VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Hlášený vir, problém s gmerem

https://forum.viry.cz:443/viewtopic.php?t=96816

Stránka 1 z 1

Hlášený vir, problém s gmerem

Napsal: 26 led 2010 20:46
od Maeko
Dobrý večer,
včera mi avast zahlásil vir. Stáhnul jsem teda gmer abych dal skenovat počítač a poslal sem logy, ale při velkym skenu se komp seknul. Od té doby při spuštění gmeru a dělání toho malého testu se gmer sekne a nemůžu sem teda hodit logy.
Prosim o pomoc dík

Re: Hlášený vir, problém s gmerem

Napsal: 26 led 2010 20:47
od pitimir
Ahoj, v prvom rade by to chcelo uvodny log z RSITu a lokaciu najdeneho smejda ;)

Re: Hlášený vir, problém s gmerem

Napsal: 26 led 2010 21:04
od Maeko
Logfile of random's system information tool 1.06 (written by random/random)
Run by miro at 2010-01-26 21:04:06
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 7 GB (10%) free of 76 GB
Total RAM: 511 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:04:15, on 26.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\apache\APACHE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\apache\APACHE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\miro\Plocha\RSIT.exe
C:\Program Files\trend micro\miro.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: CHelper Class - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O3 - Toolbar: &Seznam Bezpečný Internet - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam Bezpecny Internet\SBI.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Seznam Bezpecny Internet\SBI.dll/5034
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Hledej v &Seznamu - res://C:\Program Files\Seznam Bezpecny Internet\SBI.dll/5033
O8 - Extra context menu item: Hledej v Seznam &Fulltextu - res://C:\Program Files\Seznam Bezpecny Internet\SBI.dll/5035
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: BSC Applet Security - https://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
O16 - DPF: BSC Applet Utilities - https://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
O16 - DPF: BSC Business Objects - https://ra.internetbanka.cz/ra31/bin/bu ... .99.99.cab
O16 - DPF: BSC Java Components Library - https://ra.internetbanka.cz/ra31/bin/jc ... .99.99.cab
O16 - DPF: BSC Text Utilities - https://ra.internetbanka.cz/ra31/bin/te ... .99.99.cab
O16 - DPF: BSC Utilities - https://ra.internetbanka.cz/ra31/bin/ut ... .99.99.cab
O16 - DPF: GEMINI IBS 32 GEMB Applet Security - https://ib.internetbanka.cz/ibs31/bin/I ... .3.0.0.cab
O16 - DPF: GEMINI IBS 32 GEMB Applet Utilities - https://ib.internetbanka.cz/ibs31/bin/I ... .99.99.cab
O16 - DPF: IAIK Java Cryptography Extension - https://ra.internetbanka.cz/ra31/bin/IA ... .99.99.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {94AFFFCC-6C05-4814-B123-A941105AA77F} (SignedData Class) - https://sepo.army.cz/WebSepo/User/capicom.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 9511 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-08-06 1933256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99A7C4DD-B2E6-4CA0-BB6E-737A61364155}]
CHelper Class - C:\PROGRA~1\EUROTR~1\e2003i.dll [2005-04-06 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B71B15CE-3093-459C-B764-AEB2486F2273} - &Seznam Bezpečný Internet - C:\Program Files\Seznam Bezpecny Internet\SBI.dll []
{E0E899AB-F487-11D5-8D29-0050BA6940E3}
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-08-06 1933256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-05-11 6729728]
"nwiz"=nwiz.exe /install []
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2003-06-09 28672]
"Jet Detection"=C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]
"avast!"=C:\PROGRA~1\Avast4\ashDisp.exe [2009-11-25 81000]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-05-11 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-05-05 98304]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-09-14 180269]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe [2005-05-18 208896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2005-11-08 128920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2004-06-04 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Tray Application]
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe [2002-10-22 598016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2005-05-05 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ServiceLayer]
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe [2002-10-16 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe [2004-09-28 32881]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2002-09-25 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Corel MEDIA FOLDERS INDEXER 8.LNK]
C:\Corel\GRAPHI~1\Programs\MFINDE~1.EXE [1998-01-12 83456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DSLMON.lnk]
C:\PROGRA~1\SAGEM\SAGEMF~1\dslmon.exe [2003-07-08 962663]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2002-09-11 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Last.fm Helper.lnk]
C:\PROGRA~1\Last.fm\LASTFM~1.EXE [2007-09-12 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Motorola Desktop Suite mRouter Config.lnk]
C:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Motorola Desktop Suite.lnk]
C:\PROGRA~1\Motorola\MOTORO~1\DESKTO~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^msmsgs.exe]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\msmsgs.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^miro^Nabídka Start^Programy^Po spuštění^PowerReg Scheduler V3.exe]
C:\Documents and Settings\miro\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler V3.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^miro^Nabídka Start^Programy^Po spuštění^Product Registration.lnk]
D:\ATR1.EXE /remind /language=CSY /PRNM=Product []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^miro^Nabídka Start^Programy^Po spuštění^Sid Registration.lnk]
D:\ATR1.EXE /remind /language=CSY /PRNM=Sid/PRMP=PIRS/SKUN=PCXX/GTYP=STRY []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^miro^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
C:\PROGRA~1\Xfire\Xfire.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Steam\steam.exe"="C:\Program Files\Steam\steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\SteamApps\maekoboss\counter-strike source\hl2.exe"="C:\Program Files\Steam\SteamApps\maekoboss\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Steam\SteamApps\maekoboss\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Steam\SteamApps\maekoboss\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\miro\Dokumenty\ICQ Lite\245327306\Hrdlo_285390787\WoW-1.4.0-enUS-downloader.exe"="C:\Documents and Settings\miro\Dokumenty\ICQ Lite\245327306\Hrdlo_285390787\WoW-1.4.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Steam\SteamApps\maekoboss\condition zero\hl.exe"="C:\Program Files\Steam\SteamApps\maekoboss\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\DC\DCPlusPlus.exe"="C:\Program Files\DC\DCPlusPlus.exe:*:Enabled:DC++"
"C:\Program Files\Java\j2re1.4.2_06\bin\javaw.exe"="C:\Program Files\Java\j2re1.4.2_06\bin\javaw.exe:*:Enabled:javaw"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"
"C:\Program Files\World of Warcraft\Repair.exe"="C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\apache\mysql\bin\mysqld-nt.exe"="C:\apache\mysql\bin\mysqld-nt.exe:*:Enabled:mysqld-nt"
"C:\Program Files\Steam\SteamApps\maekoboss\day of defeat source\hl2.exe"="C:\Program Files\Steam\SteamApps\maekoboss\day of defeat source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Steam\SteamApps\maekoboss\dedicated server\hlds.exe"="C:\Program Files\Steam\SteamApps\maekoboss\dedicated server\hlds.exe:*:Enabled:HLDS Launcher"
"C:\Program Files\Steam\SteamApps\maekoboss\source dedicated server\srcds.exe"="C:\Program Files\Steam\SteamApps\maekoboss\source dedicated server\srcds.exe:*:Enabled:srcds"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Last.fm\LastFM.exe"="C:\Program Files\Last.fm\LastFM.exe:*:Enabled:LastFM"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Warcraft III\war3.exe"="C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"C:\Program Files\GOTCHA!\Gotcha.exe"="C:\Program Files\GOTCHA!\Gotcha.exe:*:Enabled:Gotcha!"
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe"="C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Steam\SteamApps\common\gumboy demo\GumboyCrazyAdventuresDemo2.exe"="C:\Program Files\Steam\SteamApps\common\gumboy demo\GumboyCrazyAdventuresDemo2.exe:*:Enabled:Gumboy Demo"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.txt - open - notepad.exe %1

======List of files/folders created in the last 1 months======

2010-01-26 20:35:20 ----SHD---- C:\RECYCLER
2010-01-25 16:38:25 ----A---- C:\ComboFix.txt
2010-01-25 16:14:29 ----A---- C:\WINDOWS\MBR.exe
2010-01-25 16:04:28 ----A---- C:\WINDOWS\system32\CF6616.exe
2010-01-14 09:26:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-14 09:25:43 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-11 08:57:15 ----D---- C:\Documents and Settings\miro\Data aplikací\HpUpdate
2010-01-11 08:57:12 ----D---- C:\WINDOWS\Hewlett-Packard
2010-01-04 16:18:03 ----A---- C:\WINDOWS\system32\RALMain.dll
2010-01-04 16:18:03 ----A---- C:\WINDOWS\system32\DiskIO.dll
2010-01-04 16:18:02 ----A---- C:\WINDOWS\system32\pvmjpg30.dll
2010-01-04 16:18:01 ----A---- C:\WINDOWS\system32\LTRPR13n.DLL
2010-01-04 16:18:01 ----A---- C:\WINDOWS\system32\LTRIO13N.DLL
2010-01-04 16:18:01 ----A---- C:\WINDOWS\system32\LTRFD13n.DLL
2010-01-04 16:18:00 ----A---- C:\WINDOWS\system32\ltr13n.dll
2010-01-04 16:17:49 ----A---- C:\WINDOWS\system32\MMAviAx.dll
2010-01-04 16:17:49 ----A---- C:\WINDOWS\system32\Aviprax.dll
2010-01-04 16:17:48 ----A---- C:\WINDOWS\system32\MLPagAx.dll
2010-01-04 16:17:46 ----A---- C:\WINDOWS\system32\LTCLR13s.dll
2010-01-04 16:17:46 ----A---- C:\WINDOWS\system32\lfwmf13s.dll
2010-01-04 16:17:46 ----A---- C:\WINDOWS\system32\lftif13s.dll
2010-01-04 16:17:46 ----A---- C:\WINDOWS\system32\lftga13s.dll
2010-01-04 16:17:46 ----A---- C:\WINDOWS\system32\lfpsd13s.dll
2010-01-04 16:17:46 ----A---- C:\WINDOWS\system32\lfpng13s.dll
2010-01-04 16:17:46 ----A---- C:\WINDOWS\system32\lfpcx13s.dll
2010-01-04 16:17:46 ----A---- C:\WINDOWS\system32\lfpct13s.dll
2010-01-04 16:17:46 ----A---- C:\WINDOWS\system32\lfpcd13s.dll
2010-01-04 16:17:45 ----A---- C:\WINDOWS\system32\LFJ2K13s.dll
2010-01-04 16:17:45 ----A---- C:\WINDOWS\system32\lfgif13s.dll
2010-01-04 16:17:45 ----A---- C:\WINDOWS\system32\lffax13s.dll
2010-01-04 16:17:45 ----A---- C:\WINDOWS\system32\lfeps13s.dll
2010-01-04 16:17:45 ----A---- C:\WINDOWS\system32\LFCMP13s.DLL
2010-01-04 16:17:45 ----A---- C:\WINDOWS\system32\lfbmp13s.dll
2010-01-04 16:14:57 ----D---- C:\Program Files\SmartSound Software
2010-01-04 16:14:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\SmartSound Software Inc
2010-01-04 16:13:35 ----A---- C:\WINDOWS\VFO.INI
2010-01-04 16:13:26 ----A---- C:\WINDOWS\system32\mase32.dll
2010-01-04 16:13:25 ----A---- C:\WINDOWS\system32\masd32.dll
2010-01-04 16:13:25 ----A---- C:\WINDOWS\system32\mamc32.dll
2010-01-04 16:13:25 ----A---- C:\WINDOWS\system32\macd32.dll
2010-01-04 16:13:25 ----A---- C:\WINDOWS\system32\ma32.dll
2010-01-04 16:12:17 ----A---- C:\WINDOWS\system32\MSVCP70.DLL
2010-01-04 16:12:15 ----A---- C:\WINDOWS\system32\PCLEGetGuid.dll
2010-01-04 16:11:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio

======List of files/folders modified in the last 1 months======

2010-01-26 21:04:15 ----D---- C:\WINDOWS\Prefetch
2010-01-26 21:04:08 ----D---- C:\Program Files\trend micro
2010-01-26 20:43:16 ----D---- C:\Program Files\Mozilla Firefox
2010-01-26 20:43:02 ----D---- C:\WINDOWS\Temp
2010-01-26 00:58:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-26 00:58:14 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-25 21:40:02 ----D---- C:\WINDOWS
2010-01-25 20:24:23 ----HD---- C:\WINDOWS\inf
2010-01-25 16:38:28 ----D---- C:\Qoobox
2010-01-25 16:37:02 ----D---- C:\WINDOWS\ERDNT
2010-01-25 16:28:40 ----A---- C:\WINDOWS\system.ini
2010-01-25 16:27:23 ----D---- C:\WINDOWS\system32
2010-01-25 16:27:14 ----D---- C:\Program Files\ICQ6.5
2010-01-25 16:22:11 ----D---- C:\WINDOWS\system32\drivers
2010-01-25 16:22:11 ----D---- C:\WINDOWS\AppPatch
2010-01-25 16:22:08 ----D---- C:\Program Files\Common Files
2010-01-23 03:02:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-23 03:01:59 ----D---- C:\Program Files\Internet Explorer
2010-01-23 03:01:47 ----D---- C:\WINDOWS\ie8updates
2010-01-23 03:00:44 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-22 00:25:07 ----D---- C:\Documents and Settings\miro\Data aplikací\ICQ
2010-01-19 08:27:53 ----D---- C:\Program Files\Avast4
2010-01-14 09:26:09 ----A---- C:\WINDOWS\imsins.BAK
2010-01-11 08:57:28 ----SHD---- C:\WINDOWS\Installer
2010-01-11 08:57:27 ----D---- C:\Config.Msi
2010-01-11 08:57:23 ----D---- C:\Program Files\Hewlett-Packard
2010-01-11 08:57:19 ----D---- C:\Program Files\HP
2010-01-05 19:51:24 ----D---- C:\Program Files\StepMania
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-04 20:38:07 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-04 16:24:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
2010-01-04 16:18:20 ----RSD---- C:\WINDOWS\Fonts
2010-01-04 16:15:51 ----D---- C:\Program Files\Pinnacle
2010-01-04 16:15:34 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-04 16:14:57 ----D---- C:\Program Files
2010-01-04 16:13:35 ----A---- C:\AUTOEXEC.BAT
2010-01-04 16:12:35 ----D---- C:\WINDOWS\Downloaded Installations
2010-01-03 20:55:33 ----D---- C:\Documents and Settings\miro\Data aplikací\OpenOffice.org2
2009-12-27 13:52:07 ----D---- C:\Program Files\Warcraft III

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2003-12-26 82380]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-16 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 ithsgt;ithsgt; C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2006-03-17 162432]
R2 lilsgt;lilsgt; C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2006-03-17 12032]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\drivers\PfModNT.sys []
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-18 4736]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2004-03-10 11264]
R3 aswRdr;aswRdr; \??\C:\WINDOWS\system32\drivers\aswRdr.sys []
R3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2003-06-09 186068]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-06-09 494384]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2003-06-09 6144]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2003-06-09 136448]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2005-12-10 223128]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2003-06-09 116416]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-04-05 13872]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2003-06-09 819984]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-05-28 25544]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-05-11 3189376]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-06-09 113840]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 Tetris;Tetris driver; C:\WINDOWS\System32\Drivers\Tetris.sys [2006-03-17 48928]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2003-07-17 46167]
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\System32\DRIVERS\adiusbaw.sys [2003-03-27 127145]
S3 Bridge;Most MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTCAMDRV;Mobiola Web Camera driver; C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2006-01-11 219136]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\System32\DRIVERS\btwdndis.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\miro\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys []
S3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-12-08 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2007-12-08 20520]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2003-06-09 135696]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-02-17 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-02-17 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-02-17 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-02-17 83344]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2006-03-13 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2006-03-13 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2006-03-13 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2006-03-13 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2006-03-13 79488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCTINDIS5.SYS []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-04-16 5888]
S3 SE26bus;Sony Ericsson Device 038 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE26bus.sys [2006-05-01 61600]
S3 SE26mdfl;Sony Ericsson Device 038 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE26mdfl.sys [2006-05-01 9360]
S3 SE26mdm;Sony Ericsson Device 038 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE26mdm.sys [2006-05-01 97184]
S3 SE26mgmt;Sony Ericsson Device 038 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE26mgmt.sys [2006-05-01 88688]
S3 se26nd5;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS); C:\WINDOWS\system32\DRIVERS\se26nd5.sys [2006-05-01 18704]
S3 SE26obex;Sony Ericsson Device 038 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE26obex.sys [2006-05-01 86560]
S3 se26unic;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (WDM); C:\WINDOWS\system32\DRIVERS\se26unic.sys [2006-05-01 90768]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w550bus;Sony Ericsson W550 driver (WDM); C:\WINDOWS\system32\DRIVERS\w550bus.sys []
S3 w550mdfl;Sony Ericsson W550 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w550mdfl.sys []
S3 w550mdm;Sony Ericsson W550 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\w550mdm.sys []
S3 w550mgmt;Sony Ericsson W550 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\w550mgmt.sys []
S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\w550obex.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-12-06 104064]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Avast4\ashServ.exe [2009-11-25 138680]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-05-11 127042]
R2 PHPGeekUtil;PHPGeekUtil; c:\apache\APACHE.EXE [2002-01-25 20480]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2005-08-31 126976]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-05 163840]
S3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-06-04 401408]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Hlášený vir, problém s gmerem

Napsal: 26 led 2010 21:09
od Maeko
tady je ta adresa
25.1.2010 15:58:19 SYSTEM 1572 Virus "Win32:Malware-gen" byl nalezen v souboru "C:\WINDOWS\system32\PSDrvCheck.exe".

Re: Hlášený vir, problém s gmerem

Napsal: 26 led 2010 21:12
od pitimir
O spustani ComboFixu nebola rec :?:
Jedno nepochopim - co je zlozite na napisani takehoto postu? Ale nie, vsetko treba robit radsej na kolene a potom sa netreba cudovat, ze to koleno si clovek niekedy aj prevrta ;)
Radsej stiahnut vsetko mozne, pospustat to a snad sa ten smejd odstrani aj sam...pravda? Lenze niektore nastroje nie su zverejnene prave kvoli tomuto...aby sa nespustali na kazdu (aj banalnu) infekciu a aby sa najprv vylucila pritomnost urcitych smejdov (rootkitov), ktore by mohli robit neplechu a kolidovat s pouzivanymi technikami.


1) Start -> Spustit -> (napis) notepad "C:\ComboFix.txt"
Enter.
Otvori sa textovy dokument, jeho obsah sem vloz.


2) Stiahni RootRepeal. Spustis program, kliknes na "Report" -> "Scan" a zafajknes vsetky polozky. Stlac "OK" a spusti sa scan. Po jeho dokonceni klik na "Save Report" a vzniknuty log skopiruj sem.


3) Ten subor by mal byt v poriadku. Avsak napadnutie sa neda nikdy vylucit, preto:
Otestuj subor(y) na >>VIRUSTOTALe<<:

Kód: Vybrat vše

C:\WINDOWS\system32\PSDrvCheck.exe
Ak vypise, ze subor uz bol testovany, daj ho otestovat znovu. Vysledok posli ako LINK.

Re: Hlášený vir, problém s gmerem

Napsal: 26 led 2010 23:51
od Maeko
ComboFix 10-01-24.05 - miro 25.01.2010 16:15:37.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.199 [GMT 1:00]
Spuštěný z: c:\documents and settings\miro\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100125-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Plocha\Continue Titan Poker setup.lnk
c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\system32\Data
c:\windows\system32\Data\CT0060W.DAT
c:\windows\system32\Data\CTP0060W.DAT
c:\windows\system32\Data\CTP0061W.DAT
c:\windows\system32\Data\CTP0100W.DAT
c:\windows\system32\Data\CTP0101W.DAT
c:\windows\system32\Data\CTP0102W.DAT
c:\windows\system32\Data\CTP0103W.DAT
c:\windows\system32\Data\CTP0105W.DAT
c:\windows\system32\Data\CTP0170W.DAT
c:\windows\system32\Data\CTP017AW.DAT
c:\windows\system32\Data\CTP017BW.DAT
c:\windows\system32\Data\CTP017CW.DAT
c:\windows\system32\Data\CTP017DW.DAT
c:\windows\system32\Data\CTP017EW.DAT
c:\windows\system32\Data\CTP017FW.DAT
c:\windows\system32\Data\CTP017GW.DAT
c:\windows\system32\Data\CTP017HW.DAT
c:\windows\system32\Data\CTP0221W.DAT
c:\windows\system32\Data\CTP0222W.DAT
c:\windows\system32\Data\CTP0226W.DAT
c:\windows\system32\Data\CTP0228W.DAT
c:\windows\system32\Data\CTP1140W.DAT
c:\windows\system32\Data\CTP4620W.DAT
c:\windows\system32\Data\CTP4670W.DAT
c:\windows\system32\Data\CTP4760W.DAT
c:\windows\system32\Data\CTP4780W.DAT
c:\windows\system32\Data\CTP4790W.DAT
c:\windows\system32\Data\CTP4830W.DAT
c:\windows\system32\Data\CTP4831W.DAT
c:\windows\system32\Data\CTP4832W.DAT
c:\windows\system32\Data\CTP4840W.DAT
c:\windows\system32\Data\CTP4850W.DAT
c:\windows\system32\Data\CTP4870W.DAT
c:\windows\system32\Data\CTP4871W.DAT
c:\windows\system32\Data\CTP4872W.DAT
c:\windows\system32\Data\CTP4875W.DAT
c:\windows\system32\Data\CTP4890W.DAT
c:\windows\system32\Data\CTP4891W.DAT
c:\windows\system32\Data\CTP4893W.DAT
c:\windows\system32\Data\CTPDXW.DAT
c:\windows\system32\Data\CTPM002W.DAT
c:\windows\system32\Data\CTSBASW.DAT
c:\windows\unins000.dat
c:\windows\unins000.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-25 do 2010-01-25 )))))))))))))))))))))))))))))))
.

