e74cbdc91ed8) (gupdate1c9e74cbdc91ed8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
--
End of file - 10165 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-08-24 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-08-24 131072]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2007-08-03 63048]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"emMON"=C:\WINDOWS\emMON.exe [2006-05-30 61440]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Center Agent"=C:\Program Files\MSI\Digi VOX AD II\HyperMediaCenter\DTVR\Scheduled.exe [2007-01-19 864768]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]
C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-10-02 87352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoActiveDesktop"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cef55c0-be1f-11dd-a661-001b3869e8af}]
shell\AutoRun\command - Programs\nu2menu\nu2menu.exe
======List of files/folders created in the last 1 months======
2010-01-25 18:11:09 ----D---- C:\Program Files\trend micro
2010-01-25 18:11:08 ----D---- C:\rsit
2010-01-13 17:35:43 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 17:35:31 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-01 19:48:28 ----D---- C:\Program Files\QuickTime
2010-01-01 19:48:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Apple Computer
2010-01-01 19:48:03 ----D---- C:\Program Files\Common Files\Apple
2010-01-01 19:47:47 ----D---- C:\Program Files\Apple Software Update
2010-01-01 19:47:47 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Apple
======List of files/folders modified in the last 1 months======
2010-01-25 18:11:14 ----D---- C:\WINDOWS\Prefetch
2010-01-25 18:11:09 ----RD---- C:\Program Files
2010-01-25 18:09:42 ----D---- C:\Program Files\Mozilla Firefox
2010-01-25 18:08:39 ----D---- C:\WINDOWS\Temp
2010-01-25 18:08:39 ----D---- C:\WINDOWS\Debug
2010-01-25 18:08:39 ----D---- C:\WINDOWS
2010-01-25 17:20:31 ----D---- C:\Documents and Settings\Eduard Šurin\Data aplikací\Skype
2010-01-25 17:20:00 ----D---- C:\Documents and Settings\Eduard Šurin\Data aplikací\skypePM
2010-01-25 17:19:59 ----D---- C:\Program Files\LogMeIn
2010-01-25 17:19:37 ----D---- C:\Documents and Settings\Eduard Šurin\Data aplikací\ICQ
2010-01-24 22:16:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-24 21:00:44 ----A---- C:\WINDOWS\wincmd.ini
2010-01-23 17:21:03 ----D---- C:\WINDOWS\system32
2010-01-22 23:43:24 ----HD---- C:\WINDOWS\inf
2010-01-22 23:43:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-22 23:43:16 ----D---- C:\Program Files\Internet Explorer
2010-01-22 23:43:06 ----D---- C:\WINDOWS\ie8updates
2010-01-22 23:42:23 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-22 23:42:20 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-22 21:11:20 ----D---- C:\filmy
2010-01-22 19:47:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-22 19:47:02 ----D---- C:\WINDOWS\system32\drivers
2010-01-22 03:54:38 ----D---- C:\Documents and Settings\Eduard Šurin\Data aplikací\Vso
2010-01-14 09:33:11 ----D---- C:\Documents and Settings
2010-01-13 17:40:05 ----D---- C:\WINDOWS\AppPatch
2010-01-12 14:30:43 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\CanonIJPLM
2010-01-10 17:34:54 ----SHD---- C:\WINDOWS\Installer
2010-01-10 17:34:41 ----RD---- C:\Program Files\Skype
2010-01-10 17:34:41 ----D---- C:\Program Files\Common Files\Skype
2010-01-10 17:34:38 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Skype
2010-01-08 19:32:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-01 19:48:08 ----D---- C:\WINDOWS\WinSxS
2010-01-01 19:48:03 ----D---- C:\Program Files\Common Files
2010-01-01 19:47:54 ----SD---- C:\WINDOWS\Tasks
2009-12-29 06:53:47 ----D---- C:\Program Files\ICQ6.5
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2007-03-09 1163616]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-10-19 161792]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-10 4449280]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-08-03 10144]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-03-11 47360]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\adusbser.sys [2006-10-23 93440]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 546976]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd32.sys [2007-05-22 1771008]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB28xxBGA;USB 2883 Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-09-12 292864]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-08-21 7168]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2006-10-05 9216]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-10-02 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2007-08-03 63040]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gupdate1c9e74cbdc91ed8;Google Update Service (gupdate1c9e74cbdc91ed8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-07 133104]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Eduard Šurin at 2010-01-25 18:11:08
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 16 GB (21%) free of 76 GB
Total RAM: 1014 MB (24% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:30, on 25.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\emMON.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSI\Digi VOX AD II\HyperMediaCenter\DTVR\Scheduled.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\spoolsv.exe
C:\DOCUME~1\EDUARD~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Eduard Šurin\Plocha\RSIT.exe
