Pomaly internet - services.exe
Napsal: 24 bře 2010 11:09
Začal se mi zpomalovat internet a počítač. Když dám netstat -b, mám tam pořád prográmek servces.exe - co s tím? Posílám log z ComboFixu, z HijackThis a z MBAMu.
ComboFix:
ComboFix 10-03-22.02 - Petr Novák 23.03.2010 8:22.11.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.567 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petr Novák\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100321-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-23 do 2010-03-23 )))))))))))))))))))))))))))))))
.
2010-03-22 11:20 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-03-22 11:19 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-15 14:36 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-15 14:36 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-15 14:36 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-15 14:36 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-03-15 14:36 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-15 14:36 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-15 14:36 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-15 14:36 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-15 14:35 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 14:06 . 2010-03-09 14:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-01 12:02 . 2009-02-09 11:25 111104 -c--a-w- c:\windows\system32\dllcache\services.exe
2010-03-01 12:02 . 2009-02-09 11:25 111104 ------w- c:\windows\system32\services.exe
2010-02-26 13:36 . 2010-02-26 13:39 -------- d-----w- C:\CD2
2010-02-26 13:10 . 2010-02-26 13:36 -------- d-----w- C:\CD1
2010-02-26 07:15 . 2010-03-23 07:35 802304 ----a-w- c:\windows\system32\drivers\pqiqp.sys
2010-02-25 11:34 . 2010-02-25 11:34 -------- d-----w- C:\Vitkovo Kvarteto - 1985 - Veterani Studene Valky
2010-02-25 11:33 . 2010-02-25 11:34 -------- d-----w- C:\Vitkovo Kvarteto - 1995 - Live 1995
2010-02-25 10:18 . 2010-02-25 10:19 -------- d-----w- C:\Vitkovo Kvarteto - Z Budikova Do Narodniho
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-23 07:12 . 2004-08-18 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-03-23 07:12 . 2004-08-18 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-03-22 14:07 . 2008-11-04 06:53 -------- d-----w- c:\program files\Opera
2010-03-16 12:26 . 2008-09-17 06:34 -------- d-----w- c:\program files\FT DVD Clone 4.0
2010-03-16 12:25 . 2006-07-31 10:54 -------- d-----w- c:\program files\BSPlayer
2010-03-16 12:25 . 2006-07-26 09:01 -------- d-----w- c:\program files\Elaborate Bytes
2010-03-16 12:24 . 2005-12-21 06:01 -------- d-----w- c:\program files\SlySoft
2010-03-15 07:59 . 2005-11-08 11:04 -------- d-----w- c:\program files\Google
2010-03-15 07:57 . 2006-08-18 12:17 -------- d-----w- c:\program files\Sudoku
2010-03-15 07:57 . 2008-03-21 08:56 -------- d-----w- c:\program files\Return to Castle Wolfenstein
2010-03-15 07:56 . 2008-09-16 11:37 -------- d-----w- c:\program files\Super Clone DVD
2010-03-15 07:55 . 2006-06-12 08:23 -------- d-----w- c:\program files\Yahoo!
2010-03-15 07:54 . 2007-07-24 10:40 -------- d-----w- c:\program files\HEROSOFT
2010-03-15 07:53 . 2008-10-06 11:57 -------- d-----w- c:\program files\E.M. DVD Copy
2010-03-15 07:51 . 2007-11-06 07:57 -------- d-----w- c:\program files\ElcomSoft
2010-02-22 06:49 . 2005-03-24 08:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-19 12:19 . 2006-11-03 13:35 -------- d-----w- c:\program files\Xilisoft
2010-02-19 09:53 . 2010-02-19 09:53 4384320 ----a-w- C:\Shockwave_Installer_Slim.exe
2010-02-15 11:30 . 2010-02-15 11:28 9936244 ----a-w- C:\convert.exe
2010-02-15 11:24 . 2010-02-15 11:21 25786688 ----a-w- C:\wmp11-windowsxp-x86-CS-CZ.exe
2010-02-12 09:44 . 2009-04-29 09:19 -------- d-----w- c:\program files\TC UP
2010-02-12 08:19 . 2010-02-12 08:19 475136 ----a-w- C:\SRDownloader.exe
2010-02-12 07:45 . 2010-02-12 07:45 -------- d-----w- c:\program files\Kodek CZ
2010-02-12 07:43 . 2010-02-12 07:43 5184550 ----a-w- C:\kodek016cz.exe
2010-02-12 06:48 . 2010-02-12 06:48 939956 ----a-w- C:\7z465.exe
2010-02-11 11:29 . 2010-02-11 11:28 14452040 ----a-w- C:\winzip140.exe
2010-02-09 07:27 . 2010-02-08 13:23 -------- d-----w- c:\program files\Rapidown
2010-01-30 21:48 . 2010-02-19 12:18 16601220 ----a-w- C:\x-avi-mpeg-converter-standard.exe
2010-01-05 09:58 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2009-06-25 07:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2004-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2005-06-13 23:37 . 2006-10-16 06:32 3606 ----a-w- c:\program files\ReadMe.txt
2005-06-13 23:25 . 2006-10-16 06:32 241664 ----a-w- c:\program files\IMGTool.exe