2010-01-25 15:04 . 2010-01-25 15:03 390144 ----a-w- c:\windows\system32\CF6616.exe
2010-01-13 16:12 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 07:57 . 2010-01-11 07:57 -------- d-----w- c:\windows\Hewlett-Packard
2010-01-04 15:24 . 2010-01-04 19:31 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2010-01-04 15:18 . 2005-12-12 05:57 204881 ----a-w- c:\windows\system32\DiskIO.dll
2010-01-04 15:18 . 2005-12-12 05:57 155721 ----a-w- c:\windows\system32\RALMain.dll
2010-01-04 15:18 . 2005-07-12 12:25 401408 ----a-w- c:\windows\system32\pvmjpg30.dll
2010-01-04 15:18 . 2002-09-24 09:12 466624 ----a-w- c:\windows\system32\LTRPR13n.DLL
2010-01-04 15:18 . 2002-09-24 09:12 304816 ----a-w- c:\windows\system32\LTRIO13N.DLL
2010-01-04 15:18 . 2002-09-24 09:12 194248 ----a-w- c:\windows\system32\LTRFD13n.DLL
2010-01-04 15:18 . 2002-09-24 09:12 934576 ----a-w- c:\windows\system32\ltr13n.dll
2010-01-04 15:14 . 2010-01-04 15:14 -------- d-----w- c:\program files\SmartSound Software
2010-01-04 15:13 . 2003-11-25 04:02 138752 ----a-w- c:\windows\system32\mase32.dll
2010-01-04 15:13 . 2003-11-25 04:02 57856 ----a-w- c:\windows\system32\masd32.dll
2010-01-04 15:13 . 2003-11-25 04:02 27648 ----a-w- c:\windows\system32\ma32.dll
2010-01-04 15:13 . 2003-11-25 04:02 196096 ----a-w- c:\windows\system32\macd32.dll
2010-01-04 15:13 . 2003-11-25 04:02 136192 ----a-w- c:\windows\system32\mamc32.dll
2010-01-04 15:12 . 2003-03-26 05:58 487424 ----a-w- c:\windows\system32\MSVCP70.DLL
2010-01-04 15:12 . 2004-01-23 15:44 49152 ----a-w- c:\windows\system32\PCLEGetGuid.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-25 15:27 . 2009-10-19 13:10 -------- d-----w- c:\program files\ICQ6.5
2010-01-25 15:12 . 2003-12-06 14:04 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000005-00001102-00000002-80671102}.dat
2010-01-25 15:12 . 2003-12-06 14:04 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000005-00001102-00000002-80671102}.dat
2010-01-19 07:27 . 2004-12-25 16:22 -------- d-----w- c:\program files\Avast4
2010-01-11 07:57 . 2003-12-24 18:33 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-11 07:57 . 2007-12-30 15:18 -------- d-----w- c:\program files\HP
2010-01-05 18:51 . 2009-12-25 09:32 -------- d-----w- c:\program files\StepMania
2010-01-04 15:15 . 2008-01-06 11:54 -------- d-----w- c:\program files\Pinnacle
2010-01-04 15:15 . 2003-12-06 13:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-27 12:52 . 2006-10-20 10:18 -------- d-----w- c:\program files\Warcraft III
2009-12-26 22:08 . 2005-06-11 19:37 -------- d-----w- c:\program files\Steam
2009-12-21 19:08 . 2004-08-23 18:35 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-10 14:58 . 2003-04-16 12:00 82484 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 14:58 . 2003-04-16 12:00 437886 ----a-w- c:\windows\system32\perfh005.dat
2009-11-24 23:54 . 2004-12-25 16:22 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2004-12-25 16:22 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2004-12-25 16:22 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-05-10 09:02 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-05-10 09:02 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2004-12-25 16:22 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2005-03-06 12:10 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2004-12-25 16:22 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2004-12-25 16:22 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-21 16:03 . 2003-04-16 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2007-08-21 08:01 . 2007-08-21 08:01 3006511 ----a-w- c:\program files\ie6.rar
2006-07-09 13:31 . 2006-07-09 13:31 398537 ----a-w- c:\program files\army.zip
2006-06-30 10:06 . 2006-06-30 10:07 2643424 ----a-w- c:\program files\Age2upA.exe
2006-06-11 07:34 . 2006-06-11 07:52 1494483 ----a-w- c:\program files\War3.exe
2006-05-17 19:35 . 2006-05-17 19:34 10673375 ----a-w- c:\program files\nentczst.exe
2005-11-19 15:21 . 2005-11-19 15:21 210879 ----a-w- c:\program files\Anti-Blaxx.rar
2007-06-01 13:33 . 2006-01-18 14:46 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-06-01 13:33 . 2006-01-18 14:46 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-06-01 13:33 . 2006-01-18 14:46 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2004-12-24 11:41 . 2004-12-24 11:41 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-24 09:53 . 2009-06-15 12:48 172023840 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-11 6729728]
"nwiz"="nwiz.exe" [2005-05-11 1519616]
"CTHelper"="CTHELPER.EXE" [2003-06-09 28672]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-05-11 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-05-05 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-14 180269]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Corel MEDIA FOLDERS INDEXER 8.LNK]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Corel MEDIA FOLDERS INDEXER 8.LNK
backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DSLMON.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Last.fm Helper.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Motorola Desktop Suite mRouter Config.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Motorola Desktop Suite mRouter Config.lnk
backup=c:\windows\pss\Motorola Desktop Suite mRouter Config.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Motorola Desktop Suite.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Motorola Desktop Suite.lnk
backup=c:\windows\pss\Motorola Desktop Suite.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^msmsgs.exe]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\msmsgs.exe
backup=c:\windows\pss\msmsgs.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^miro^Nabídka Start^Programy^Po spuštění^PowerReg Scheduler V3.exe]
path=c:\documents and settings\miro\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^miro^Nabídka Start^Programy^Po spuštění^Product Registration.lnk]
path=c:\documents and settings\miro\Nabídka Start\Programy\Po spuštění\Product Registration.lnk
backup=c:\windows\pss\Product Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^miro^Nabídka Start^Programy^Po spuštění^Sid Registration.lnk]
path=c:\documents and settings\miro\Nabídka Start\Programy\Po spuštění\Sid Registration.lnk
backup=c:\windows\pss\Sid Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^miro^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
path=c:\documents and settings\miro\Nabídka Start\Programy\Po spuštění\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
2005-05-18 14:08 208896 ----a-w- c:\program files\Anti-Blaxx\Anti-Blaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-11-08 22:00 128920 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2004-06-04 10:38 286720 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Tray Application]
2002-10-22 07:52 598016 ----a-w- c:\program files\Common Files\Nokia\NCLTools\NclTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-05-05 16:13 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ServiceLayer]
2002-10-16 07:43 69632 ----a-w- c:\program files\Common Files\Nokia\Services\ServiceLayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2004-09-28 19:26 32881 ----a-w- c:\program files\Java\j2re1.4.2_06\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\maekoboss\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Steam\\SteamApps\\maekoboss\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\miro\\Dokumenty\\ICQ Lite\\245327306\\Hrdlo_285390787\\WoW-1.4.0-enUS-downloader.exe"=
"c:\\Program Files\\Steam\\SteamApps\\maekoboss\\condition zero\\hl.exe"=
"c:\\Program Files\\DC\\DCPlusPlus.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_06\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\apache\\mysql\\bin\\mysqld-nt.exe"=
"c:\\Program Files\\Steam\\SteamApps\\maekoboss\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Steam\\SteamApps\\maekoboss\\dedicated server\\hlds.exe"=
"c:\\Program Files\\Steam\\SteamApps\\maekoboss\\source dedicated server\\srcds.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\GOTCHA!\\Gotcha.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\gumboy demo\\GumboyCrazyAdventuresDemo2.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2.12.2004 21:42 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10.5.2008 10:02 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.5.2008 10:02 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [6.8.2008 8:10 222456]
R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [17.3.2006 14:18 48928]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.11.2005 14:53 664064]
S0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2.12.2004 21:42 140800]
S2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [25.1.2002 5:30 20480]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [3.2.2006 13:24 219136]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8.12.2007 17:37 13352]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [6.5.2007 11:57 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [6.5.2007 11:57 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [6.5.2007 11:57 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [6.5.2007 11:57 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [6.5.2007 11:57 83344]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 22:10 32512]
S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\w550obex.sys --> c:\windows\system32\DRIVERS\w550obex.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Přelož do češtiny - c:\program files\Seznam Bezpecny Internet\SBI.dll/5034
IE: &Search
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Hledej v &Seznamu - c:\program files\Seznam Bezpecny Internet\SBI.dll/5033
IE: Hledej v Seznam &Fulltextu - c:\program files\Seznam Bezpecny Internet\SBI.dll/5035
IE: Zobrazit originál
IE: {{572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - {DB7FBFE3-82CB-49E0-9C41-39C2A80B4966} - c:\progra~1\EUROTR~1\e2003i.dll
DPF: BSC Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/aplsec-99.99.99.99.cab
DPF: BSC Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/aplutil-99.99.99.99.cab
DPF: BSC Business Objects - hxxps://ra.internetbanka.cz/ra31/bin/business-99.99.99.99.cab
DPF: BSC Java Components Library - hxxps://ra.internetbanka.cz/ra31/bin/jcl-99.99.99.99.cab
DPF: BSC Text Utilities - hxxps://ra.internetbanka.cz/ra31/bin/text-99.99.99.99.cab
DPF: BSC Utilities - hxxps://ra.internetbanka.cz/ra31/bin/util-99.99.99.99.cab
DPF: GEMINI IBS 32 GEMB Applet Security - hxxps://ib.internetbanka.cz/ibs31/bin/IBS32-GEMB-aplsec-3.3.0.0.cab
DPF: GEMINI IBS 32 GEMB Applet Utilities - hxxps://ib.internetbanka.cz/ibs31/bin/IBS32-GEMB-aplutil-99.99.99.99.cab
DPF: IAIK Java Cryptography Extension - hxxps://ra.internetbanka.cz/ra31/bin/IAIK-99.99.99.99.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\miro\Data aplikací\Mozilla\Firefox\Profiles\0tp5jlzw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Czech Soccer Manager 2002 Final Edition - c:\program files\Czech Soccer Manager 2002 Final Edition\DeIsL1.isu
AddRemove-Heroes of Might and Magic II - c:\program files\Heroes2\DeIsL1.isu
AddRemove-Invision 2.0 Build 3515 - e:\mirc__~1\KOPIE-~1\MIRC__~1\UNWISE.EXE
AddRemove-KnightShift - c:\progra~1\KNIGHT~1\UNWISE.EXE
AddRemove-Revenant - c:\program files\Revenant\Uninst.isu
AddRemove-Trefík - podpora databází - c:\program files\DeIsL1.isu
AddRemove-Vampire - c:\program files\Vampire The Masquerade - Redemption\Vampire.isu
AddRemove-{FBC2DD8F-A7DE-4CA3-B793-E50A7BA25AF0}_is1 - c:\windows\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 16:28
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2025429265-616249376-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Celkový čas: 2010-01-25 16:38:24
ComboFix-quarantined-files.txt 2010-01-25 15:38
ComboFix2.txt 2009-06-14 19:25
ComboFix3.txt 2009-06-14 11:38

Před spuštěním: 7 074 516 992
Po spuštění: 7 658 254 336

Current=2 Default=2 Failed=3 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - 4E14D4E8936C161E7B2F47B2AF694EF7

RootRepeal

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/26 21:22
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0xF8511000 Size: 98304 File Visible: No Signed: -
Status: -

Name:
Image Path:
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: 00000051
Image Path: \Driver\00000051
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF616A000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8BCC000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB9674000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf61b26b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf61b2574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf61b2a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf61b214c

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf85c7c22

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf85c7f9a

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf61b264e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf61b208c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf61b20f0

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf85c8064

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf61b276e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf61b272e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf61b28ae

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x83395bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x83395bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x83395bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x83395bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x83395bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x83395bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x83395bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x83395bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x83395bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x83395bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x83395bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x83395bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x83395bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x83395bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x83395bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x83395bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x83395bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x83395bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x83395bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x83395bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x83395bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x83395bf8 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_CREATE]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_CLOSE]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_READ]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_WRITE]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_QUERY_EA]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_SET_EA]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_CLEANUP]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_POWER]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: dtscsi, IRP_MJ_PNP]
Process: System Address: 0x830c20d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x830b05f8 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_READ]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x831d4f00 Size: 99

Object: Hidden Code [Driver: Disk, IRP_MJ_CREATE]
Process: System Address: 0x83395e30 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_CLOSE]
Process: System Address: 0x83395e30 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_READ]
Process: System Address: 0x83395e30 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_WRITE]
Process: System Address: 0x83395e30 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x83395e30 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x83395e30 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x83395e30 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x83395e30 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_POWER]
Process: System Address: 0x83395e30 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x83395e30 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_PNP]
Process: System Address: 0x83395e30 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x833de530 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x833de530 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x833de530 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x833de530 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x833de530 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x833de530 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x833de530 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x833de530 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x833de530 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x833de530 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x833de530 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8312fdb8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8312fdb8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8312fdb8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8312fdb8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8312fdb8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8312fdb8 Size: 15