C:\Program Files\trend micro\Eduard Šurin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [emMON] emMON.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Center Agent] C:\Program Files\MSI\Digi VOX AD II\HyperMediaCenter\DTVR\Scheduled.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1482476501-1647877149-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19561F45-13A1-4C25-A549-F53BCEA5A2ED}: NameServer = 10.254.254.254,10.254.254.253
O17 - HKLM\System\CS1\Services\Tcpip\..\{19561F45-13A1-4C25-A549-F53BCEA5A2ED}: NameServer = 10.254.254.254,10.254.254.253
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c9e74cbdc91ed8) (gupdate1c9e74cbdc91ed8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
--
End of file - 10165 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-08-24 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-08-24 131072]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2007-08-03 63048]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"emMON"=C:\WINDOWS\emMON.exe [2006-05-30 61440]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Center Agent"=C:\Program Files\MSI\Digi VOX AD II\HyperMediaCenter\DTVR\Scheduled.exe [2007-01-19 864768]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]
C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-10-02 87352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoActiveDesktop"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cef55c0-be1f-11dd-a661-001b3869e8af}]
shell\AutoRun\command - Programs\nu2menu\nu2menu.exe
======List of files/folders created in the last 1 months======
2010-01-25 18:11:09 ----D---- C:\Program Files\trend micro
2010-01-25 18:11:08 ----D---- C:\rsit
2010-01-13 17:35:43 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 17:35:31 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-01 19:48:28 ----D---- C:\Program Files\QuickTime
2010-01-01 19:48:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Apple Computer
2010-01-01 19:48:03 ----D---- C:\Program Files\Common Files\Apple
2010-01-01 19:47:47 ----D---- C:\Program Files\Apple Software Update
2010-01-01 19:47:47 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Apple
======List of files/folders modified in the last 1 months======
2010-01-25 18:11:14 ----D---- C:\WINDOWS\Prefetch
2010-01-25 18:11:09 ----RD---- C:\Program Files
2010-01-25 18:09:42 ----D---- C:\Program Files\Mozilla Firefox
2010-01-25 18:08:39 ----D---- C:\WINDOWS\Temp
2010-01-25 18:08:39 ----D---- C:\WINDOWS\Debug
2010-01-25 18:08:39 ----D---- C:\WINDOWS
2010-01-25 17:20:31 ----D---- C:\Documents and Settings\Eduard Šurin\Data aplikací\Skype
2010-01-25 17:20:00 ----D---- C:\Documents and Settings\Eduard Šurin\Data aplikací\skypePM
2010-01-25 17:19:59 ----D---- C:\Program Files\LogMeIn
2010-01-25 17:19:37 ----D---- C:\Documents and Settings\Eduard Šurin\Data aplikací\ICQ
2010-01-24 22:16:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-24 21:00:44 ----A---- C:\WINDOWS\wincmd.ini
2010-01-23 17:21:03 ----D---- C:\WINDOWS\system32
2010-01-22 23:43:24 ----HD---- C:\WINDOWS\inf
2010-01-22 23:43:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-22 23:43:16 ----D---- C:\Program Files\Internet Explorer
2010-01-22 23:43:06 ----D---- C:\WINDOWS\ie8updates
2010-01-22 23:42:23 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-22 23:42:20 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-22 21:11:20 ----D---- C:\filmy
2010-01-22 19:47:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-22 19:47:02 ----D---- C:\WINDOWS\system32\drivers
2010-01-22 03:54:38 ----D---- C:\Documents and Settings\Eduard Šurin\Data aplikací\Vso
2010-01-14 09:33:11 ----D---- C:\Documents and Settings
2010-01-13 17:40:05 ----D---- C:\WINDOWS\AppPatch
2010-01-12 14:30:43 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\CanonIJPLM
2010-01-10 17:34:54 ----SHD---- C:\WINDOWS\Installer
2010-01-10 17:34:41 ----RD---- C:\Program Files\Skype
2010-01-10 17:34:41 ----D---- C:\Program Files\Common Files\Skype
2010-01-10 17:34:38 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Skype
2010-01-08 19:32:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-01 19:48:08 ----D---- C:\WINDOWS\WinSxS
2010-01-01 19:48:03 ----D---- C:\Program Files\Common Files
2010-01-01 19:47:54 ----SD---- C:\WINDOWS\Tasks
2009-12-29 06:53:47 ----D---- C:\Program Files\ICQ6.5
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2007-03-09 1163616]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-10-19 161792]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-10 4449280]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-08-03 10144]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-03-11 47360]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\adusbser.sys [2006-10-23 93440]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 546976]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd32.sys [2007-05-22 1771008]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB28xxBGA;USB 2883 Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-09-12 292864]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-08-21 7168]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2006-10-05 9216]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-10-02 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2007-08-03 63040]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gupdate1c9e74cbdc91ed8;Google Update Service (gupdate1c9e74cbdc91ed8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-07 133104]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
-
meteorolog
- Vzorný návštěvník
- Příspěvky: 308
- Registrován: 07 led 2007 15:20
- Bydliště: Pardubice
Re: krádež hesla u rapidshare premium, co s tím?