2007-10-08 10:28 . 2007-10-08 10:28 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{50d0cd27-d4ef-4a21-917e-a1573771def4}"= "c:\program files\forumswatcher.com\tbfor0.dll" [2009-11-09 2166296]
"{669163c1-c4b9-46de-ad62-a0271d3a0a75}"= "c:\program files\USARadioNow\tbUSA0.dll" [2009-11-09 2166296]
[HKEY_CLASSES_ROOT\clsid\{50d0cd27-d4ef-4a21-917e-a1573771def4}]
[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50d0cd27-d4ef-4a21-917e-a1573771def4}]
2009-11-09 14:15 2166296 ----a-w- c:\program files\forumswatcher.com\tbfor0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]
2009-11-09 14:15 2166296 ----a-w- c:\program files\USARadioNow\tbUSA0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{50d0cd27-d4ef-4a21-917e-a1573771def4}"= "c:\program files\forumswatcher.com\tbfor0.dll" [2009-11-09 2166296]
"{669163c1-c4b9-46de-ad62-a0271d3a0a75}"= "c:\program files\USARadioNow\tbUSA0.dll" [2009-11-09 2166296]
[HKEY_CLASSES_ROOT\clsid\{50d0cd27-d4ef-4a21-917e-a1573771def4}]
[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{50D0CD27-D4EF-4A21-917E-A1573771DEF4}"= "c:\program files\forumswatcher.com\tbfor0.dll" [2009-11-09 2166296]
"{669163C1-C4B9-46DE-AD62-A0271D3A0A75}"= "c:\program files\USARadioNow\tbUSA0.dll" [2009-11-09 2166296]
[HKEY_CLASSES_ROOT\clsid\{50d0cd27-d4ef-4a21-917e-a1573771def4}]
[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 1409024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 339968]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-11 229952]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-05 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\aaa\Nabˇdka Start\Programy\Po spuçtŘnˇ\
PowerReg SchedulerV2.exe [2004-12-9 256000]
c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe [2006-6-7 82026]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-04-30 16:08 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ANSYS.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ans_admin.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ls970.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ls970_DP.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\lsprepostd.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\mpitest.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\mpitestmpich.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\sxpost.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\tclsh.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\wish.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\DANSYS\\ANSYS.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\DANSYSMPICH\\ANSYS.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\TCL\\bin\\Intel\\tclsh.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\TCL\\bin\\Intel\\wish.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\catia\\Intel\\ac4catia.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\CATIAV5\\Intel\\code\\bin\\ac4catia5.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\para\\Intel\\ac4para.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\pro\\Intel\\ac4pro.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\sat\\Intel\\ac4sat.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug10\\Intel\\ansconug10.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug20\\Intel\\ansconug20.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug30\\Intel\\ansconug30.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"z:\\aaa\\novak\\marias_talon_cz.exe"=
"c:\\Program Files\\TC UP\\TOTALCMD.EXE"=
"c:\\totalcommander\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\system32\\drivers\\svchost.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14134:TCP"= 14134:TCP:BitComet 14134 TCP
"14134:UDP"= 14134:UDP:BitComet 14134 UDP
"16330:TCP"= 16330:TCP:BitComet 16330 TCP
"16330:UDP"= 16330:UDP:BitComet 16330 UDP
"7046:TCP"= 7046:TCP:BitComet 7046 TCP
"7046:UDP"= 7046:UDP:BitComet 7046 UDP
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [15.9.2006 9:30 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [15.9.2006 9:30 5248]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 16:11 35328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15.3.2010 15:36 114768]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 14:00 15872]
R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;c:\progra~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [11.8.2005 10:38 909312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.3.2010 15:36 20560]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI8122.tmp [27.5.2009 10:58 189696]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [18.8.2004 13:00 3584]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 21:22 34064]
S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [15.6.2009 9:26 17408]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - pqiqp
.