Object: Hidden Code [Driver: xmasscsi, IRP_MJ_CREATE]
Process: System Address: 0x833950e8 Size: 15

Object: Hidden Code [Driver: xmasscsi, IRP_MJ_CLOSE]
Process: System Address: 0x833950e8 Size: 15

Object: Hidden Code [Driver: xmasscsi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x833950e8 Size: 15

Object: Hidden Code [Driver: xmasscsi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x833950e8 Size: 15

Object: Hidden Code [Driver: xmasscsi, IRP_MJ_POWER]
Process: System Address: 0x833950e8 Size: 15

Object: Hidden Code [Driver: xmasscsi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x833950e8 Size: 15

Object: Hidden Code [Driver: xmasscsi, IRP_MJ_PNP]
Process: System Address: 0x833950e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLOSE]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x831e8a64 Size: 11

Object: Hidden Code [Driver: Rdbss, IRP_MJ_WRITE]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_EA]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_EA]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLEANUP]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_SECURITY]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_POWER]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_QUOTA]
Process: System Address: 0x82ff20e8 Size: 15

Object: Hidden Code [Driver: Srv, IRP_MJ_READ]
Process: System Address: 0x8280b82c Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8299f674 Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x83044298 Size: 15

Object: Hidden Code [Driver: Npfsȅఄ扏济comdlg32.dll, IRP_MJ_CREATE]
Process: System Address: 0x830ab6a0 Size: 15

Object: Hidden Code [Driver: Npfsȅఄ扏济comdlg32.dll, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x830ab6a0 Size: 15

Object: Hidden Code [Driver: Npfsȅఄ扏济comdlg32.dll, IRP_MJ_CLOSE]
Process: System Address: 0x830ab6a0 Size: 15

Object: Hidden Code [Driver: Npfsȅఄ扏济comdlg32.dll, IRP_MJ_READ]
Process: System Address: 0x830a30b4 Size: 11

Object: Hidden Code [Driver: Npfsȅఄ扏济comdlg32.dll, IRP_MJ_WRITE]
Process: System Address: 0x830ab6a0 Size: 15

Object: Hidden Code [Driver: Npfsȅఄ扏济comdlg32.dll, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x830ab6a0 Size: 15

Object: Hidden Code [Driver: Npfsȅఄ扏济comdlg32.dll, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x830ab6a0 Size: 15

Object: Hidden Code [Driver: Npfsȅఄ扏济comdlg32.dll, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x830ab6a0 Size: 15

Object: Hidden Code [Driver: Npfsȅఄ扏济comdlg32.dll, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x830ab6a0 Size: 15

Object: Hidden Code [Driver: Npfsȅఄ扏济comdlg32.dll, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x830ab6a0 Size: 15

Object: Hidden Code [Driver: Npfsȅఄ扏济comdlg32.dll, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x830ab6a0 Size: 15

Object: Hidden Code [Driver: Npfsȅఄ扏济comdlg32.dll, IRP_MJ_CLEANUP]
Process: System Address: 0x830ab6a0 Size: 15

Object: Hidden Code [Driver: Npfsȅఄ扏济comdlg32.dll, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x830ab6a0 Size: 15

Object: Hidden Code [Driver: Npfsȅఄ扏济comdlg32.dll, IRP_MJ_SET_SECURITY]
Process: System Address: 0x830ab6a0 Size: 15

Object: Hidden Code [Driver: Msfsȅ఍敓Ѐ, IRP_MJ_CREATE]
Process: System Address: 0x82fea0e8 Size: 15

Object: Hidden Code [Driver: Msfsȅ఍敓Ѐ, IRP_MJ_CLOSE]
Process: System Address: 0x82fea0e8 Size: 15

Object: Hidden Code [Driver: Msfsȅ఍敓Ѐ, IRP_MJ_READ]
Process: System Address: 0x82fea25c Size: 11

Object: Hidden Code [Driver: Msfsȅ఍敓Ѐ, IRP_MJ_WRITE]
Process: System Address: 0x82fea0e8 Size: 15

Object: Hidden Code [Driver: Msfsȅ఍敓Ѐ, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x82fea0e8 Size: 15

Object: Hidden Code [Driver: Msfsȅ఍敓Ѐ, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x82fea0e8 Size: 15

Object: Hidden Code [Driver: Msfsȅ఍敓Ѐ, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x82fea0e8 Size: 15

Object: Hidden Code [Driver: Msfsȅ఍敓Ѐ, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x82fea0e8 Size: 15

Object: Hidden Code [Driver: Msfsȅ఍敓Ѐ, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x82fea0e8 Size: 15

Object: Hidden Code [Driver: Msfsȅ఍敓Ѐ, IRP_MJ_CLEANUP]
Process: System Address: 0x82fea0e8 Size: 15

Object: Hidden Code [Driver: Msfsȅ఍敓Ѐ, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x82fea0e8 Size: 15

Object: Hidden Code [Driver: Msfsȅ఍敓Ѐ, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x82fea0e8 Size: 15

Object: Hidden Code [Driver: Msfsȅ఍敓Ѐ, IRP_MJ_SET_SECURITY]
Process: System Address: 0x82fea0e8 Size: 15

Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]
Process: System Address: 0x82fca094 Size: 11

Object: Hidden Code [Driver: Mup, IRP_MJ_CREATE]
Process: System Address: 0x830f4708 Size: 15

Object: Hidden Code [Driver: Mup, IRP_MJ_CLOSE]
Process: System Address: 0x830f4708 Size: 15

Object: Hidden Code [Driver: Mup, IRP_MJ_READ]
Process: System Address: 0x83020254 Size: 11

Object: Hidden Code [Driver: Mup, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x830f4708 Size: 15

Object: Hidden Code [Driver: Mup, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x830f4708 Size: 15

Object: Hidden Code [Driver: Mup, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x830f4708 Size: 15

Object: Hidden Code [Driver: Mup, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x830f4708 Size: 15

Object: Hidden Code [Driver: Mup, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x830f4708 Size: 15

Object: Hidden Code [Driver: Mup, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x830f4708 Size: 15

Object: Hidden Code [Driver: Mup, IRP_MJ_SHUTDOWN]
Process: System Address: 0x830f4708 Size: 15

Object: Hidden Code [Driver: Mup, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x830f4708 Size: 15

Object: Hidden Code [Driver: Mup, IRP_MJ_CLEANUP]
Process: System Address: 0x830f4708 Size: 15

Object: Hidden Code [Driver: Mup, IRP_MJ_PNP]
Process: System Address: 0x830f4708 Size: 15

==EOF==

VirusTotal píše že soubor nelze nalézt

Re: Hlášený vir, problém s gmerem

Napsal: 27 led 2010 11:03
od pitimir
Nevadi, zvladneme to aj bez neho. Kedze uz bol CF pouzity...

1) Stiahni OTC. Spust, klik na "CleanUp", potvrd okna a restart.


2) Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!


3) Stiahni DDS. Uloz na plochu, ukonci vsetky spustene programy a spust ho. Po skonceni scanu sa otvoria vysledky v 2 oknach - DDS.txt a Attach.txt. Obsah oboch by som rad videl.

Re: Hlášený vir, problém s gmerem

Napsal: 29 led 2010 14:14
od Maeko
ComboFix 10-01-24.05 - miro 29.01.2010 13:37:27.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.228 [GMT 1:00]
Spuštěný z: c:\documents and settings\miro\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100129-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-28 do 2010-01-29 )))))))))))))))))))))))))))))))
.