tak ještě Combofix
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
-
skorojoerg
- Návštěvník
- Příspěvky: 107
- Registrován: 19 úno 2008 08:19
Re: krádež hesla u rapidshare premium, co s tím?
ComboFix 10-01-24.05 - Eduard Šurin 25.01.2010 18:43:06.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.468 [GMT 1:00]
Spuštěný z: c:\documents and settings\Eduard Šurin\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100125-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Eduard ćurin\Dokumenty\cc_20081024_2125.reg
c:\documents and settings\Owner\Dokumenty\cc_20080228_1843.reg
c:\program files\ICQ6.5\ICQLRun.exe
c:\recycler\S-1-5-21-1482476501-152049171-682003330-1003
c:\windows\system32\Desktop_.ini
----- BITS: Možné infikované stránky -----
hxxp://armmf.adobe.com
c:\windows\system32\grpconv.exe chyběl.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\grpconv.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_I386SI
-------\Legacy_SECURENTM
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-25 do 2010-01-25 )))))))))))))))))))))))))))))))
.
2010-01-25 17:47 . 2008-04-14 03:22 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-01-25 17:47 . 2008-04-14 03:22 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-01-25 17:11 . 2010-01-25 17:11 -------- d-----w- c:\program files\trend micro
2010-01-25 17:11 . 2010-01-25 17:11 -------- d-----w- C:\rsit
2010-01-13 16:30 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-01 18:48 . 2010-01-01 18:49 -------- d-----w- c:\program files\QuickTime
2010-01-01 18:48 . 2010-01-01 18:48 -------- d-----w- c:\program files\Common Files\Apple
2010-01-01 18:47 . 2010-01-01 18:47 -------- d-----w- c:\program files\Apple Software Update
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-25 17:47 . 2009-08-19 12:51 -------- d-----w- c:\program files\ICQ6.5
2010-01-25 16:19 . 2008-02-25 15:39 -------- d-----w- c:\program files\LogMeIn
2010-01-22 18:47 . 2008-02-27 20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-10 16:34 . 2008-01-29 20:59 -------- d-----w- c:\program files\Common Files\Skype
2010-01-10 16:34 . 2008-01-29 20:59 -------- d-----r- c:\program files\Skype
2010-01-08 18:32 . 2006-03-02 12:00 47584 ----a-w- c:\windows\system32\perfc005.dat
2010-01-08 18:32 . 2006-03-02 12:00 313482 ----a-w- c:\windows\system32\perfh005.dat
2010-01-07 15:07 . 2008-07-26 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2008-05-18 09:36 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-23 23:30 . 2009-06-07 08:48 -------- d-----w- c:\program files\Google
2009-12-21 19:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-24 23:54 . 2009-06-16 19:48 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-06-16 19:48 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-06-16 19:48 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-06-16 19:48 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-06-16 19:48 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-06-16 19:48 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-06-16 19:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-06-16 19:48 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-06-16 19:48 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Center Agent"="c:\program files\MSI\Digi VOX AD II\HyperMediaCenter\DTVR\Scheduled.exe" [2007-01-19 864768]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"emMON"="emMON.exe" [2006-05-30 61440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-3-9 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 17:19 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.6.2009 20:48 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.6.2009 20:48 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19.8.2009 13:53 222968]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [27.2.2008 18:28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [10.3.2008 19:54 47640]
S2 gupdate1c9e74cbdc91ed8;Google Update Service (gupdate1c9e74cbdc91ed8);c:\program files\Google\Update\GoogleUpdate.exe [7.6.2009 9:48 133104]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [10.3.2008 16:11 93440]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-07 08:48]
2010-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-07 08:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {19561F45-13A1-4C25-A549-F53BCEA5A2ED} = 10.254.254.254,10.254.254.253
FF - ProfilePath - c:\documents and settings\Eduard Šurin\Data aplikací\Mozilla\Firefox\Profiles\9qbzojok.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 18:52
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(1224)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\emMON.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\docume~1\EDUARD~1\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
.
**************************************************************************
.