Obsah adresáře 'Naplánované úlohy'
2010-03-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]
.
.
------- Doplňkový sken -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyServer = 192.168.1.1:3128
uSearchURL,(Default) = hxxp://www.app-zilla.com/search.htm
IE: Compare Prices with &Dealio - c:\documents and settings\Petr Novák\Data aplikací\Dealio\kb127\res\DealioSearch.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} - hxxp://www.skylinesoft.com/interactive/terraex ... all/TE.cab
DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} - file:///C:/novak/Strojnicke_tabulky/script/ikcntrls.cab
DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} - hxxp://www.o2c.de/download/O2CPlayer.CAB
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-23 08:34
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86B4F7E0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf772bf28
\Driver\ACPI -> ACPI.sys @ 0xf7668cb8
\Driver\atapi -> 0x86b4f7e0
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf73afbb0
PacketIndicateHandler -> NDIS.sys @ 0xf73bca21
SendHandler -> NDIS.sys @ 0xf739a87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI8122.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pqiqp]
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
- - - - - - - > 'lsass.exe'(900)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
- - - - - - - > 'explorer.exe'(2612)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
.
**************************************************************************
.
Celkový čas: 2010-03-23 08:44:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-23 07:44
ComboFix2.txt 2010-03-22 11:25
ComboFix3.txt 2008-09-11 06:13
ComboFix4.txt 2008-09-09 12:54
ComboFix5.txt 2010-03-23 07:17
Před spuštěním: 7 870 992 384
Po spuštění: 7 856 033 792
- - End Of File - - 2FC49733CD1ED1C985E78A2AEAD243E8
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:23, on 23.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\Installer\MSI8122.tmp
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.app-zilla.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: forumswatcher.com Toolbar - {50d0cd27-d4ef-4a21-917e-a1573771def4} - C:\Program Files\forumswatcher.com\tbfor0.dll
R3 - URLSearchHook: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Program Files\USARadioNow\tbUSA0.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: forumswatcher.com Toolbar - {50d0cd27-d4ef-4a21-917e-a1573771def4} - C:\Program Files\forumswatcher.com\tbfor0.dll
O2 - BHO: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Program Files\USARadioNow\tbUSA0.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: forumswatcher.com Toolbar - {50d0cd27-d4ef-4a21-917e-a1573771def4} - C:\Program Files\forumswatcher.com\tbfor0.dll
O3 - Toolbar: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Program Files\USARadioNow\tbUSA0.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: Autodesk DWF - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1029
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Petr Novák\Data aplikací\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/ ... all/TE.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0463301703
O16 - DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} (Ikonic Button Control) - file:///C:/novak/Strojnicke_tabulky/script/ikcntrls.cab
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - http://www.o2c.de/download/O2CPlayer.CAB
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\Autocad_L\AcPreview.ocx
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\WINDOWS\Installer\MSI8122.tmp
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 9489 bytes
MBAM:
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3902
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
23.3.2010 13:06:39
mbam-log-2010-03-23 (13-06-31).txt
Typ kontroly: Kompletní kontrola (C:\|Z:\|)
Zkontrolované objekty: 487983
Uplynulý čas: 2 hour(s), 9 minute(s), 43 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 2
Infikované soubory: 11
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
C:\Documents and Settings\LocalService\Data aplikací\NetMon (Trojan.NetMon) -> No action taken.
C:\Program Files\Save (Adware.WhenU) -> No action taken.
Infikované soubory:
C:\Documents and Settings\Petr Novák\Local Settings\TempImages\USARadioNow.exe (Trojan.BHO) -> No action taken.
C:\Program Files\USARadioNow\tbUSAR.dll (Adware.NetPumper) -> No action taken.
C:\aa\Xilisoft Video Converter 5.1.24.0531\Keygen.exe (Trojan.Agent.CK) -> No action taken.
C:\WINDOWS\system32\drivers\pqiqp.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{23BE8455-0E08-4156-95CA-6FF0F93E36B4}\RP1165\A0105108.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LocalService\Data aplikací\NetMon\domains.txt (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\LocalService\Data aplikací\NetMon\log.txt (Trojan.NetMon) -> No action taken.
C:\Program Files\Save\ffext.mod (Adware.WhenU) -> No action taken.
C:\Documents and Settings\Petr Novák\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Program Files\ICOO Loader\addons\icoou.dll (Hijack.Filter) -> No action taken.