2010-01-25 15:04 . 2010-01-25 15:03 390144 ----a-w- c:\windows\system32\CF6616.exe
2010-01-13 16:12 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 07:57 . 2010-01-11 07:57 -------- d-----w- c:\windows\Hewlett-Packard
2010-01-04 15:24 . 2010-01-04 19:31 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2010-01-04 15:18 . 2005-12-12 05:57 204881 ----a-w- c:\windows\system32\DiskIO.dll
2010-01-04 15:18 . 2005-12-12 05:57 155721 ----a-w- c:\windows\system32\RALMain.dll
2010-01-04 15:18 . 2005-07-12 12:25 401408 ----a-w- c:\windows\system32\pvmjpg30.dll
2010-01-04 15:18 . 2002-09-24 09:12 466624 ----a-w- c:\windows\system32\LTRPR13n.DLL
2010-01-04 15:18 . 2002-09-24 09:12 304816 ----a-w- c:\windows\system32\LTRIO13N.DLL
2010-01-04 15:18 . 2002-09-24 09:12 194248 ----a-w- c:\windows\system32\LTRFD13n.DLL
2010-01-04 15:18 . 2002-09-24 09:12 934576 ----a-w- c:\windows\system32\ltr13n.dll
2010-01-04 15:14 . 2010-01-04 15:14 -------- d-----w- c:\program files\SmartSound Software
2010-01-04 15:13 . 2003-11-25 04:02 138752 ----a-w- c:\windows\system32\mase32.dll
2010-01-04 15:13 . 2003-11-25 04:02 57856 ----a-w- c:\windows\system32\masd32.dll
2010-01-04 15:13 . 2003-11-25 04:02 27648 ----a-w- c:\windows\system32\ma32.dll
2010-01-04 15:13 . 2003-11-25 04:02 196096 ----a-w- c:\windows\system32\macd32.dll
2010-01-04 15:13 . 2003-11-25 04:02 136192 ----a-w- c:\windows\system32\mamc32.dll
2010-01-04 15:12 . 2003-03-26 05:58 487424 ----a-w- c:\windows\system32\MSVCP70.DLL
2010-01-04 15:12 . 2004-01-23 15:44 49152 ----a-w- c:\windows\system32\PCLEGetGuid.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 20:04 . 2009-06-13 19:11 -------- d-----w- c:\program files\trend micro
2010-01-25 15:27 . 2009-10-19 13:10 -------- d-----w- c:\program files\ICQ6.5
2010-01-25 15:12 . 2003-12-06 14:04 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000005-00001102-00000002-80671102}.dat
2010-01-25 15:12 . 2003-12-06 14:04 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000005-00001102-00000002-80671102}.dat
2010-01-19 07:27 . 2004-12-25 16:22 -------- d-----w- c:\program files\Avast4
2010-01-11 07:57 . 2003-12-24 18:33 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-11 07:57 . 2007-12-30 15:18 -------- d-----w- c:\program files\HP
2010-01-05 18:51 . 2009-12-25 09:32 -------- d-----w- c:\program files\StepMania
2010-01-04 15:15 . 2008-01-06 11:54 -------- d-----w- c:\program files\Pinnacle
2010-01-04 15:15 . 2003-12-06 13:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-27 12:52 . 2006-10-20 10:18 -------- d-----w- c:\program files\Warcraft III
2009-12-26 22:08 . 2005-06-11 19:37 -------- d-----w- c:\program files\Steam
2009-12-21 19:08 . 2004-08-23 18:35 916480 ------w- c:\windows\system32\wininet.dll
2009-12-10 14:58 . 2003-04-16 12:00 82484 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 14:58 . 2003-04-16 12:00 437886 ----a-w- c:\windows\system32\perfh005.dat
2009-11-24 23:54 . 2004-12-25 16:22 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2004-12-25 16:22 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2004-12-25 16:22 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-05-10 09:02 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-05-10 09:02 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2004-12-25 16:22 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2005-03-06 12:10 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2004-12-25 16:22 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2004-12-25 16:22 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-21 16:03 . 2003-04-16 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2007-08-21 08:01 . 2007-08-21 08:01 3006511 ----a-w- c:\program files\ie6.rar
2006-07-09 13:31 . 2006-07-09 13:31 398537 ----a-w- c:\program files\army.zip
2006-06-30 10:06 . 2006-06-30 10:07 2643424 ----a-w- c:\program files\Age2upA.exe
2006-06-11 07:34 . 2006-06-11 07:52 1494483 ----a-w- c:\program files\War3.exe
2006-05-17 19:35 . 2006-05-17 19:34 10673375 ----a-w- c:\program files\nentczst.exe
2005-11-19 15:21 . 2005-11-19 15:21 210879 ----a-w- c:\program files\Anti-Blaxx.rar
2007-06-01 13:33 . 2006-01-18 14:46 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-06-01 13:33 . 2006-01-18 14:46 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-06-01 13:33 . 2006-01-18 14:46 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2004-12-24 11:41 . 2004-12-24 11:41 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-24 09:53 . 2009-06-15 12:48 172023840 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-11 6729728]
"nwiz"="nwiz.exe" [2005-05-11 1519616]
"CTHelper"="CTHELPER.EXE" [2003-06-09 28672]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-05-11 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-05-05 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-14 180269]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Corel MEDIA FOLDERS INDEXER 8.LNK]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Corel MEDIA FOLDERS INDEXER 8.LNK
backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DSLMON.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Last.fm Helper.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Motorola Desktop Suite mRouter Config.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Motorola Desktop Suite mRouter Config.lnk
backup=c:\windows\pss\Motorola Desktop Suite mRouter Config.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Motorola Desktop Suite.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Motorola Desktop Suite.lnk
backup=c:\windows\pss\Motorola Desktop Suite.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^msmsgs.exe]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\msmsgs.exe
backup=c:\windows\pss\msmsgs.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^miro^Nabídka Start^Programy^Po spuštění^PowerReg Scheduler V3.exe]
path=c:\documents and settings\miro\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^miro^Nabídka Start^Programy^Po spuštění^Product Registration.lnk]
path=c:\documents and settings\miro\Nabídka Start\Programy\Po spuštění\Product Registration.lnk
backup=c:\windows\pss\Product Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^miro^Nabídka Start^Programy^Po spuštění^Sid Registration.lnk]
path=c:\documents and settings\miro\Nabídka Start\Programy\Po spuštění\Sid Registration.lnk
backup=c:\windows\pss\Sid Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^miro^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
path=c:\documents and settings\miro\Nabídka Start\Programy\Po spuštění\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
2005-05-18 14:08 208896 ----a-w- c:\program files\Anti-Blaxx\Anti-Blaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-11-08 22:00 128920 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2004-06-04 10:38 286720 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Tray Application]
2002-10-22 07:52 598016 ----a-w- c:\program files\Common Files\Nokia\NCLTools\NclTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-05-05 16:13 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ServiceLayer]
2002-10-16 07:43 69632 ----a-w- c:\program files\Common Files\Nokia\Services\ServiceLayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2004-09-28 19:26 32881 ----a-w- c:\program files\Java\j2re1.4.2_06\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\maekoboss\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Steam\\SteamApps\\maekoboss\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\miro\\Dokumenty\\ICQ Lite\\245327306\\Hrdlo_285390787\\WoW-1.4.0-enUS-downloader.exe"=
"c:\\Program Files\\Steam\\SteamApps\\maekoboss\\condition zero\\hl.exe"=
"c:\\Program Files\\DC\\DCPlusPlus.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_06\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\apache\\mysql\\bin\\mysqld-nt.exe"=
"c:\\Program Files\\Steam\\SteamApps\\maekoboss\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Steam\\SteamApps\\maekoboss\\dedicated server\\hlds.exe"=
"c:\\Program Files\\Steam\\SteamApps\\maekoboss\\source dedicated server\\srcds.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\GOTCHA!\\Gotcha.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\gumboy demo\\GumboyCrazyAdventuresDemo2.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2.12.2004 21:42 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10.5.2008 10:02 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.5.2008 10:02 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [6.8.2008 8:10 222456]
R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [17.3.2006 14:18 48928]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.11.2005 14:53 664064]
S0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2.12.2004 21:42 140800]
S2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [25.1.2002 5:30 20480]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [3.2.2006 13:24 219136]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8.12.2007 17:37 13352]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [6.5.2007 11:57 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [6.5.2007 11:57 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [6.5.2007 11:57 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [6.5.2007 11:57 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [6.5.2007 11:57 83344]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 22:10 32512]
S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\w550obex.sys --> c:\windows\system32\DRIVERS\w550obex.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Přelož do češtiny - c:\program files\Seznam Bezpecny Internet\SBI.dll/5034
IE: &Search
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Hledej v &Seznamu - c:\program files\Seznam Bezpecny Internet\SBI.dll/5033
IE: Hledej v Seznam &Fulltextu - c:\program files\Seznam Bezpecny Internet\SBI.dll/5035
IE: Zobrazit originál
IE: {{572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - {DB7FBFE3-82CB-49E0-9C41-39C2A80B4966} - c:\progra~1\EUROTR~1\e2003i.dll
DPF: BSC Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/aplsec-99.99.99.99.cab
DPF: BSC Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/aplutil-99.99.99.99.cab
DPF: BSC Business Objects - hxxps://ra.internetbanka.cz/ra31/bin/business-99.99.99.99.cab
DPF: BSC Java Components Library - hxxps://ra.internetbanka.cz/ra31/bin/jcl-99.99.99.99.cab
DPF: BSC Text Utilities - hxxps://ra.internetbanka.cz/ra31/bin/text-99.99.99.99.cab
DPF: BSC Utilities - hxxps://ra.internetbanka.cz/ra31/bin/util-99.99.99.99.cab
DPF: GEMINI IBS 32 GEMB Applet Security - hxxps://ib.internetbanka.cz/ibs31/bin/IBS32-GEMB-aplsec-3.3.0.0.cab
DPF: GEMINI IBS 32 GEMB Applet Utilities - hxxps://ib.internetbanka.cz/ibs31/bin/IBS32-GEMB-aplutil-99.99.99.99.cab
DPF: IAIK Java Cryptography Extension - hxxps://ra.internetbanka.cz/ra31/bin/IAIK-99.99.99.99.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\miro\Data aplikací\Mozilla\Firefox\Profiles\0tp5jlzw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 13:48
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2025429265-616249376-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Celkový čas: 2010-01-29 13:56:18
ComboFix-quarantined-files.txt 2010-01-29 12:55

Před spuštěním: 8 410 968 064
Po spuštění: 8 368 963 584

Current=2 Default=2 Failed=3 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - 90F0E5758C23724A8DCE51A16BFBDB3E


DDS

DDS (Ver_09-12-01.01) - NTFSx86
Run by miro at 14:00:09,85 on pá 29.01.2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.199 [GMT 1:00]

AV: avast! antivirus 4.8.1368 [VPS 100129-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\miro\Plocha\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.cz/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~1\MEGAUP~1.DLL
BHO: CHelper Class: {99a7c4dd-b2e6-4ca0-bb6e-737a61364155} - c:\progra~1\eurotr~1\e2003i.dll
TB: &Seznam Bezpečný Internet: {b71b15ce-3093-459c-b764-aeb2486f2273} - c:\program files\seznam bezpecny internet\SBI.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~1\MEGAUP~1.DLL
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [CTHelper] CTHELPER.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [avast!] c:\progra~1\avast4\ashDisp.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &ICQ Toolbar Search - c:\program files\icqtoolbar\toolbaru.dll/SEARCH.HTML
IE: &Přelož do češtiny - c:\program files\seznam bezpecny internet\SBI.dll/5034
IE: &Search
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Hledej v &Seznamu - c:\program files\seznam bezpecny internet\SBI.dll/5033
IE: Hledej v Seznam &Fulltextu - c:\program files\seznam bezpecny internet\SBI.dll/5035
IE: Zobrazit originál
IE: {49783ED4-258D-4f9f-BE11-137C18D3E543} - c:\poker\titan poker\casino.exe
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program files\icqlite\ICQLite.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBC} - c:\program files\java\j2re1.4.2_06\bin\npjpi142_06.dll
IE: {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - {DB7FBFE3-82CB-49E0-9C41-39C2A80B4966} - c:\progra~1\eurotr~1\e2003i.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: BSC Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/aplsec-99.99.99.99.cab
DPF: BSC Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/aplutil-99.99.99.99.cab
DPF: BSC Business Objects - hxxps://ra.internetbanka.cz/ra31/bin/business-99.99.99.99.cab
DPF: BSC Java Components Library - hxxps://ra.internetbanka.cz/ra31/bin/jcl-99.99.99.99.cab
DPF: BSC Text Utilities - hxxps://ra.internetbanka.cz/ra31/bin/text-99.99.99.99.cab
DPF: BSC Utilities - hxxps://ra.internetbanka.cz/ra31/bin/util-99.99.99.99.cab
DPF: GEMINI IBS 32 GEMB Applet Security - hxxps://ib.internetbanka.cz/ibs31/bin/IBS32-GEMB-aplsec-3.3.0.0.cab
DPF: GEMINI IBS 32 GEMB Applet Utilities - hxxps://ib.internetbanka.cz/ibs31/bin/IBS32-GEMB-aplutil-99.99.99.99.cab
DPF: IAIK Java Cryptography Extension - hxxps://ra.internetbanka.cz/ra31/bin/IAIK-99.99.99.99.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {94AFFFCC-6C05-4814-B123-A941105AA77F} - hxxps://sepo.army.cz/WebSepo/User/capicom.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Hosts: 10.0.0.2 HP00215A07D485

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\miro\dataap~1\mozilla\firefox\profiles\0tp5jlzw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);

============= SERVICES / DRIVERS ===============

R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2004-12-2 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-5-10 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-5-10 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast4\ashServ.exe [2004-12-25 138680]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2008-8-6 222456]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\avast4\ashMaiSv.exe [2004-12-25 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\avast4\ashWebSv.exe [2005-3-6 352920]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2003-4-16 69120]
R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [2006-3-17 48928]
S0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2004-12-2 140800]
S2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [2002-1-25 20480]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [2006-2-3 219136]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2007-12-8 13352]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2007-5-6 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2007-5-6 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2007-5-6 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [2007-5-6 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2007-5-6 83344]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\w550obex.sys --> c:\windows\system32\drivers\w550obex.sys [?]