Celkový čas: 2010-01-25 18:57:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-25 17:57
Před spuštěním: Volných bajtů: 16 859 156 480
Po spuštění: Volných bajtů: 17 118 253 056
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /noexecute=optin
- - End Of File - - 90BC19AEF6244E96E2A97FD622D2DF85
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.468 [GMT 1:00]
Spuštěný z: c:\documents and settings\Eduard Šurin\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100125-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Eduard ćurin\Dokumenty\cc_20081024_2125.reg
c:\documents and settings\Owner\Dokumenty\cc_20080228_1843.reg
c:\program files\ICQ6.5\ICQLRun.exe
c:\recycler\S-1-5-21-1482476501-152049171-682003330-1003
c:\windows\system32\Desktop_.ini
----- BITS: Možné infikované stránky -----
hxxp://armmf.adobe.com
c:\windows\system32\grpconv.exe chyběl.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\grpconv.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_I386SI
-------\Legacy_SECURENTM
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-25 do 2010-01-25 )))))))))))))))))))))))))))))))
.
2010-01-25 17:47 . 2008-04-14 03:22 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-01-25 17:47 . 2008-04-14 03:22 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-01-25 17:11 . 2010-01-25 17:11 -------- d-----w- c:\program files\trend micro
2010-01-25 17:11 . 2010-01-25 17:11 -------- d-----w- C:\rsit
2010-01-13 16:30 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-01 18:48 . 2010-01-01 18:49 -------- d-----w- c:\program files\QuickTime
2010-01-01 18:48 . 2010-01-01 18:48 -------- d-----w- c:\program files\Common Files\Apple
2010-01-01 18:47 . 2010-01-01 18:47 -------- d-----w- c:\program files\Apple Software Update
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-25 17:47 . 2009-08-19 12:51 -------- d-----w- c:\program files\ICQ6.5
2010-01-25 16:19 . 2008-02-25 15:39 -------- d-----w- c:\program files\LogMeIn
2010-01-22 18:47 . 2008-02-27 20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-10 16:34 . 2008-01-29 20:59 -------- d-----w- c:\program files\Common Files\Skype
2010-01-10 16:34 . 2008-01-29 20:59 -------- d-----r- c:\program files\Skype
2010-01-08 18:32 . 2006-03-02 12:00 47584 ----a-w- c:\windows\system32\perfc005.dat
2010-01-08 18:32 . 2006-03-02 12:00 313482 ----a-w- c:\windows\system32\perfh005.dat
2010-01-07 15:07 . 2008-07-26 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2008-05-18 09:36 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-23 23:30 . 2009-06-07 08:48 -------- d-----w- c:\program files\Google
2009-12-21 19:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-24 23:54 . 2009-06-16 19:48 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-06-16 19:48 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-06-16 19:48 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-06-16 19:48 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-06-16 19:48 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-06-16 19:48 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-06-16 19:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-06-16 19:48 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-06-16 19:48 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Center Agent"="c:\program files\MSI\Digi VOX AD II\HyperMediaCenter\DTVR\Scheduled.exe" [2007-01-19 864768]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"emMON"="emMON.exe" [2006-05-30 61440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-3-9 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 17:19 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.6.2009 20:48 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.6.2009 20:48 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19.8.2009 13:53 222968]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [27.2.2008 18:28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [10.3.2008 19:54 47640]
S2 gupdate1c9e74cbdc91ed8;Google Update Service (gupdate1c9e74cbdc91ed8);c:\program files\Google\Update\GoogleUpdate.exe [7.6.2009 9:48 133104]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [10.3.2008 16:11 93440]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-07 08:48]
2010-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-07 08:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {19561F45-13A1-4C25-A549-F53BCEA5A2ED} = 10.254.254.254,10.254.254.253
FF - ProfilePath - c:\documents and settings\Eduard Šurin\Data aplikací\Mozilla\Firefox\Profiles\9qbzojok.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 18:52
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(1224)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\emMON.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\docume~1\EDUARD~1\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
.
**************************************************************************
.
Celkový čas: 2010-01-25 18:57:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-25 17:57
Před spuštěním: Volných bajtů: 16 859 156 480
Po spuštění: Volných bajtů: 17 118 253 056
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /noexecute=optin
- - End Of File - - 90BC19AEF6244E96E2A97FD622D2DF85
-
meteorolog
- Vzorný návštěvník
- Příspěvky: 308
- Registrován: 07 led 2007 15:20
- Bydliště: Pardubice
Re: krádež hesla u rapidshare premium, co s tím?
OK, proveďte dočištění a doinstalujte firewall jako v předchozím případě
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
Přispějete na provoz fóra?