C:\Documents and Settings\Petr Novák\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
dík za jakékoliv rady.
ComboFix:
ComboFix 10-03-22.02 - Petr Novák 23.03.2010 8:22.11.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.567 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petr Novák\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100321-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-23 do 2010-03-23 )))))))))))))))))))))))))))))))
.
2010-03-22 11:20 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-03-22 11:19 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-15 14:36 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-15 14:36 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-15 14:36 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-15 14:36 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-03-15 14:36 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-15 14:36 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-15 14:36 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-15 14:36 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-15 14:35 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 14:06 . 2010-03-09 14:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-01 12:02 . 2009-02-09 11:25 111104 -c--a-w- c:\windows\system32\dllcache\services.exe
2010-03-01 12:02 . 2009-02-09 11:25 111104 ------w- c:\windows\system32\services.exe
2010-02-26 13:36 . 2010-02-26 13:39 -------- d-----w- C:\CD2
2010-02-26 13:10 . 2010-02-26 13:36 -------- d-----w- C:\CD1
2010-02-26 07:15 . 2010-03-23 07:35 802304 ----a-w- c:\windows\system32\drivers\pqiqp.sys
2010-02-25 11:34 . 2010-02-25 11:34 -------- d-----w- C:\Vitkovo Kvarteto - 1985 - Veterani Studene Valky
2010-02-25 11:33 . 2010-02-25 11:34 -------- d-----w- C:\Vitkovo Kvarteto - 1995 - Live 1995
2010-02-25 10:18 . 2010-02-25 10:19 -------- d-----w- C:\Vitkovo Kvarteto - Z Budikova Do Narodniho
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-23 07:12 . 2004-08-18 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-03-23 07:12 . 2004-08-18 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-03-22 14:07 . 2008-11-04 06:53 -------- d-----w- c:\program files\Opera
2010-03-16 12:26 . 2008-09-17 06:34 -------- d-----w- c:\program files\FT DVD Clone 4.0
2010-03-16 12:25 . 2006-07-31 10:54 -------- d-----w- c:\program files\BSPlayer
2010-03-16 12:25 . 2006-07-26 09:01 -------- d-----w- c:\program files\Elaborate Bytes
2010-03-16 12:24 . 2005-12-21 06:01 -------- d-----w- c:\program files\SlySoft
2010-03-15 07:59 . 2005-11-08 11:04 -------- d-----w- c:\program files\Google
2010-03-15 07:57 . 2006-08-18 12:17 -------- d-----w- c:\program files\Sudoku
2010-03-15 07:57 . 2008-03-21 08:56 -------- d-----w- c:\program files\Return to Castle Wolfenstein
2010-03-15 07:56 . 2008-09-16 11:37 -------- d-----w- c:\program files\Super Clone DVD
2010-03-15 07:55 . 2006-06-12 08:23 -------- d-----w- c:\program files\Yahoo!
2010-03-15 07:54 . 2007-07-24 10:40 -------- d-----w- c:\program files\HEROSOFT
2010-03-15 07:53 . 2008-10-06 11:57 -------- d-----w- c:\program files\E.M. DVD Copy
2010-03-15 07:51 . 2007-11-06 07:57 -------- d-----w- c:\program files\ElcomSoft
2010-02-22 06:49 . 2005-03-24 08:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-19 12:19 . 2006-11-03 13:35 -------- d-----w- c:\program files\Xilisoft
2010-02-19 09:53 . 2010-02-19 09:53 4384320 ----a-w- C:\Shockwave_Installer_Slim.exe
2010-02-15 11:30 . 2010-02-15 11:28 9936244 ----a-w- C:\convert.exe
2010-02-15 11:24 . 2010-02-15 11:21 25786688 ----a-w- C:\wmp11-windowsxp-x86-CS-CZ.exe
2010-02-12 09:44 . 2009-04-29 09:19 -------- d-----w- c:\program files\TC UP
2010-02-12 08:19 . 2010-02-12 08:19 475136 ----a-w- C:\SRDownloader.exe
2010-02-12 07:45 . 2010-02-12 07:45 -------- d-----w- c:\program files\Kodek CZ
2010-02-12 07:43 . 2010-02-12 07:43 5184550 ----a-w- C:\kodek016cz.exe
2010-02-12 06:48 . 2010-02-12 06:48 939956 ----a-w- C:\7z465.exe
2010-02-11 11:29 . 2010-02-11 11:28 14452040 ----a-w- C:\winzip140.exe
2010-02-09 07:27 . 2010-02-08 13:23 -------- d-----w- c:\program files\Rapidown
2010-01-30 21:48 . 2010-02-19 12:18 16601220 ----a-w- C:\x-avi-mpeg-converter-standard.exe
2010-01-05 09:58 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2009-06-25 07:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2004-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2005-06-13 23:37 . 2006-10-16 06:32 3606 ----a-w- c:\program files\ReadMe.txt
2005-06-13 23:25 . 2006-10-16 06:32 241664 ----a-w- c:\program files\IMGTool.exe
2007-10-08 10:28 . 2007-10-08 10:28 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{50d0cd27-d4ef-4a21-917e-a1573771def4}"= "c:\program files\forumswatcher.com\tbfor0.dll" [2009-11-09 2166296]