=============== Created Last 30 ================

2010-01-29 12:36:16 98816 ----a-w- c:\windows\sed.exe
2010-01-29 12:36:16 161792 ----a-w- c:\windows\SWREG.exe
2010-01-25 15:14:29 77312 ----a-w- c:\windows\MBR.exe
2010-01-25 15:04:28 390144 ----a-w- c:\windows\system32\CF6616.exe
2010-01-13 16:12:00 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 07:57:15 0 d-----w- c:\docume~1\miro\dataap~1\HpUpdate
2010-01-11 07:57:12 0 d-----w- c:\windows\Hewlett-Packard
2010-01-04 15:24:47 0 d-----w- c:\documents and settings\all users\Data aplikac
2010-01-04 15:23:48 45 ----a-w- c:\windows\system32\blue.SITENAME
2010-01-04 15:23:36 455 ----a-w- c:\windows\VFO.VST
2010-01-04 15:18:03 204881 ----a-w- c:\windows\system32\DiskIO.dll
2010-01-04 15:18:03 155721 ----a-w- c:\windows\system32\RALMain.dll
2010-01-04 15:18:02 534192 ----a-w- c:\windows\system32\LTRVW13N.OCX
2010-01-04 15:18:02 401408 ----a-w- c:\windows\system32\pvmjpg30.dll
2010-01-04 15:18:01 466624 ----a-w- c:\windows\system32\LTRPR13n.DLL
2010-01-04 15:18:01 304816 ----a-w- c:\windows\system32\LTRIO13N.DLL
2010-01-04 15:18:01 2653888 ----a-w- c:\windows\system32\LTRDG13n.OCX
2010-01-04 15:18:01 194248 ----a-w- c:\windows\system32\LTRFD13n.DLL
2010-01-04 15:18:00 934576 ----a-w- c:\windows\system32\ltr13n.dll
2010-01-04 15:14:57 0 d-----w- c:\program files\SmartSound Software
2010-01-04 15:14:57 0 d-----w- c:\docume~1\alluse~1\dataap~1\SmartSound Software Inc
2010-01-04 15:13:35 1208 ----a-w- c:\windows\VFO.INI
2010-01-04 15:13:26 138752 ----a-w- c:\windows\system32\mase32.dll
2010-01-04 15:13:25 57856 ----a-w- c:\windows\system32\masd32.dll
2010-01-04 15:13:25 27648 ----a-w- c:\windows\system32\ma32.dll
2010-01-04 15:13:25 196096 ----a-w- c:\windows\system32\macd32.dll
2010-01-04 15:13:25 136192 ----a-w- c:\windows\system32\mamc32.dll
2010-01-04 15:11:07 0 d-----w- c:\docume~1\alluse~1\dataap~1\Pinnacle Studio

==================== Find3M ====================

2009-12-21 19:08:42 916480 ------w- c:\windows\system32\wininet.dll
2009-12-10 14:58:08 82484 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 14:58:08 437886 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 21:54:07 261632 ----a-w- c:\windows\PEV.exe
2007-08-21 08:01:42 3006511 ----a-w- c:\program files\ie6.rar
2006-07-09 13:31:44 398537 ----a-w- c:\program files\army.zip
2006-06-30 10:06:46 2643424 ----a-w- c:\program files\Age2upA.exe
2006-06-11 07:34:40 1494483 ----a-w- c:\program files\War3.exe
2006-05-17 19:35:49 10673375 ----a-w- c:\program files\nentczst.exe
2005-11-19 15:21:51 210879 ----a-w- c:\program files\Anti-Blaxx.rar
2004-12-24 11:41:18 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-10-28 02:06:51 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102820081029\index.dat
2009-08-24 09:53:06 172023840 --sha-w- c:\windows\system32\drivers\fidbox.dat

============= FINISH: 14:00:23,84 ===============


Attach


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6.12.2003 14:30:42
System Uptime: 29.1.2010 13:33:41 (1 hours ago)

Motherboard: | | nVidia-nForce2
Processor: AMD Athlon(tm) XP 2500+ | Socket A | 1837/166mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 7,822 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Plug and Play BIOS Extension
Device ID: ROOT\SYSTEM\0002
Manufacturer: (Standard system devices)
Name: Plug and Play BIOS Extension
PNP Device ID: ROOT\SYSTEM\0002
Service: xmasbus

==== System Restore Points ===================

RP78: 31.10.2009 15:08:42 - Kontrolní bod systému
RP79: 1.11.2009 15:09:47 - Kontrolní bod systému
RP80: 2.11.2009 15:31:02 - Kontrolní bod systému
RP81: 3.11.2009 15:37:14 - Kontrolní bod systému
RP82: 4.11.2009 16:33:14 - Kontrolní bod systému
RP83: 5.11.2009 8:14:07 - Software Distribution Service 3.0
RP84: 6.11.2009 9:33:48 - Kontrolní bod systému
RP85: 7.11.2009 10:07:29 - Kontrolní bod systému
RP86: 8.11.2009 12:47:30 - Kontrolní bod systému
RP87: 9.11.2009 14:06:18 - Kontrolní bod systému
RP88: 10.11.2009 15:03:42 - Kontrolní bod systému
RP89: 11.11.2009 15:36:51 - Kontrolní bod systému
RP90: 12.11.2009 11:31:35 - Software Distribution Service 3.0
RP91: 13.11.2009 12:31:04 - Kontrolní bod systému
RP92: 14.11.2009 12:43:31 - Kontrolní bod systému
RP93: 15.11.2009 12:50:17 - Kontrolní bod systému
RP94: 16.11.2009 13:37:15 - Kontrolní bod systému
RP95: 17.11.2009 13:49:29 - Kontrolní bod systému
RP96: 18.11.2009 14:11:33 - Kontrolní bod systému
RP97: 19.11.2009 14:27:37 - Kontrolní bod systému
RP98: 20.11.2009 17:55:51 - Kontrolní bod systému
RP99: 22.11.2009 9:49:29 - Kontrolní bod systému
RP100: 23.11.2009 10:34:14 - Kontrolní bod systému
RP101: 24.11.2009 14:53:16 - Kontrolní bod systému
RP102: 25.11.2009 15:22:58 - Kontrolní bod systému
RP103: 26.11.2009 12:31:10 - Software Distribution Service 3.0
RP104: 27.11.2009 12:48:26 - Kontrolní bod systému
RP105: 28.11.2009 12:57:34 - Kontrolní bod systému
RP106: 29.11.2009 13:22:02 - Kontrolní bod systému
RP107: 30.11.2009 13:23:45 - Kontrolní bod systému
RP108: 1.12.2009 13:48:04 - Kontrolní bod systému
RP109: 2.12.2009 14:33:41 - Kontrolní bod systému
RP110: 3.12.2009 15:14:28 - Kontrolní bod systému
RP111: 4.12.2009 16:03:37 - Kontrolní bod systému
RP112: 5.12.2009 16:11:13 - Kontrolní bod systému
RP113: 6.12.2009 16:27:03 - Kontrolní bod systému
RP114: 7.12.2009 17:10:27 - Kontrolní bod systému
RP115: 8.12.2009 17:33:32 - Kontrolní bod systému
RP116: 9.12.2009 17:38:53 - Kontrolní bod systému
RP117: 10.12.2009 15:31:17 - Software Distribution Service 3.0
RP118: 11.12.2009 22:32:52 - Kontrolní bod systému
RP119: 13.12.2009 1:48:03 - Kontrolní bod systému
RP120: 14.12.2009 12:06:46 - Kontrolní bod systému
RP121: 15.12.2009 12:06:55 - Kontrolní bod systému
RP122: 16.12.2009 16:50:53 - Kontrolní bod systému
RP123: 17.12.2009 17:46:52 - Kontrolní bod systému
RP124: 18.12.2009 18:22:17 - Kontrolní bod systému
RP125: 19.12.2009 19:27:58 - Kontrolní bod systému
RP126: 20.12.2009 20:38:32 - Kontrolní bod systému
RP127: 21.12.2009 21:00:55 - Kontrolní bod systému
RP128: 22.12.2009 21:03:06 - Kontrolní bod systému
RP129: 23.12.2009 21:54:19 - Kontrolní bod systému
RP130: 24.12.2009 22:11:34 - Kontrolní bod systému
RP131: 25.12.2009 22:17:28 - Kontrolní bod systému
RP132: 27.12.2009 11:33:07 - Kontrolní bod systému
RP133: 28.12.2009 12:30:39 - Kontrolní bod systému
RP134: 29.12.2009 13:23:08 - Kontrolní bod systému
RP135: 30.12.2009 13:28:15 - Kontrolní bod systému
RP136: 31.12.2009 13:43:54 - Kontrolní bod systému
RP137: 1.1.2010 17:40:07 - Kontrolní bod systému
RP138: 2.1.2010 18:38:32 - Kontrolní bod systému
RP139: 3.1.2010 18:44:08 - Kontrolní bod systému
RP140: 4.1.2010 16:10:38 - Installed Studio 10
RP141: 4.1.2010 16:11:21 - Installed Studio 10
RP142: 4.1.2010 16:14:53 - Installed SmartSound Quicktracks Plugin
RP143: 4.1.2010 16:15:26 - Installed SmartSound Music Sampler 2
RP144: 5.1.2010 18:27:35 - Kontrolní bod systému
RP145: 6.1.2010 18:55:19 - Kontrolní bod systému
RP146: 7.1.2010 19:38:16 - Kontrolní bod systému
RP147: 8.1.2010 19:44:23 - Kontrolní bod systému
RP148: 9.1.2010 20:03:21 - Kontrolní bod systému
RP149: 10.1.2010 20:19:54 - Kontrolní bod systému
RP150: 11.1.2010 21:19:53 - Kontrolní bod systému
RP151: 12.1.2010 21:31:10 - Kontrolní bod systému
RP152: 13.1.2010 22:21:51 - Kontrolní bod systému
RP153: 14.1.2010 9:20:30 - Software Distribution Service 3.0
RP154: 15.1.2010 11:54:37 - Kontrolní bod systému
RP155: 16.1.2010 23:30:42 - Kontrolní bod systému
RP156: 18.1.2010 0:06:50 - Kontrolní bod systému
RP157: 19.1.2010 8:35:21 - Kontrolní bod systému
RP158: 20.1.2010 9:45:19 - Kontrolní bod systému
RP159: 21.1.2010 10:11:42 - Kontrolní bod systému
RP160: 22.1.2010 14:40:14 - Kontrolní bod systému
RP161: 23.1.2010 3:00:28 - Software Distribution Service 3.0
RP162: 24.1.2010 11:05:05 - Kontrolní bod systému
RP163: 25.1.2010 14:15:17 - Kontrolní bod systému
RP164: 26.1.2010 14:18:20 - Kontrolní bod systému
RP165: 27.1.2010 14:45:52 - Kontrolní bod systému
RP166: 28.1.2010 14:48:19 - Kontrolní bod systému