"{669163c1-c4b9-46de-ad62-a0271d3a0a75}"= "c:\program files\USARadioNow\tbUSA0.dll" [2009-11-09 2166296]
[HKEY_CLASSES_ROOT\clsid\{50d0cd27-d4ef-4a21-917e-a1573771def4}]
[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50d0cd27-d4ef-4a21-917e-a1573771def4}]
2009-11-09 14:15 2166296 ----a-w- c:\program files\forumswatcher.com\tbfor0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]
2009-11-09 14:15 2166296 ----a-w- c:\program files\USARadioNow\tbUSA0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{50d0cd27-d4ef-4a21-917e-a1573771def4}"= "c:\program files\forumswatcher.com\tbfor0.dll" [2009-11-09 2166296]
"{669163c1-c4b9-46de-ad62-a0271d3a0a75}"= "c:\program files\USARadioNow\tbUSA0.dll" [2009-11-09 2166296]
[HKEY_CLASSES_ROOT\clsid\{50d0cd27-d4ef-4a21-917e-a1573771def4}]
[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{50D0CD27-D4EF-4A21-917E-A1573771DEF4}"= "c:\program files\forumswatcher.com\tbfor0.dll" [2009-11-09 2166296]
"{669163C1-C4B9-46DE-AD62-A0271D3A0A75}"= "c:\program files\USARadioNow\tbUSA0.dll" [2009-11-09 2166296]
[HKEY_CLASSES_ROOT\clsid\{50d0cd27-d4ef-4a21-917e-a1573771def4}]
[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 1409024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 339968]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-11 229952]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-05 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\aaa\Nabˇdka Start\Programy\Po spuçtŘnˇ\
PowerReg SchedulerV2.exe [2004-12-9 256000]
c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe [2006-6-7 82026]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-04-30 16:08 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ANSYS.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ans_admin.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ls970.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ls970_DP.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\lsprepostd.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\mpitest.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\mpitestmpich.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\sxpost.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\tclsh.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\wish.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\DANSYS\\ANSYS.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\DANSYSMPICH\\ANSYS.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\TCL\\bin\\Intel\\tclsh.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\TCL\\bin\\Intel\\wish.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\catia\\Intel\\ac4catia.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\CATIAV5\\Intel\\code\\bin\\ac4catia5.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\para\\Intel\\ac4para.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\pro\\Intel\\ac4pro.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\sat\\Intel\\ac4sat.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug10\\Intel\\ansconug10.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug20\\Intel\\ansconug20.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug30\\Intel\\ansconug30.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"z:\\aaa\\novak\\marias_talon_cz.exe"=
"c:\\Program Files\\TC UP\\TOTALCMD.EXE"=
"c:\\totalcommander\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\system32\\drivers\\svchost.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14134:TCP"= 14134:TCP:BitComet 14134 TCP
"14134:UDP"= 14134:UDP:BitComet 14134 UDP
"16330:TCP"= 16330:TCP:BitComet 16330 TCP
"16330:UDP"= 16330:UDP:BitComet 16330 UDP
"7046:TCP"= 7046:TCP:BitComet 7046 TCP
"7046:UDP"= 7046:UDP:BitComet 7046 UDP
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [15.9.2006 9:30 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [15.9.2006 9:30 5248]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 16:11 35328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15.3.2010 15:36 114768]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 14:00 15872]
R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;c:\progra~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [11.8.2005 10:38 909312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.3.2010 15:36 20560]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI8122.tmp [27.5.2009 10:58 189696]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [18.8.2004 13:00 3584]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 21:22 34064]
S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [15.6.2009 9:26 17408]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - pqiqp
.