==== Installed Programs ======================


7500_7600_7700_Help
Ad-Aware SE Personal
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0 CE
Adobe Reader 8 - Czech
Adobe Reader 8.1.2 Security Update 1 (KB403742)
AiO_Scan_CDA
AiOSoftwareNPI
Aktualizace systému Windows Internet Explorer 8 (KB973874)
Aktualizace systému Windows Internet Explorer 8 (KB976749)
Aktualizace systému Windows XP (KB951072-v2)
Aktualizace systému Windows XP (KB951978)
Aktualizace systému Windows XP (KB955759)
Aktualizace systému Windows XP (KB955839)
Aktualizace systému Windows XP (KB967715)
Aktualizace systému Windows XP (KB968389)
Aktualizace systému Windows XP (KB971737)
Aktualizace systému Windows XP (KB973687)
Aktualizace systému Windows XP (KB973815)
Aktualizace zabezpečení aplikace Windows Media Player (KB911564)
Aktualizace zabezpečení aplikace Windows Media Player (KB952069)
Aktualizace zabezpečení aplikace Windows Media Player (KB954155)
Aktualizace zabezpečení aplikace Windows Media Player (KB968816)
Aktualizace zabezpečení aplikace Windows Media Player (KB973540)
Aktualizace zabezpečení aplikace Windows Media Player 10 (KB911565)
Aktualizace zabezpečení aplikace Windows Media Player 10 (KB917734)
Aktualizace zabezpečení aplikace Windows Media Player 10 (KB936782)
Aktualizace zabezpečení aplikace Windows Media Player 6.4 (KB925398)
Aktualizace zabezpečení produktu Windows XP (KB923689)
Aktualizace zabezpečení produktu Windows XP (KB941569)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB929969)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB933566)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB937143)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB938127)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB939653)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB942615)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB944533)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB950759)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB953838)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB956390)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB958215)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB960714)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB961260)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB963027)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB969897)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB972260)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB974455)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB971961)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB974455)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB976325)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB978207)
Aktualizace zabezpečení systému Windows XP (KB923561)
Aktualizace zabezpečení systému Windows XP (KB938464-v2)
Aktualizace zabezpečení systému Windows XP (KB938464)
Aktualizace zabezpečení systému Windows XP (KB946648)
Aktualizace zabezpečení systému Windows XP (KB950760)
Aktualizace zabezpečení systému Windows XP (KB950762)
Aktualizace zabezpečení systému Windows XP (KB950974)
Aktualizace zabezpečení systému Windows XP (KB951066)
Aktualizace zabezpečení systému Windows XP (KB951376-v2)
Aktualizace zabezpečení systému Windows XP (KB951376)
Aktualizace zabezpečení systému Windows XP (KB951698)
Aktualizace zabezpečení systému Windows XP (KB951748)
Aktualizace zabezpečení systému Windows XP (KB952004)
Aktualizace zabezpečení systému Windows XP (KB952954)
Aktualizace zabezpečení systému Windows XP (KB953839)
Aktualizace zabezpečení systému Windows XP (KB954211)
Aktualizace zabezpečení systému Windows XP (KB954459)
Aktualizace zabezpečení systému Windows XP (KB954600)
Aktualizace zabezpečení systému Windows XP (KB955069)
Aktualizace zabezpečení systému Windows XP (KB956391)
Aktualizace zabezpečení systému Windows XP (KB956572)
Aktualizace zabezpečení systému Windows XP (KB956744)
Aktualizace zabezpečení systému Windows XP (KB956802)
Aktualizace zabezpečení systému Windows XP (KB956803)
Aktualizace zabezpečení systému Windows XP (KB956841)
Aktualizace zabezpečení systému Windows XP (KB956844)
Aktualizace zabezpečení systému Windows XP (KB957095)
Aktualizace zabezpečení systému Windows XP (KB957097)
Aktualizace zabezpečení systému Windows XP (KB958644)
Aktualizace zabezpečení systému Windows XP (KB958687)
Aktualizace zabezpečení systému Windows XP (KB958690)
Aktualizace zabezpečení systému Windows XP (KB958869)
Aktualizace zabezpečení systému Windows XP (KB959426)
Aktualizace zabezpečení systému Windows XP (KB960225)
Aktualizace zabezpečení systému Windows XP (KB960715)
Aktualizace zabezpečení systému Windows XP (KB960803)
Aktualizace zabezpečení systému Windows XP (KB960859)
Aktualizace zabezpečení systému Windows XP (KB961371)
Aktualizace zabezpečení systému Windows XP (KB961373)
Aktualizace zabezpečení systému Windows XP (KB961501)
Aktualizace zabezpečení systému Windows XP (KB968537)
Aktualizace zabezpečení systému Windows XP (KB969059)
Aktualizace zabezpečení systému Windows XP (KB969898)
Aktualizace zabezpečení systému Windows XP (KB969947)
Aktualizace zabezpečení systému Windows XP (KB970238)
Aktualizace zabezpečení systému Windows XP (KB970430)
Aktualizace zabezpečení systému Windows XP (KB971486)
Aktualizace zabezpečení systému Windows XP (KB971557)
Aktualizace zabezpečení systému Windows XP (KB971633)
Aktualizace zabezpečení systému Windows XP (KB971657)
Aktualizace zabezpečení systému Windows XP (KB971961)
Aktualizace zabezpečení systému Windows XP (KB972270)
Aktualizace zabezpečení systému Windows XP (KB973346)
Aktualizace zabezpečení systému Windows XP (KB973354)
Aktualizace zabezpečení systému Windows XP (KB973507)
Aktualizace zabezpečení systému Windows XP (KB973525)
Aktualizace zabezpečení systému Windows XP (KB973869)
Aktualizace zabezpečení systému Windows XP (KB973904)
Aktualizace zabezpečení systému Windows XP (KB974112)
Aktualizace zabezpečení systému Windows XP (KB974318)
Aktualizace zabezpečení systému Windows XP (KB974392)
Aktualizace zabezpečení systému Windows XP (KB974571)
Aktualizace zabezpečení systému Windows XP (KB975025)
Aktualizace zabezpečení systému Windows XP (KB975467)
Alcohol 120% (Trial Version)
Anti-Blaxx 1.16
Autodesk DWF Viewer 7
avast! Antivirus
Azureus
BPD_HPSU
BPD_Scan
BPDfax
BPDSoftware
BPDSoftware_Ini
BSPlayer
BufferChm
C3100
c3100_Help
Client Activator 2.2 - English (3)
Client Activator 2.2 - English (All)
Client Fix 1.9.2
Codec Pack - All In 1 5.0.3.8
Corel Uninstaller
CustomerResearchQFolder
DC++ 0.674
Destinations
DiscAPI (Studio 10)
DocProc
DocProcQFolder
EAX Unified
eSupportQFolder
Eurotran 2003
Fahrenheit
Far Cry (Patch 1)
Fax_CDA
FIFA 2002
Football Manager 2006
GamePark
GOTCHA!
Half-Life(R) 2
Hamachi 1.0.2.2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Memories Disc
HP Officejet Pro All-In-One Series
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Assistant
HP Solution Center 7.0
HP Travel Idea CD
HP Update
HPPhotoSmartExpress
HPProductAssistant
ICQ Toolbar
ICQ6.5
InstantShareDevicesMFC
InterVideo WinDVD
ISO Recorder
iTunes
Java 2 Runtime Environment, SE v1.4.2_06
L7600
Last.fm 1.3.2.11
LEGO Star Wars II
Lingea Lexicon 2000
Macromedia Flash MX
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MarketResearch
Megaupload Toolbar
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office XP Web Components
Microsoft Silverlight
Microsoft Visual Web Developer 2005 Express Edition - ENU
Microsoft Web Embedding Fonts Tool (III)
Mozilla Firefox (1.5.0.12)
MPM
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MyPhoneExplorer
Nero OEM
NewCopy_CDA
NFS[Beta]
nLite 1.4.1
Nokia PC Connectivity SDK 3.0
NVIDIA Drivers
NVIDIA Ovladače nForce pro Windows 2000/XP
OCR Software by I.R.I.S 7.0
OpenOffice.org 2.1
Oprava Hotfix systému Windows Internet Explorer 7 (KB947864)
Oprava Hotfix systému Windows XP (KB952287)
Oprava Hotfix systému Windows XP (KB961118)
Oprava Hotfix systému Windows XP (KB970653-v3)
Oprava Hotfix systému Windows XP (KB976098-v2)
Painkiller SP Demo
PanoStandAlone
PostSignumTool
Pro Beach Soccer
ProductContext
ProductContextNPI
PSPad editor
QuickTime
RAPID
Readme
RealPlayer
Recuva (remove only)
SAGEM F@st 800-840
Scan
ScannerCopy
Skype™ 3.6
SmartSound Quicktracks Plugin
Soltek HM V2.04
SolutionCenter
Sound Blaster Live!
Status
Steam(TM)
StepMania 3.9 (remove only)
Studio 10
TeamSpeak 2 RC2
Titan Poker
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Service
Ventrilo
Warcraft III: All Products
WC3Banlist
WebFldrs XP
WebReg
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinPcap 3.1
WinRAR archiver
WisBarAdv
World of Warcraft
WoWscape Server Browser
XTNDConnect PC
XviD MPEG-4 Video Codec
XviD4PSP

==== End Of File ===========================

Re: Hlášený vir, problém s gmerem

Napsal: 29 led 2010 15:20
od pitimir
Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillALl:
DDS::
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
BHO: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~1\MEGAUP~1.DLL
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~1\MEGAUP~1.DLL
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
IE: &ICQ Toolbar Search - c:\program files\icqtoolbar\toolbaru.dll/SEARCH.HTML
IE: &Search
IE: Zobrazit originál
IE: {49783ED4-258D-4f9f-BE11-137C18D3E543} -
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
DPF: BSC Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
DPF: BSC Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
DPF: BSC Business Objects - hxxps://ra.internetbanka.cz/ra31/bin/bu ... .99.99.cab
DPF: BSC Java Components Library - hxxps://ra.internetbanka.cz/ra31/bin/jc ... .99.99.cab
DPF: BSC Text Utilities - hxxps://ra.internetbanka.cz/ra31/bin/te ... .99.99.cab
DPF: BSC Utilities - hxxps://ra.internetbanka.cz/ra31/bin/ut ... .99.99.cab
DPF: GEMINI IBS 32 GEMB Applet Security - hxxps://ib.internetbanka.cz/ibs31/bin/I ... .3.0.0.cab
DPF: GEMINI IBS 32 GEMB Applet Utilities - hxxps://ib.internetbanka.cz/ibs31/bin/I ... .99.99.cab
DPF: IAIK Java Cryptography Extension - hxxps://ra.internetbanka.cz/ra31/bin/IA ... .99.99.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {94AFFFCC-6C05-4814-B123-A941105AA77F} - hxxps://sepo.army.cz/WebSepo/User/capicom.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab

FireFox::
FF - ProfilePath - c:\docume~1\miro\dataap~1\mozilla\firefox\profiles\0tp5jlzw.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

SecCenter::
{E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

File::
c:\windows\system32\CF6616.exe
c:\program files\nentczst.exe
c:\documents and settings\miro\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler V3.exe
c:\windows\pss\PowerReg Scheduler V3.exe

Folder::
c:\program files\icq6toolbar
c:\progra~1\megaup~1

Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^miro^Nabídka Start^Programy^Po spuštění^PowerReg Scheduler V3.exe]

Driver::
ICQ Service

RegNull::
[HKEY_USERS\S-1-5-21-2025429265-616249376-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]

FixCSet::
Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.

Obrázek

Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

Re: Hlášený vir, problém s gmerem

Napsal: 30 led 2010 23:42
od Maeko
ComboFix 10-01-24.05 - miro 30.01.2010 22:22:18.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.238 [GMT 1:00]
Spuštěný z: c:\documents and settings\miro\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\miro\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100130-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\miro\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler V3.exe"
"c:\program files\nentczst.exe"
"c:\windows\pss\PowerReg Scheduler V3.exe"
"c:\windows\system32\CF6616.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\megaup~1
c:\progra~1\megaup~1\install.ico
c:\progra~1\megaup~1\MEGAUP~1.DLL
c:\progra~1\megaup~1\MEGAUP~11.old
c:\progra~1\megaup~1\megauploadtoolbar.dll
c:\progra~1\megaup~1\tbuninstall.exe
c:\progra~1\megaup~1\Thumbs.db
c:\progra~1\megaup~1\toolbar.ini
c:\progra~1\megaup~1\uninstall.exe
c:\program files\icq6toolbar
c:\program files\icq6toolbar\Icons.bmp
c:\program files\icq6toolbar\ICQ Service.exe
c:\program files\icq6toolbar\icq6Toolbar.ico
c:\program files\icq6toolbar\ICQToolBar.dll
c:\program files\icq6toolbar\ICQUnToolbar.exe
c:\program files\icq6toolbar\logo_small.gif
c:\program files\icq6toolbar\ServiceStarter.exe
c:\program files\icq6toolbar\short.wav
c:\program files\icq6toolbar\Thumbs.db
c:\program files\icq6toolbar\Version.txt
c:\program files\nentczst.exe
c:\windows\system32\CF6616.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICQ_SERVICE
-------\Service_ICQ Service


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-28 do 2010-01-30 )))))))))))))))))))))))))))))))
.