Obsah adresáře 'Naplánované úlohy'
2010-03-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]
.
.
------- Doplňkový sken -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyServer = 192.168.1.1:3128
uSearchURL,(Default) = hxxp://www.app-zilla.com/search.htm
IE: Compare Prices with &Dealio - c:\documents and settings\Petr Novák\Data aplikací\Dealio\kb127\res\DealioSearch.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} - hxxp://www.skylinesoft.com/interactive/terraex ... all/TE.cab
DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} - file:///C:/novak/Strojnicke_tabulky/script/ikcntrls.cab
DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} - hxxp://www.o2c.de/download/O2CPlayer.CAB
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-23 08:34
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86B4F7E0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf772bf28
\Driver\ACPI -> ACPI.sys @ 0xf7668cb8
\Driver\atapi -> 0x86b4f7e0
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf73afbb0
PacketIndicateHandler -> NDIS.sys @ 0xf73bca21
SendHandler -> NDIS.sys @ 0xf739a87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI8122.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pqiqp]
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
- - - - - - - > 'lsass.exe'(900)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
- - - - - - - > 'explorer.exe'(2612)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
.
**************************************************************************
.
Celkový čas: 2010-03-23 08:44:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-23 07:44
ComboFix2.txt 2010-03-22 11:25
ComboFix3.txt 2008-09-11 06:13
ComboFix4.txt 2008-09-09 12:54
ComboFix5.txt 2010-03-23 07:17
Před spuštěním: 7 870 992 384
Po spuštění: 7 856 033 792
- - End Of File - - 2FC49733CD1ED1C985E78A2AEAD243E8
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:23, on 23.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\Installer\MSI8122.tmp
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.app-zilla.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: forumswatcher.com Toolbar - {50d0cd27-d4ef-4a21-917e-a1573771def4} - C:\Program Files\forumswatcher.com\tbfor0.dll
R3 - URLSearchHook: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Program Files\USARadioNow\tbUSA0.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: forumswatcher.com Toolbar - {50d0cd27-d4ef-4a21-917e-a1573771def4} - C:\Program Files\forumswatcher.com\tbfor0.dll
O2 - BHO: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Program Files\USARadioNow\tbUSA0.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: forumswatcher.com Toolbar - {50d0cd27-d4ef-4a21-917e-a1573771def4} - C:\Program Files\forumswatcher.com\tbfor0.dll
O3 - Toolbar: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Program Files\USARadioNow\tbUSA0.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: Autodesk DWF - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1029
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Petr Novák\Data aplikací\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/ ... all/TE.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0463301703
O16 - DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} (Ikonic Button Control) - file:///C:/novak/Strojnicke_tabulky/script/ikcntrls.cab
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - http://www.o2c.de/download/O2CPlayer.CAB
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\Autocad_L\AcPreview.ocx
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\WINDOWS\Installer\MSI8122.tmp
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 9489 bytes
MBAM:
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3902
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
23.3.2010 13:06:39
mbam-log-2010-03-23 (13-06-31).txt
Typ kontroly: Kompletní kontrola (C:\|Z:\|)
Zkontrolované objekty: 487983
Uplynulý čas: 2 hour(s), 9 minute(s), 43 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 2
Infikované soubory: 11
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
C:\Documents and Settings\LocalService\Data aplikací\NetMon (Trojan.NetMon) -> No action taken.
C:\Program Files\Save (Adware.WhenU) -> No action taken.
Infikované soubory:
C:\Documents and Settings\Petr Novák\Local Settings\TempImages\USARadioNow.exe (Trojan.BHO) -> No action taken.
C:\Program Files\USARadioNow\tbUSAR.dll (Adware.NetPumper) -> No action taken.
C:\aa\Xilisoft Video Converter 5.1.24.0531\Keygen.exe (Trojan.Agent.CK) -> No action taken.
C:\WINDOWS\system32\drivers\pqiqp.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{23BE8455-0E08-4156-95CA-6FF0F93E36B4}\RP1165\A0105108.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LocalService\Data aplikací\NetMon\domains.txt (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\LocalService\Data aplikací\NetMon\log.txt (Trojan.NetMon) -> No action taken.
C:\Program Files\Save\ffext.mod (Adware.WhenU) -> No action taken.
C:\Documents and Settings\Petr Novák\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Program Files\ICOO Loader\addons\icoou.dll (Hijack.Filter) -> No action taken.
C:\Documents and Settings\Petr Novák\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
dík za jakékoliv rady.
doporucujem najdene odstranit v MBAM