2010-01-13 16:12 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 07:57 . 2010-01-11 07:57 -------- d-----w- c:\windows\Hewlett-Packard
2010-01-04 15:24 . 2010-01-04 19:31 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2010-01-04 15:18 . 2005-12-12 05:57 204881 ----a-w- c:\windows\system32\DiskIO.dll
2010-01-04 15:18 . 2005-12-12 05:57 155721 ----a-w- c:\windows\system32\RALMain.dll
2010-01-04 15:18 . 2005-07-12 12:25 401408 ----a-w- c:\windows\system32\pvmjpg30.dll
2010-01-04 15:18 . 2002-09-24 09:12 466624 ----a-w- c:\windows\system32\LTRPR13n.DLL
2010-01-04 15:18 . 2002-09-24 09:12 304816 ----a-w- c:\windows\system32\LTRIO13N.DLL
2010-01-04 15:18 . 2002-09-24 09:12 194248 ----a-w- c:\windows\system32\LTRFD13n.DLL
2010-01-04 15:18 . 2002-09-24 09:12 934576 ----a-w- c:\windows\system32\ltr13n.dll
2010-01-04 15:14 . 2010-01-04 15:14 -------- d-----w- c:\program files\SmartSound Software
2010-01-04 15:13 . 2003-11-25 04:02 138752 ----a-w- c:\windows\system32\mase32.dll
2010-01-04 15:13 . 2003-11-25 04:02 57856 ----a-w- c:\windows\system32\masd32.dll
2010-01-04 15:13 . 2003-11-25 04:02 27648 ----a-w- c:\windows\system32\ma32.dll
2010-01-04 15:13 . 2003-11-25 04:02 196096 ----a-w- c:\windows\system32\macd32.dll
2010-01-04 15:13 . 2003-11-25 04:02 136192 ----a-w- c:\windows\system32\mamc32.dll
2010-01-04 15:12 . 2003-03-26 05:58 487424 ----a-w- c:\windows\system32\MSVCP70.DLL
2010-01-04 15:12 . 2004-01-23 15:44 49152 ----a-w- c:\windows\system32\PCLEGetGuid.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 20:04 . 2009-06-13 19:11 -------- d-----w- c:\program files\trend micro
2010-01-25 15:27 . 2009-10-19 13:10 -------- d-----w- c:\program files\ICQ6.5
2010-01-25 15:12 . 2003-12-06 14:04 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000005-00001102-00000002-80671102}.dat
2010-01-25 15:12 . 2003-12-06 14:04 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000005-00001102-00000002-80671102}.dat
2010-01-19 07:27 . 2004-12-25 16:22 -------- d-----w- c:\program files\Avast4
2010-01-11 07:57 . 2003-12-24 18:33 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-11 07:57 . 2007-12-30 15:18 -------- d-----w- c:\program files\HP
2010-01-05 18:51 . 2009-12-25 09:32 -------- d-----w- c:\program files\StepMania
2010-01-04 15:15 . 2008-01-06 11:54 -------- d-----w- c:\program files\Pinnacle
2010-01-04 15:15 . 2003-12-06 13:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-27 12:52 . 2006-10-20 10:18 -------- d-----w- c:\program files\Warcraft III
2009-12-26 22:08 . 2005-06-11 19:37 -------- d-----w- c:\program files\Steam
2009-12-21 19:08 . 2004-08-23 18:35 916480 ------w- c:\windows\system32\wininet.dll
2009-12-10 14:58 . 2003-04-16 12:00 82484 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 14:58 . 2003-04-16 12:00 437886 ----a-w- c:\windows\system32\perfh005.dat
2009-11-24 23:54 . 2004-12-25 16:22 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2004-12-25 16:22 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2004-12-25 16:22 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-05-10 09:02 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-05-10 09:02 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2004-12-25 16:22 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2005-03-06 12:10 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2004-12-25 16:22 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2004-12-25 16:22 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-21 16:03 . 2003-04-16 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2007-08-21 08:01 . 2007-08-21 08:01 3006511 ----a-w- c:\program files\ie6.rar
2006-07-09 13:31 . 2006-07-09 13:31 398537 ----a-w- c:\program files\army.zip
2006-06-30 10:06 . 2006-06-30 10:07 2643424 ----a-w- c:\program files\Age2upA.exe
2006-06-11 07:34 . 2006-06-11 07:52 1494483 ----a-w- c:\program files\War3.exe
2005-11-19 15:21 . 2005-11-19 15:21 210879 ----a-w- c:\program files\Anti-Blaxx.rar
2007-06-01 13:33 . 2006-01-18 14:46 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-06-01 13:33 . 2006-01-18 14:46 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-06-01 13:33 . 2006-01-18 14:46 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2004-12-24 11:41 . 2004-12-24 11:41 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-24 09:53 . 2009-06-15 12:48 172023840 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-11 6729728]
"nwiz"="nwiz.exe" [2005-05-11 1519616]
"CTHelper"="CTHELPER.EXE" [2003-06-09 28672]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-05-11 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-05-05 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-14 180269]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Corel MEDIA FOLDERS INDEXER 8.LNK]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Corel MEDIA FOLDERS INDEXER 8.LNK
backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DSLMON.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Last.fm Helper.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Motorola Desktop Suite mRouter Config.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Motorola Desktop Suite mRouter Config.lnk
backup=c:\windows\pss\Motorola Desktop Suite mRouter Config.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Motorola Desktop Suite.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Motorola Desktop Suite.lnk
backup=c:\windows\pss\Motorola Desktop Suite.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^msmsgs.exe]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\msmsgs.exe
backup=c:\windows\pss\msmsgs.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^miro^Nabídka Start^Programy^Po spuštění^Product Registration.lnk]
path=c:\documents and settings\miro\Nabídka Start\Programy\Po spuštění\Product Registration.lnk
backup=c:\windows\pss\Product Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^miro^Nabídka Start^Programy^Po spuštění^Sid Registration.lnk]
path=c:\documents and settings\miro\Nabídka Start\Programy\Po spuštění\Sid Registration.lnk
backup=c:\windows\pss\Sid Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^miro^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
path=c:\documents and settings\miro\Nabídka Start\Programy\Po spuštění\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
2005-05-18 14:08 208896 ----a-w- c:\program files\Anti-Blaxx\Anti-Blaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-11-08 22:00 128920 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2004-06-04 10:38 286720 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Tray Application]
2002-10-22 07:52 598016 ----a-w- c:\program files\Common Files\Nokia\NCLTools\NclTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-05-05 16:13 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ServiceLayer]
2002-10-16 07:43 69632 ----a-w- c:\program files\Common Files\Nokia\Services\ServiceLayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2004-09-28 19:26 32881 ----a-w- c:\program files\Java\j2re1.4.2_06\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\maekoboss\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Steam\\SteamApps\\maekoboss\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\miro\\Dokumenty\\ICQ Lite\\245327306\\Hrdlo_285390787\\WoW-1.4.0-enUS-downloader.exe"=
"c:\\Program Files\\Steam\\SteamApps\\maekoboss\\condition zero\\hl.exe"=
"c:\\Program Files\\DC\\DCPlusPlus.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_06\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\apache\\mysql\\bin\\mysqld-nt.exe"=
"c:\\Program Files\\Steam\\SteamApps\\maekoboss\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Steam\\SteamApps\\maekoboss\\dedicated server\\hlds.exe"=
"c:\\Program Files\\Steam\\SteamApps\\maekoboss\\source dedicated server\\srcds.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\GOTCHA!\\Gotcha.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\gumboy demo\\GumboyCrazyAdventuresDemo2.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.11.2005 14:53 664064]
R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2.12.2004 21:42 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2.12.2004 21:42 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10.5.2008 10:02 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.5.2008 10:02 20560]
R2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [25.1.2002 5:30 20480]
R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [17.3.2006 14:18 48928]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [3.2.2006 13:24 219136]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8.12.2007 17:37 13352]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [6.5.2007 11:57 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [6.5.2007 11:57 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [6.5.2007 11:57 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [6.5.2007 11:57 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [6.5.2007 11:57 83344]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 22:10 32512]
S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\w550obex.sys --> c:\windows\system32\DRIVERS\w550obex.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Přelož do češtiny - c:\program files\Seznam Bezpecny Internet\SBI.dll/5034
IE: &Search
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Hledej v &Seznamu - c:\program files\Seznam Bezpecny Internet\SBI.dll/5033
IE: Hledej v Seznam &Fulltextu - c:\program files\Seznam Bezpecny Internet\SBI.dll/5035
IE: Zobrazit originál
IE: {{572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - {DB7FBFE3-82CB-49E0-9C41-39C2A80B4966} - c:\progra~1\EUROTR~1\e2003i.dll
DPF: BSC Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/aplsec-99.99.99.99.cab
DPF: BSC Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/aplutil-99.99.99.99.cab
DPF: BSC Business Objects - hxxps://ra.internetbanka.cz/ra31/bin/business-99.99.99.99.cab
DPF: BSC Java Components Library - hxxps://ra.internetbanka.cz/ra31/bin/jcl-99.99.99.99.cab
DPF: BSC Text Utilities - hxxps://ra.internetbanka.cz/ra31/bin/text-99.99.99.99.cab
DPF: BSC Utilities - hxxps://ra.internetbanka.cz/ra31/bin/util-99.99.99.99.cab
DPF: GEMINI IBS 32 GEMB Applet Security - hxxps://ib.internetbanka.cz/ibs31/bin/IBS32-GEMB-aplsec-3.3.0.0.cab
DPF: GEMINI IBS 32 GEMB Applet Utilities - hxxps://ib.internetbanka.cz/ibs31/bin/IBS32-GEMB-aplutil-99.99.99.99.cab
DPF: IAIK Java Cryptography Extension - hxxps://ra.internetbanka.cz/ra31/bin/IAIK-99.99.99.99.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\miro\Data aplikací\Mozilla\Firefox\Profiles\0tp5jlzw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-megauploadtoolbar - c:\program files\MegauploadToolbar\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 23:31
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe >>UNKNOWN [0x83395E30]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x83395e30
\Driver\ACPI -> ACPI.sys @ 0xf8582cb8
\Driver\atapi -> 0x83197608
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf842fbd4
PacketIndicateHandler -> NDIS.sys @ 0xf843ba21
SendHandler -> NDIS.sys @ 0xf842fd44
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2025429265-616249376-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3024)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avast4\aswUpdSv.exe
c:\program files\Avast4\ashServ.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\UAService7.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2010-01-30 23:40:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-30 22:40
ComboFix2.txt 2010-01-29 12:56

Před spuštěním: 8 388 444 160
Po spuštění: 8 271 642 624

- - End Of File - - 8B9E6C7C6614A427451B95F6EDBCD93B

Re: Hlášený vir, problém s gmerem

Napsal: 31 led 2010 13:25
od pitimir
1) Stiahni Defogger. Spust, klik na "Disable" -> "OK". V mieste spustenia by sa mal zjavit log, ten sem vloz.


2) Start -> Spustit -> (napis) cmd /c mbr.exe -t >log.txt&start log.txt
Otvori sa textak (log.txt), aj jeho obsah sem skopiruj.

Re: Hlášený vir, problém s gmerem

Napsal: 01 úno 2010 23:34
od Maeko
defogger_disable by jpshortstuff (29.01.10.1)
Log created at 23:27 on 01/02/2010 (miro)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read dtscsi.sys
Unable to read sptd.sys
Unable to read sptd6333.sys
xmasbus -> Disabled (Service running -> reboot required)
xmasscsi -> Disabled (Service running -> reboot required)
SPTD -> Disabled (Service running -> reboot required)

Log ze startu
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

Re: Hlášený vir, problém s gmerem

Napsal: 02 úno 2010 19:39
od pitimir
Super. Este ta poprosim o MbAM:
Stiahni MbAM. Uloz na plochu, otvor "mbam-setup.exe" a nainstaluj. Updatuj. Potom spravis kompletny scan - co program najde, zmaz. Nasledny log vloz sem.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz