Kazdu chvilku zahulaka na mna :
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KFA5CDQ3\n22[1].exe.
Action performed: Delete file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:50, on 19. 4. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Asuite\asuite.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\VMSnap23.exe
C:\WINDOWS\Domino.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\T\PidginPortable\PidginPortable.exe
C:\T\PidginPortable\App\Pidgin\pidgin-portable.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\TMP\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wincustomize.com/skins.asp?library=26
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [ASuite] C:\Asuite\asuite.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe
O4 - HKLM\..\Run: [BigDogPath323Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 1904221328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1904209843
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Cron service (CRON) - Unknown owner - D:\Zalohovanie\crons.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
--
End of file - 9352 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Avira - 'TR/Crypt.XPACK.Gen [trojan], co s tym?
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
lubomirkos
- Návštěvník
- Příspěvky: 11
- Registrován: 19 dub 2010 09:02
Re: Avira - 'TR/Crypt.XPACK.Gen [trojan], co s tym?
Hezké poledne 
Smažte cache Opery/Firefoxu bud ručně nebo ATF Cleanerem
http://www.slunecnice.cz/sw/atf-cleaner/
- v menu nahoře vyberte záložku Firefox / Opera a klikněte na ni
- zatrhněte Select All a pak klikněte na Empty Selected
pozor - přijdete o všechna hesla uložená ve FF /Opere!
- Na záložce main zaškrtněte All users temp a potvrdte Empty selected
Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner
záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít
Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
Vložte log ze Rsitu s názvem LOG.TXT, viz můj podpis 
.
Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Smažte cache Opery/Firefoxu bud ručně nebo ATF Cleaneremhttp://www.slunecnice.cz/sw/atf-cleaner/
- v menu nahoře vyberte záložku Firefox / Opera a klikněte na ni
- zatrhněte Select All a pak klikněte na Empty Selected
pozor - přijdete o všechna hesla uložená ve FF /Opere!
- Na záložce main zaškrtněte All users temp a potvrdte Empty selected
Z mého podpisu stahněte Ccleaner- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner
záložka Registry- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy
ok zavřít Záložka Nástroje- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
Vložte log ze Rsitu s názvem LOG.TXT, viz můj podpis . Stahněte MBAM z mého podpisu-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
lubomirkos
- Návštěvník
- Příspěvky: 11
- Registrován: 19 dub 2010 09:02
Re: Avira - 'TR/Crypt.XPACK.Gen [trojan], co s tym?
diky, ale hezke zatial nieje . . .
zalozka firefox/opera je seda, neda s avybrat . . . firefox je portable verzia . . .
zalozka firefox/opera je seda, neda s avybrat . . . firefox je portable verzia . . .
Re: Avira - 'TR/Crypt.XPACK.Gen [trojan], co s tym?
Nevadi, i Ccleaner by to měl vyčistit
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
lubomirkos
- Návštěvník
- Příspěvky: 11
- Registrován: 19 dub 2010 09:02
Re: Avira - 'TR/Crypt.XPACK.Gen [trojan], co s tym?
Logfile of random's system information tool 1.06 (written by random/random)
Run by Lubo at 2010-04-19 11:41:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (20%) free of 30 GB
Total RAM: 3318 MB (78% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:18, on 19. 4. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Asuite\asuite.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\VMSnap23.exe
C:\WINDOWS\Domino.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\T\PidginPortable\PidginPortable.exe
C:\T\PidginPortable\App\Pidgin\pidgin-portable.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\T\CCleaner\CCleaner.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\TMP\RSIT.exe
C:\TMP\Lubo.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wincustomize.com/skins.asp?library=26
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [ASuite] C:\Asuite\asuite.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 1904221328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1904209843
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Cron service (CRON) - Unknown owner - D:\Zalohovanie\crons.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
--
End of file - 9393 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\ParetoLogic Registration.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-01 1377576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 1228800]
"IntelZeroConfig"=C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [2008-08-20 1368064]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2008-08-20 1191936]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-03-30 138008]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-03-30 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-03-30 138008]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"ASuite"=C:\Asuite\asuite.exe [2008-08-11 516608]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"BigDogPath323VMSnap"=C:\WINDOWS\VMSnap23.exe [2007-06-29 212992]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2007-12-10 695808]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
AVer HID Receiver.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe
VPN Client.lnk - C:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-03-30 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVerMedia\AVerTV\AVerTV.exe"="C:\Program Files\AVerMedia\AVerTV\AVerTV.exe:*:Disabled:AVerMedia TV Application"
"C:\T\FileZillaPortable\App\filezilla\filezilla.exe"="C:\T\FileZillaPortable\App\filezilla\filezilla.exe:*:Enabled:FileZilla FTP Client"
"C:\T\TeamViewer\TeamViewer.exe"="C:\T\TeamViewer\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"D:\xampplite\apache\bin\httpd.exe"="D:\xampplite\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"D:\xampplite\mysql\bin\mysqld.exe"="D:\xampplite\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\T\aMSNPortable\App\aMSN\bin\wish.exe"="C:\T\aMSNPortable\App\aMSN\bin\wish.exe:*:Enabled:Wish Application"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ASUS\Wireless Router Utilities\DiscoveryR.exe"="C:\Program Files\ASUS\Wireless Router Utilities\DiscoveryR.exe:*:Enabled:ASUS Device Discovery Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"E:\setup\HPZNET01.EXE"="E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"E:\setup\hppapd.exe"="E:\setup\hppapd.exe:*:Enabled:hppapd.exe"
"E:\setup\HPNTWKEXE.EXE"="E:\setup\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe"
"D:\xampplite\apache\bin\apache.exe"="D:\xampplite\apache\bin\apache.exe:*:Disabled:Apache HTTP Server"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
======List of files/folders created in the last 1 months======
2010-04-19 11:39:14 ----D---- C:\rsit
2010-04-19 09:20:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\RegCure
2010-04-19 09:11:10 ----A---- C:\rollback.ini
2010-04-19 09:05:46 ----D---- C:\Program Files\Common Files\ParetoLogic
2010-04-19 09:05:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\ParetoLogic
2010-04-12 22:05:16 ----A---- C:\WINDOWS\WDICT32.INI
2010-04-12 22:05:16 ----A---- C:\WINDOWS\KBDSC32.INI
2010-04-09 14:39:39 ----D---- C:\temp
2010-04-09 14:26:27 ----D---- C:\WINDOWS\Cache
2010-03-20 13:56:40 ----D---- C:\WINDOWS\Minidump
======List of files/folders modified in the last 1 months======
2010-04-19 11:41:17 ----D---- C:\TMP
2010-04-19 11:39:31 ----D---- C:\Documents and Settings\Lubo\Data aplikací\Skype
2010-04-19 11:24:48 ----D---- C:\WINDOWS\system32\drivers
2010-04-19 11:21:42 ----D---- C:\WINDOWS
2010-04-19 10:58:11 ----SD---- C:\WINDOWS\Tasks
2010-04-19 10:58:11 ----RD---- C:\Program Files
2010-04-19 10:58:00 ----SHD---- C:\WINDOWS\Installer
2010-04-19 10:58:00 ----HD---- C:\Config.Msi
2010-04-19 10:57:49 ----D---- C:\WINDOWS\system32
2010-04-19 10:49:59 ----D---- C:\Documents and Settings\Lubo\Data aplikací\Mozilla
2010-04-19 10:43:10 ----D---- C:\WINDOWS\Temp
2010-04-19 09:39:27 ----D---- C:\WINDOWS\Debug
2010-04-19 09:05:46 ----D---- C:\Program Files\Common Files
2010-04-18 20:41:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-18 20:36:14 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-18 20:35:07 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-04-16 19:33:49 ----D---- C:\Documents and Settings\Lubo\Data aplikací\gtk-2.0
2010-04-15 20:28:50 ----D---- C:\WINDOWS\Prefetch
2010-04-11 22:08:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-04-11 22:06:36 ----D---- C:\Program Files\Common Files\Adobe
2010-04-11 22:06:18 ----D---- C:\Program Files\Adobe
2010-04-11 20:49:42 ----A---- C:\WINDOWS\AVerText.ini
2010-04-10 20:36:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-10 20:36:37 ----A---- C:\WINDOWS\system32\svchost.exe
2010-04-07 22:01:01 ----D---- C:\Program Files\Skype
2010-04-07 16:05:59 ----D---- C:\Documents and Settings\Lubo\Data aplikací\skypePM
2010-03-26 15:04:59 ----A---- C:\WINDOWS\WINTRAN.INI
2010-03-26 15:04:13 ----A---- C:\WINDOWS\STXKBDTC.INI
2010-03-25 14:18:32 ----D---- C:\Documents and Settings\Lubo\Data aplikací\PC Suite
2010-03-24 21:06:41 ----N---- C:\WINDOWS\win.ini
2010-03-21 22:49:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVerTV
2010-03-21 16:20:23 ----HD---- C:\WINDOWS\inf
2010-03-21 15:23:14 ----D---- C:\WINDOWS\system32\appmgmt
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-30 75096]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-12-02 105872]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-08-04 11904]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
R3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-03-29 125328]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-12-23 68696]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25600]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-03-30 5704672]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-08-28 3632384]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2008-02-05 59960]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
R4 KLIF;KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [2010-01-14 186128]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner; C:\WINDOWS\system32\drivers\AVerFx2hbtv.sys [2009-07-01 436480]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 PORTMON;PORTMON; \??\C:\T\SysInternalsSuite\PORTMSYS.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vmfilter323;323 filter service, Normal; C:\WINDOWS\system32\drivers\vmfilter323.sys [2006-08-08 476672]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\T\RealTemp\WinRing0.sys []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 ZSMC326;CANYON USB PC Camera; C:\WINDOWS\System32\Drivers\usbvm323.sys [2007-04-03 260224]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2009-05-30 151297]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2009-05-30 68865]
R2 AVerRemote;AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-05-06 344064]
R2 AVerScheduleService;AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-12-10 405504]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2010-04-10 14336]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2008-08-29 1528608]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-08-20 860160]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2010-04-10 14336]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2007-07-20 475136]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-08-20 466944]
R2 S24EventMonitor;Intel® PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2008-08-20 905216]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [2008-08-20 348160]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2010-04-10 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-12-10 353280]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 CRON;Cron service; D:\Zalohovanie\crons.exe [2000-05-16 60928]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 FCI;FCI; C:\WINDOWS\system32\svchost.exe [2010-04-10 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Run by Lubo at 2010-04-19 11:41:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (20%) free of 30 GB
Total RAM: 3318 MB (78% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:18, on 19. 4. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Asuite\asuite.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\VMSnap23.exe
C:\WINDOWS\Domino.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\T\PidginPortable\PidginPortable.exe
C:\T\PidginPortable\App\Pidgin\pidgin-portable.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\T\CCleaner\CCleaner.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\TMP\RSIT.exe
C:\TMP\Lubo.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wincustomize.com/skins.asp?library=26
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [ASuite] C:\Asuite\asuite.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 1904221328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1904209843
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Cron service (CRON) - Unknown owner - D:\Zalohovanie\crons.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
--
End of file - 9393 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\ParetoLogic Registration.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-01 1377576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 1228800]
"IntelZeroConfig"=C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [2008-08-20 1368064]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2008-08-20 1191936]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-03-30 138008]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-03-30 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-03-30 138008]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"ASuite"=C:\Asuite\asuite.exe [2008-08-11 516608]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"BigDogPath323VMSnap"=C:\WINDOWS\VMSnap23.exe [2007-06-29 212992]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2007-12-10 695808]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
AVer HID Receiver.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe
VPN Client.lnk - C:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-03-30 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVerMedia\AVerTV\AVerTV.exe"="C:\Program Files\AVerMedia\AVerTV\AVerTV.exe:*:Disabled:AVerMedia TV Application"
"C:\T\FileZillaPortable\App\filezilla\filezilla.exe"="C:\T\FileZillaPortable\App\filezilla\filezilla.exe:*:Enabled:FileZilla FTP Client"
"C:\T\TeamViewer\TeamViewer.exe"="C:\T\TeamViewer\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"D:\xampplite\apache\bin\httpd.exe"="D:\xampplite\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"D:\xampplite\mysql\bin\mysqld.exe"="D:\xampplite\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\T\aMSNPortable\App\aMSN\bin\wish.exe"="C:\T\aMSNPortable\App\aMSN\bin\wish.exe:*:Enabled:Wish Application"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ASUS\Wireless Router Utilities\DiscoveryR.exe"="C:\Program Files\ASUS\Wireless Router Utilities\DiscoveryR.exe:*:Enabled:ASUS Device Discovery Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"E:\setup\HPZNET01.EXE"="E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"E:\setup\hppapd.exe"="E:\setup\hppapd.exe:*:Enabled:hppapd.exe"
"E:\setup\HPNTWKEXE.EXE"="E:\setup\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe"
"D:\xampplite\apache\bin\apache.exe"="D:\xampplite\apache\bin\apache.exe:*:Disabled:Apache HTTP Server"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
======List of files/folders created in the last 1 months======
2010-04-19 11:39:14 ----D---- C:\rsit
2010-04-19 09:20:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\RegCure
2010-04-19 09:11:10 ----A---- C:\rollback.ini
2010-04-19 09:05:46 ----D---- C:\Program Files\Common Files\ParetoLogic
2010-04-19 09:05:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\ParetoLogic
2010-04-12 22:05:16 ----A---- C:\WINDOWS\WDICT32.INI
2010-04-12 22:05:16 ----A---- C:\WINDOWS\KBDSC32.INI
2010-04-09 14:39:39 ----D---- C:\temp
2010-04-09 14:26:27 ----D---- C:\WINDOWS\Cache
2010-03-20 13:56:40 ----D---- C:\WINDOWS\Minidump
======List of files/folders modified in the last 1 months======
2010-04-19 11:41:17 ----D---- C:\TMP
2010-04-19 11:39:31 ----D---- C:\Documents and Settings\Lubo\Data aplikací\Skype
2010-04-19 11:24:48 ----D---- C:\WINDOWS\system32\drivers
2010-04-19 11:21:42 ----D---- C:\WINDOWS
2010-04-19 10:58:11 ----SD---- C:\WINDOWS\Tasks
2010-04-19 10:58:11 ----RD---- C:\Program Files
2010-04-19 10:58:00 ----SHD---- C:\WINDOWS\Installer
2010-04-19 10:58:00 ----HD---- C:\Config.Msi
2010-04-19 10:57:49 ----D---- C:\WINDOWS\system32
2010-04-19 10:49:59 ----D---- C:\Documents and Settings\Lubo\Data aplikací\Mozilla
2010-04-19 10:43:10 ----D---- C:\WINDOWS\Temp
2010-04-19 09:39:27 ----D---- C:\WINDOWS\Debug
2010-04-19 09:05:46 ----D---- C:\Program Files\Common Files
2010-04-18 20:41:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-18 20:36:14 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-18 20:35:07 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-04-16 19:33:49 ----D---- C:\Documents and Settings\Lubo\Data aplikací\gtk-2.0
2010-04-15 20:28:50 ----D---- C:\WINDOWS\Prefetch
2010-04-11 22:08:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-04-11 22:06:36 ----D---- C:\Program Files\Common Files\Adobe
2010-04-11 22:06:18 ----D---- C:\Program Files\Adobe
2010-04-11 20:49:42 ----A---- C:\WINDOWS\AVerText.ini
2010-04-10 20:36:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-10 20:36:37 ----A---- C:\WINDOWS\system32\svchost.exe
2010-04-07 22:01:01 ----D---- C:\Program Files\Skype
2010-04-07 16:05:59 ----D---- C:\Documents and Settings\Lubo\Data aplikací\skypePM
2010-03-26 15:04:59 ----A---- C:\WINDOWS\WINTRAN.INI
2010-03-26 15:04:13 ----A---- C:\WINDOWS\STXKBDTC.INI
2010-03-25 14:18:32 ----D---- C:\Documents and Settings\Lubo\Data aplikací\PC Suite
2010-03-24 21:06:41 ----N---- C:\WINDOWS\win.ini
2010-03-21 22:49:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVerTV
2010-03-21 16:20:23 ----HD---- C:\WINDOWS\inf
2010-03-21 15:23:14 ----D---- C:\WINDOWS\system32\appmgmt
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-30 75096]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-12-02 105872]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-08-04 11904]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
R3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-03-29 125328]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-12-23 68696]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25600]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-03-30 5704672]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-08-28 3632384]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2008-02-05 59960]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
R4 KLIF;KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [2010-01-14 186128]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner; C:\WINDOWS\system32\drivers\AVerFx2hbtv.sys [2009-07-01 436480]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 PORTMON;PORTMON; \??\C:\T\SysInternalsSuite\PORTMSYS.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vmfilter323;323 filter service, Normal; C:\WINDOWS\system32\drivers\vmfilter323.sys [2006-08-08 476672]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\T\RealTemp\WinRing0.sys []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 ZSMC326;CANYON USB PC Camera; C:\WINDOWS\System32\Drivers\usbvm323.sys [2007-04-03 260224]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2009-05-30 151297]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2009-05-30 68865]
R2 AVerRemote;AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-05-06 344064]
R2 AVerScheduleService;AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-12-10 405504]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2010-04-10 14336]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2008-08-29 1528608]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-08-20 860160]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2010-04-10 14336]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2007-07-20 475136]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-08-20 466944]
R2 S24EventMonitor;Intel® PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2008-08-20 905216]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [2008-08-20 348160]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2010-04-10 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-12-10 353280]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 CRON;Cron service; D:\Zalohovanie\crons.exe [2000-05-16 60928]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 FCI;FCI; C:\WINDOWS\system32\svchost.exe [2010-04-10 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: Avira - 'TR/Crypt.XPACK.Gen [trojan], co s tym?
Fajn, ještě mbam a napište, jak to vypadá s počítačem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
lubomirkos
- Návštěvník
- Příspěvky: 11
- Registrován: 19 dub 2010 09:02
Re: Avira - 'TR/Crypt.XPACK.Gen [trojan], co s tym?
ten este bezi . . .
avira to hlasila niekedy aj 2-3x za 15 min, niekedy len raz za 2-3 hodiny . . . takze uvidim . . .
avira to hlasila niekedy aj 2-3x za 15 min, niekedy len raz za 2-3 hodiny . . . takze uvidim . . .
-
lubomirkos
- Návštěvník
- Příspěvky: 11
- Registrován: 19 dub 2010 09:02
Re: Avira - 'TR/Crypt.XPACK.Gen [trojan], co s tym?
Takze pred chvilkou to tu bolo zase . . . Avira zahulakala . . .
-
lubomirkos
- Návštěvník
- Příspěvky: 11
- Registrován: 19 dub 2010 09:02
Re: Avira - 'TR/Crypt.XPACK.Gen [trojan], co s tym?
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Verze databáze: 4006
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
19. 4. 2010 12:21:21
mbam-log-2010-04-19 (12-21-21).txt
Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 86306
Uplynulý čas: 34 minuta(y), 52 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 2
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\WINDOWS\system32\Itcc.dll (Backdoor.VB) -> No action taken.
C:\WINDOWS\system32\drivers\uhxvd.sys (Rootkit.Agent) -> No action taken.
www.malwarebytes.org
Verze databáze: 4006
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
19. 4. 2010 12:21:21
mbam-log-2010-04-19 (12-21-21).txt
Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 86306
Uplynulý čas: 34 minuta(y), 52 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 2
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\WINDOWS\system32\Itcc.dll (Backdoor.VB) -> No action taken.
C:\WINDOWS\system32\drivers\uhxvd.sys (Rootkit.Agent) -> No action taken.
Re: Avira - 'TR/Crypt.XPACK.Gen [trojan], co s tym?
Co našel mbam, smažte.
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe - ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
lubomirkos
- Návštěvník
- Příspěvky: 11
- Registrován: 19 dub 2010 09:02
Re: Avira - 'TR/Crypt.XPACK.Gen [trojan], co s tym?
ComboFix 10-04-18.04 - Lubo . 04. 2010 13:15:07.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3318.2682 [GMT 2:00]
Running from: c:\documents and settings\Lubo\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\pthreadVC.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FCI
-------\Service_FCI
((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))
.
2010-04-19 11:09 . 2010-04-19 11:10 -------- d-----w- c:\windows\system32\NtmsData
2010-04-19 11:06 . 2010-04-19 11:06 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2010-04-19 11:06 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-19 11:06 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-19 11:06 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-19 11:06 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-19 11:06 . 2010-04-19 11:06 -------- d-----w- c:\program files\Avira
2010-04-19 09:44 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-19 09:44 . 2010-04-19 09:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 09:44 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-19 09:39 . 2010-04-19 09:39 -------- d-----w- C:\rsit
2010-04-19 07:11 . 2010-04-19 10:38 2836768 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-19 07:11 . 2010-04-19 10:38 20000 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-04-19 07:05 . 2010-04-19 08:57 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-04-19 07:01 . 2010-04-19 07:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-09 12:39 . 2010-04-09 12:39 -------- d-----w- C:\temp
2010-04-09 12:39 . 2010-03-31 08:32 -------- d---a-w- c:\temp\package
2010-04-09 12:39 . 2010-03-31 08:31 222728 ----a-w- c:\temp\setup.exe
2010-04-09 12:26 . 2010-04-09 12:26 -------- d-----w- c:\windows\Cache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 11:22 . 2009-12-29 12:06 802304 ----a-w- c:\windows\system32\drivers\uhxvd.sys
2010-04-19 11:09 . 2001-10-25 12:00 83474 ----a-w- c:\windows\system32\perfc005.dat
2010-04-19 11:09 . 2001-10-25 12:00 438050 ----a-w- c:\windows\system32\perfh005.dat
2010-04-19 10:38 . 2010-04-19 07:11 2924 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-04-19 10:38 . 2010-04-19 07:11 40112 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-11 20:06 . 2009-05-30 20:10 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-10 18:36 . 2004-08-17 13:49 14336 ----a-w- c:\windows\system32\svchost.exe
2010-04-07 20:01 . 2009-05-30 20:12 -------- d-----w- c:\program files\Skype
2010-03-12 09:36 . 2009-11-12 17:50 -------- d-----w- c:\program files\Windows Live
2010-03-09 11:46 . 2010-03-09 11:46 -------- d-----w- c:\program files\Vimicro
2010-03-09 11:46 . 2009-05-30 19:32 -------- d--h--w- c:\program files\InstallShield Installation Information
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"ASuite"="c:\asuite\asuite.exe" [2008-08-11 516608]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"BigDogPath323VMSnap"="c:\windows\VMSnap23.exe" [2007-06-29 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-6-17 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-6-17 651264]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2009-5-30 155648]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-6-3 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVerMedia\\AVerTV\\AVerTV.exe"=
"c:\\T\\FileZillaPortable\\App\\filezilla\\filezilla.exe"=
"c:\\T\\TeamViewer\\TeamViewer.exe"=
"d:\\xampplite\\apache\\bin\\httpd.exe"=
"d:\\xampplite\\mysql\\bin\\mysqld.exe"=
"c:\\T\\aMSNPortable\\App\\aMSN\\bin\\wish.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ASUS\\Wireless Router Utilities\\DiscoveryR.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\xampplite\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [19. 4. 2010 13:06 135336]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [17. 6. 2009 22:54 344064]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [17. 6. 2009 22:54 405504]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [12. 6. 2009 12:34 436480]
S3 CRON;Cron service;d:\zalohovanie\crons.exe [16. 5. 2000 0:30 60928]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [19. 4. 2010 11:44 38224]
S3 PORTMON;PORTMON;\??\c:\t\SysInternalsSuite\PORTMSYS.SYS --> c:\t\SysInternalsSuite\PORTMSYS.SYS [?]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [9. 3. 2010 13:47 476672]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\t\RealTemp\WinRing0.sys [2. 7. 2009 12:30 14416]
S3 ZSMC326;CANYON USB PC Camera;c:\windows\system32\drivers\usbvm323.sys [9. 3. 2010 13:47 260224]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - SSMDRV
*Deregistered* - uhxvd
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = hxxp://www.wincustomize.com/skins.asp?library=26
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 13:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uhxvd]
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1768)
c:\windows\system32\netprovcredman.dll
- - - - - - - > 'explorer.exe'(2324)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Completion time: 2010-04-19 13:23:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-19 11:23
Pre-Run: 5 921 841 152
Post-Run: 5 909 561 344
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 3340E4D958F3BAFFDD6B914E3A0D54FB
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3318.2682 [GMT 2:00]
Running from: c:\documents and settings\Lubo\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\pthreadVC.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FCI
-------\Service_FCI
((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))
.
2010-04-19 11:09 . 2010-04-19 11:10 -------- d-----w- c:\windows\system32\NtmsData
2010-04-19 11:06 . 2010-04-19 11:06 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2010-04-19 11:06 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-19 11:06 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-19 11:06 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-19 11:06 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-19 11:06 . 2010-04-19 11:06 -------- d-----w- c:\program files\Avira
2010-04-19 09:44 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-19 09:44 . 2010-04-19 09:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 09:44 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-19 09:39 . 2010-04-19 09:39 -------- d-----w- C:\rsit
2010-04-19 07:11 . 2010-04-19 10:38 2836768 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-19 07:11 . 2010-04-19 10:38 20000 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-04-19 07:05 . 2010-04-19 08:57 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-04-19 07:01 . 2010-04-19 07:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-09 12:39 . 2010-04-09 12:39 -------- d-----w- C:\temp
2010-04-09 12:39 . 2010-03-31 08:32 -------- d---a-w- c:\temp\package
2010-04-09 12:39 . 2010-03-31 08:31 222728 ----a-w- c:\temp\setup.exe
2010-04-09 12:26 . 2010-04-09 12:26 -------- d-----w- c:\windows\Cache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 11:22 . 2009-12-29 12:06 802304 ----a-w- c:\windows\system32\drivers\uhxvd.sys
2010-04-19 11:09 . 2001-10-25 12:00 83474 ----a-w- c:\windows\system32\perfc005.dat
2010-04-19 11:09 . 2001-10-25 12:00 438050 ----a-w- c:\windows\system32\perfh005.dat
2010-04-19 10:38 . 2010-04-19 07:11 2924 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-04-19 10:38 . 2010-04-19 07:11 40112 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-11 20:06 . 2009-05-30 20:10 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-10 18:36 . 2004-08-17 13:49 14336 ----a-w- c:\windows\system32\svchost.exe
2010-04-07 20:01 . 2009-05-30 20:12 -------- d-----w- c:\program files\Skype
2010-03-12 09:36 . 2009-11-12 17:50 -------- d-----w- c:\program files\Windows Live
2010-03-09 11:46 . 2010-03-09 11:46 -------- d-----w- c:\program files\Vimicro
2010-03-09 11:46 . 2009-05-30 19:32 -------- d--h--w- c:\program files\InstallShield Installation Information
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"ASuite"="c:\asuite\asuite.exe" [2008-08-11 516608]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"BigDogPath323VMSnap"="c:\windows\VMSnap23.exe" [2007-06-29 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-6-17 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-6-17 651264]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2009-5-30 155648]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-6-3 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVerMedia\\AVerTV\\AVerTV.exe"=
"c:\\T\\FileZillaPortable\\App\\filezilla\\filezilla.exe"=
"c:\\T\\TeamViewer\\TeamViewer.exe"=
"d:\\xampplite\\apache\\bin\\httpd.exe"=
"d:\\xampplite\\mysql\\bin\\mysqld.exe"=
"c:\\T\\aMSNPortable\\App\\aMSN\\bin\\wish.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ASUS\\Wireless Router Utilities\\DiscoveryR.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\xampplite\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [19. 4. 2010 13:06 135336]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [17. 6. 2009 22:54 344064]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [17. 6. 2009 22:54 405504]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [12. 6. 2009 12:34 436480]
S3 CRON;Cron service;d:\zalohovanie\crons.exe [16. 5. 2000 0:30 60928]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [19. 4. 2010 11:44 38224]
S3 PORTMON;PORTMON;\??\c:\t\SysInternalsSuite\PORTMSYS.SYS --> c:\t\SysInternalsSuite\PORTMSYS.SYS [?]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [9. 3. 2010 13:47 476672]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\t\RealTemp\WinRing0.sys [2. 7. 2009 12:30 14416]
S3 ZSMC326;CANYON USB PC Camera;c:\windows\system32\drivers\usbvm323.sys [9. 3. 2010 13:47 260224]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - SSMDRV
*Deregistered* - uhxvd
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = hxxp://www.wincustomize.com/skins.asp?library=26
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 13:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uhxvd]
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1768)
c:\windows\system32\netprovcredman.dll
- - - - - - - > 'explorer.exe'(2324)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Completion time: 2010-04-19 13:23:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-19 11:23
Pre-Run: 5 921 841 152
Post-Run: 5 909 561 344
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 3340E4D958F3BAFFDD6B914E3A0D54FB
Re: Avira - 'TR/Crypt.XPACK.Gen [trojan], co s tym?
Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
KillAll::
Driver::
uhxvd
Collect::
c:\windows\system32\drivers\uhxvd.sys
File::
c:\temp\setup.exe
Restore::
c:\windows\system32\drivers\tcpip.sys
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
tuto webovou stránku znáte?http://www.wincustomize.com/skins.asp?library=26
Otestujte na http://www.virustotal.comd:\zalohovanie\crons.exe
c:\windows\system32\svchost.exe
-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
lubomirkos
- Návštěvník
- Příspěvky: 11
- Registrován: 19 dub 2010 09:02
Re: Avira - 'TR/Crypt.XPACK.Gen [trojan], co s tym?
Takze vcera uz anitivir nehulakal, ale aj tak:
ComboFix 10-04-19.05 - Lubo . 04. 2010 14:02:07.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3318.1868 [GMT 2:00]
Running from: c:\documents and settings\Lubo\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Lubo\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"c:\temp\setup.exe"
file zipped: c:\windows\system32\drivers\uhxvd.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\temp\setup.exe
c:\windows\system32\drivers\uhxvd.sys
Infected copy of c:\windows\system32\drivers\tcpip.sys was found and disinfected
Restored copy from - c:\windows\system32\dllcache\tcpip.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_UHXVD
-------\Service_uhxvd
((((((((((((((((((((((((( Files Created from 2010-03-20 to 2010-04-20 )))))))))))))))))))))))))))))))
.
2010-04-19 12:54 . 2010-04-19 12:56 -------- d-----w- C:\My Web Sites5
2010-04-19 12:32 . 2010-04-19 12:32 -------- d-----w- C:\My Web Sites3
2010-04-19 12:24 . 2010-04-19 12:25 -------- d-----w- C:\My Web Sites1
2010-04-19 11:40 . 2010-04-19 11:40 -------- d-----w- c:\program files\WinHTTrack
2010-04-19 11:09 . 2010-04-19 11:10 -------- d-----w- c:\windows\system32\NtmsData
2010-04-19 11:06 . 2010-04-19 11:06 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2010-04-19 11:06 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-19 11:06 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-19 11:06 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-19 11:06 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-19 11:06 . 2010-04-19 11:06 -------- d-----w- c:\program files\Avira
2010-04-19 09:44 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-19 09:44 . 2010-04-19 09:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 09:44 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-19 09:39 . 2010-04-19 09:39 -------- d-----w- C:\rsit
2010-04-19 07:11 . 2010-04-19 10:38 2836768 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-19 07:11 . 2010-04-19 10:38 20000 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-04-19 07:05 . 2010-04-19 08:57 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-04-19 07:01 . 2010-04-19 07:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-09 12:39 . 2010-04-20 12:05 -------- d-----w- C:\temp
2010-04-09 12:39 . 2010-03-31 08:32 -------- d---a-w- c:\temp\package
2010-04-09 12:26 . 2010-04-09 12:26 -------- d-----w- c:\windows\Cache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 11:23 . 2001-10-25 12:00 83474 ----a-w- c:\windows\system32\perfc005.dat
2010-04-19 11:23 . 2001-10-25 12:00 438050 ----a-w- c:\windows\system32\perfh005.dat
2010-04-19 10:38 . 2010-04-19 07:11 2924 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-04-19 10:38 . 2010-04-19 07:11 40112 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-11 20:06 . 2009-05-30 20:10 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-10 18:36 . 2004-08-17 13:49 14336 ----a-w- c:\windows\system32\svchost.exe
2010-04-07 20:01 . 2009-05-30 20:12 -------- d-----w- c:\program files\Skype
2010-03-12 09:36 . 2009-11-12 17:50 -------- d-----w- c:\program files\Windows Live
2010-03-09 11:46 . 2010-03-09 11:46 -------- d-----w- c:\program files\Vimicro
2010-03-09 11:46 . 2009-05-30 19:32 -------- d--h--w- c:\program files\InstallShield Installation Information
.
((((((((((((((((((((((((((((( SnapShot@2010-04-19_11.20.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-10-25 12:00 . 2010-04-19 11:09 72010 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2010-04-19 11:23 72010 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2010-04-19 11:23 441692 c:\windows\system32\perfh009.dat
- 2001-10-25 12:00 . 2010-04-19 11:09 441692 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"ASuite"="c:\asuite\asuite.exe" [2008-08-11 516608]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"BigDogPath323VMSnap"="c:\windows\VMSnap23.exe" [2007-06-29 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-6-17 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-6-17 651264]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2009-5-30 155648]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-6-3 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVerMedia\\AVerTV\\AVerTV.exe"=
"c:\\T\\FileZillaPortable\\App\\filezilla\\filezilla.exe"=
"c:\\T\\TeamViewer\\TeamViewer.exe"=
"d:\\xampplite\\apache\\bin\\httpd.exe"=
"d:\\xampplite\\mysql\\bin\\mysqld.exe"=
"c:\\T\\aMSNPortable\\App\\aMSN\\bin\\wish.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ASUS\\Wireless Router Utilities\\DiscoveryR.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\xampplite\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [19. 4. 2010 13:06 135336]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [17. 6. 2009 22:54 344064]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [17. 6. 2009 22:54 405504]
R3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [12. 6. 2009 12:34 436480]
S3 CRON;Cron service;d:\zalohovanie\crons.exe [16. 5. 2000 0:30 60928]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [19. 4. 2010 11:44 38224]
S3 PORTMON;PORTMON;\??\c:\t\SysInternalsSuite\PORTMSYS.SYS --> c:\t\SysInternalsSuite\PORTMSYS.SYS [?]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [9. 3. 2010 13:47 476672]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\t\RealTemp\WinRing0.sys [2. 7. 2009 12:30 14416]
S3 ZSMC326;CANYON USB PC Camera;c:\windows\system32\drivers\usbvm323.sys [9. 3. 2010 13:47 260224]
.
.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = hxxp://www.wincustomize.com/skins.asp?library=26
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-20 14:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1748)
c:\windows\system32\netprovcredman.dll
- - - - - - - > 'explorer.exe'(2536)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-04-20 14:11:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-20 12:11
ComboFix.txt 2010-04-19 11:23
Pre-Run: 5 450 829 824
Post-Run: 5 552 488 448
- - End Of File - - F3F8601A5BA47CFDA374B9F650CD1EF6
tuto webovou stránku znáte?
http://www.wincustomize.com/skins.asp?library=26
>>>> stranka nenajdena
CRONS.EXE
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.20 -
AhnLab-V3 5.0.0.2 2010.04.20 -
AntiVir 7.10.6.142 2010.04.20 -
Antiy-AVL 2.0.3.7 2010.04.19 -
Authentium 5.2.0.5 2010.04.20 -
Avast 4.8.1351.0 2010.04.20 -
Avast5 5.0.332.0 2010.04.20 -
AVG 9.0.0.787 2010.04.20 -
BitDefender 7.2 2010.04.20 -
CAT-QuickHeal 10.00 2010.04.20 -
ClamAV 0.96.0.3-git 2010.04.20 -
Comodo 4652 2010.04.20 -
DrWeb 5.0.2.03300 2010.04.20 -
eSafe 7.0.17.0 2010.04.18 Win32.Looked.BK
eTrust-Vet 35.2.7436 2010.04.20 -
F-Prot 4.5.1.85 2010.04.20 -
F-Secure 9.0.15370.0 2010.04.20 -
Fortinet 4.0.14.0 2010.04.20 -
GData 19 2010.04.20 -
Ikarus T3.1.1.80.0 2010.04.20 -
Jiangmin 13.0.900 2010.04.20 -
Kaspersky 7.0.0.125 2010.04.20 -
McAfee 5.400.0.1158 2010.04.20 -
McAfee-GW-Edition 6.8.5 2010.04.20 -
Microsoft 1.5703 2010.04.20 -
NOD32 5043 2010.04.20 -
Norman 6.04.11 2010.04.20 -
nProtect 2010-04-20.01 2010.04.20 -
Panda 10.0.2.7 2010.04.19 -
PCTools 7.0.3.5 2010.04.20 -
Prevx 3.0 2010.04.20 -
Rising 22.44.01.03 2010.04.20 -
Sophos 4.52.0 2010.04.20 -
Sunbelt 6199 2010.04.20 -
Symantec 20091.2.0.41 2010.04.20 -
TheHacker 6.5.2.0.265 2010.04.19 -
TrendMicro 9.120.0.1004 2010.04.20 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.20 -
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.19 -
Additional information
File size: 39424 bytes
MD5...: 611d62fd3c22dad606a26d3ab00a9360
SHA1..: ed18454f654d5b19aeef531805df7bf051ea9909
SHA256: b6be19c4925609de30a787647e46440a8bd85e398bc4101aee5d8bd66604092f
ssdeep: 768:LBFqMpLKRRGReQw5SHcIImr0l3SmI/GqS/:9FqsLKRwf8eS3SmI/c/
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x807c
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)
( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x70a0 0x7200 6.58 01760dfce39f3e55a7613e0490019cf1
DATA 0x9000 0x19c 0x200 3.62 4ad51996f46b4c1a382b944f277a3db9
BSS 0xa000 0x560 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0xb000 0x57c 0x600 4.17 af821d527eccf1ebac927c55de15ee73
.tls 0xc000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xd000 0x18 0x200 0.20 67c6f08ad59a25de1d0086b839500bc5
.reloc 0xe000 0x630 0x800 5.72 99358d08409584f2c6a6db82cda6928b
.rsrc 0xf000 0x1200 0x1200 3.58 be64cf073bdada775644b56ad448ece5
( 7 imports )
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, SetCurrentDirectoryA, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, GetCurrentDirectoryA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, ExitProcess, CreateFileA, CloseHandle
> user32.dll: MessageBoxA
> oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
> kernel32.dll: Sleep, SetThreadPriority, SetPriorityClass, GetVersionExA, GetSystemDefaultLCID, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetCurrentThread, GetCurrentProcess, CreateMutexA, CloseHandle
> user32.dll: MessageBoxA, LoadStringA
> winmm.dll: timeSetEvent, timeKillEvent
> shell32.dll: ShellExecuteA
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Borland Delphi 3 (87.6%)
Win32 Executable Delphi generic (4.9%)
Win32 Executable Generic (2.8%)
Win32 Dynamic Link Library (generic) (2.5%)
Win16/32 Executable Delphi generic (0.6%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
SVChost
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.20 -
AhnLab-V3 5.0.0.2 2010.04.20 -
AntiVir 7.10.6.142 2010.04.20 -
Antiy-AVL 2.0.3.7 2010.04.19 -
Authentium 5.2.0.5 2010.04.20 -
Avast 4.8.1351.0 2010.04.20 -
Avast5 5.0.332.0 2010.04.20 -
AVG 9.0.0.787 2010.04.20 -
BitDefender 7.2 2010.04.20 -
CAT-QuickHeal 10.00 2010.04.20 -
ClamAV 0.96.0.3-git 2010.04.20 -
Comodo 4652 2010.04.20 -
DrWeb 5.0.2.03300 2010.04.20 -
eSafe 7.0.17.0 2010.04.18 -
eTrust-Vet 35.2.7436 2010.04.20 -
F-Prot 4.5.1.85 2010.04.20 -
F-Secure 9.0.15370.0 2010.04.20 -
Fortinet 4.0.14.0 2010.04.20 -
GData 19 2010.04.20 -
Ikarus T3.1.1.80.0 2010.04.20 -
Jiangmin 13.0.900 2010.04.20 -
Kaspersky 7.0.0.125 2010.04.20 -
McAfee 5.400.0.1158 2010.04.20 W32/Wecorl.a
McAfee-GW-Edition 6.8.5 2010.04.20 -
Microsoft 1.5703 2010.04.20 -
NOD32 5043 2010.04.20 -
Norman 6.04.11 2010.04.20 -
nProtect 2010-04-20.01 2010.04.20 -
Panda 10.0.2.7 2010.04.19 -
PCTools 7.0.3.5 2010.04.20 -
Prevx 3.0 2010.04.20 -
Rising 22.44.01.03 2010.04.20 -
Sophos 4.52.0 2010.04.20 -
Sunbelt 6199 2010.04.20 -
Symantec 20091.2.0.41 2010.04.20 -
TheHacker 6.5.2.0.265 2010.04.19 -
TrendMicro 9.120.0.1004 2010.04.20 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.20 -
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.19 -
Additional information
File size: 14336 bytes
MD5...: be4a520e29b6391f49e79ccc52044d93
SHA1..: f87c6ea4a068ed7f515b20e5f5f22c0329403fad
SHA256: dd4fed011a9574094b0278e801686666441dfd3acd52e9f979cb85419dd04cf2
ssdeep: 384:SKvi+JmG6yqlCRaJt4RHS5LutGJae7g9VJnpWCNJbW:SocG6xlCRaJKGOA7S
HJ
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2509
timedatestamp.....: 0x48025bc0 (Sun Apr 13 19:15:12 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2c00 0x2c00 6.29 3fc505520ad9ee2f32bb888c6943d471
.data 0x4000 0x210 0x200 1.62 cbd504e46c836e09e8faabdcfbabaec2
.rsrc 0x5000 0x408 0x600 2.51 dcede0c303bbb48c6875eb64477e5882
( 4 imports )
> ADVAPI32.dll: RegQueryValueExW, SetSecurityDescriptorDacl, SetEntriesInAclW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, RegOpenKeyExW, StartServiceCtrlDispatcherW
> KERNEL32.dll: HeapFree, GetLastError, WideCharToMultiByte, lstrlenW, LocalFree, GetCurrentProcess, GetCurrentThread, GetProcAddress, LoadLibraryExW, LeaveCriticalSection, HeapAlloc, EnterCriticalSection, LCMapStringW, FreeLibrary, lstrcpyW, ExpandEnvironmentStringsW, lstrcmpiW, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, SetUnhandledExceptionFilter, RegisterWaitForSingleObject, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, LocalAlloc, lstrcmpW, DelayLoadFailureHook
> ntdll.dll: NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, wcscat, wcscpy, RtlAllocateHeap, RtlCompareUnicodeString, RtlInitUnicodeString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtClose, RtlSubAuthorityCountSid, RtlGetDaclSecurityDescriptor, RtlQueryInformationAcl, RtlGetAce, RtlImageNtHeader, wcslen, RtlUnhandledExceptionFilter, RtlCopySid
> RPCRT4.dll: RpcServerUnregisterIfEx, RpcMgmtWaitServerListen, RpcMgmtSetServerStackSize, RpcServerUnregisterIf, RpcServerListen, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcMapWin32Status, RpcMgmtStopServerListening
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Generic Host Process for Win32 Services
original name: svchost.exe
internal name: svchost.exe
file version.: 5.1.2600.5512 (xpsp.080413-2111)
comments.....: n/a
signers......: -
signing date.: -
ComboFix 10-04-19.05 - Lubo . 04. 2010 14:02:07.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3318.1868 [GMT 2:00]
Running from: c:\documents and settings\Lubo\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Lubo\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"c:\temp\setup.exe"
file zipped: c:\windows\system32\drivers\uhxvd.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\temp\setup.exe
c:\windows\system32\drivers\uhxvd.sys
Infected copy of c:\windows\system32\drivers\tcpip.sys was found and disinfected
Restored copy from - c:\windows\system32\dllcache\tcpip.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_UHXVD
-------\Service_uhxvd
((((((((((((((((((((((((( Files Created from 2010-03-20 to 2010-04-20 )))))))))))))))))))))))))))))))
.
2010-04-19 12:54 . 2010-04-19 12:56 -------- d-----w- C:\My Web Sites5
2010-04-19 12:32 . 2010-04-19 12:32 -------- d-----w- C:\My Web Sites3
2010-04-19 12:24 . 2010-04-19 12:25 -------- d-----w- C:\My Web Sites1
2010-04-19 11:40 . 2010-04-19 11:40 -------- d-----w- c:\program files\WinHTTrack
2010-04-19 11:09 . 2010-04-19 11:10 -------- d-----w- c:\windows\system32\NtmsData
2010-04-19 11:06 . 2010-04-19 11:06 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2010-04-19 11:06 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-19 11:06 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-19 11:06 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-19 11:06 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-19 11:06 . 2010-04-19 11:06 -------- d-----w- c:\program files\Avira
2010-04-19 09:44 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-19 09:44 . 2010-04-19 09:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 09:44 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-19 09:39 . 2010-04-19 09:39 -------- d-----w- C:\rsit
2010-04-19 07:11 . 2010-04-19 10:38 2836768 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-19 07:11 . 2010-04-19 10:38 20000 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-04-19 07:05 . 2010-04-19 08:57 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-04-19 07:01 . 2010-04-19 07:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-09 12:39 . 2010-04-20 12:05 -------- d-----w- C:\temp
2010-04-09 12:39 . 2010-03-31 08:32 -------- d---a-w- c:\temp\package
2010-04-09 12:26 . 2010-04-09 12:26 -------- d-----w- c:\windows\Cache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 11:23 . 2001-10-25 12:00 83474 ----a-w- c:\windows\system32\perfc005.dat
2010-04-19 11:23 . 2001-10-25 12:00 438050 ----a-w- c:\windows\system32\perfh005.dat
2010-04-19 10:38 . 2010-04-19 07:11 2924 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-04-19 10:38 . 2010-04-19 07:11 40112 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-11 20:06 . 2009-05-30 20:10 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-10 18:36 . 2004-08-17 13:49 14336 ----a-w- c:\windows\system32\svchost.exe
2010-04-07 20:01 . 2009-05-30 20:12 -------- d-----w- c:\program files\Skype
2010-03-12 09:36 . 2009-11-12 17:50 -------- d-----w- c:\program files\Windows Live
2010-03-09 11:46 . 2010-03-09 11:46 -------- d-----w- c:\program files\Vimicro
2010-03-09 11:46 . 2009-05-30 19:32 -------- d--h--w- c:\program files\InstallShield Installation Information
.
((((((((((((((((((((((((((((( SnapShot@2010-04-19_11.20.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-10-25 12:00 . 2010-04-19 11:09 72010 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2010-04-19 11:23 72010 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2010-04-19 11:23 441692 c:\windows\system32\perfh009.dat
- 2001-10-25 12:00 . 2010-04-19 11:09 441692 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"ASuite"="c:\asuite\asuite.exe" [2008-08-11 516608]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"BigDogPath323VMSnap"="c:\windows\VMSnap23.exe" [2007-06-29 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-6-17 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-6-17 651264]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2009-5-30 155648]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-6-3 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVerMedia\\AVerTV\\AVerTV.exe"=
"c:\\T\\FileZillaPortable\\App\\filezilla\\filezilla.exe"=
"c:\\T\\TeamViewer\\TeamViewer.exe"=
"d:\\xampplite\\apache\\bin\\httpd.exe"=
"d:\\xampplite\\mysql\\bin\\mysqld.exe"=
"c:\\T\\aMSNPortable\\App\\aMSN\\bin\\wish.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ASUS\\Wireless Router Utilities\\DiscoveryR.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\xampplite\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [19. 4. 2010 13:06 135336]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [17. 6. 2009 22:54 344064]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [17. 6. 2009 22:54 405504]
R3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [12. 6. 2009 12:34 436480]
S3 CRON;Cron service;d:\zalohovanie\crons.exe [16. 5. 2000 0:30 60928]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [19. 4. 2010 11:44 38224]
S3 PORTMON;PORTMON;\??\c:\t\SysInternalsSuite\PORTMSYS.SYS --> c:\t\SysInternalsSuite\PORTMSYS.SYS [?]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [9. 3. 2010 13:47 476672]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\t\RealTemp\WinRing0.sys [2. 7. 2009 12:30 14416]
S3 ZSMC326;CANYON USB PC Camera;c:\windows\system32\drivers\usbvm323.sys [9. 3. 2010 13:47 260224]
.
.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = hxxp://www.wincustomize.com/skins.asp?library=26
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-20 14:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1748)
c:\windows\system32\netprovcredman.dll
- - - - - - - > 'explorer.exe'(2536)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-04-20 14:11:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-20 12:11
ComboFix.txt 2010-04-19 11:23
Pre-Run: 5 450 829 824
Post-Run: 5 552 488 448
- - End Of File - - F3F8601A5BA47CFDA374B9F650CD1EF6
tuto webovou stránku znáte?http://www.wincustomize.com/skins.asp?library=26
>>>> stranka nenajdena
CRONS.EXE
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.20 -
AhnLab-V3 5.0.0.2 2010.04.20 -
AntiVir 7.10.6.142 2010.04.20 -
Antiy-AVL 2.0.3.7 2010.04.19 -
Authentium 5.2.0.5 2010.04.20 -
Avast 4.8.1351.0 2010.04.20 -
Avast5 5.0.332.0 2010.04.20 -
AVG 9.0.0.787 2010.04.20 -
BitDefender 7.2 2010.04.20 -
CAT-QuickHeal 10.00 2010.04.20 -
ClamAV 0.96.0.3-git 2010.04.20 -
Comodo 4652 2010.04.20 -
DrWeb 5.0.2.03300 2010.04.20 -
eSafe 7.0.17.0 2010.04.18 Win32.Looked.BK
eTrust-Vet 35.2.7436 2010.04.20 -
F-Prot 4.5.1.85 2010.04.20 -
F-Secure 9.0.15370.0 2010.04.20 -
Fortinet 4.0.14.0 2010.04.20 -
GData 19 2010.04.20 -
Ikarus T3.1.1.80.0 2010.04.20 -
Jiangmin 13.0.900 2010.04.20 -
Kaspersky 7.0.0.125 2010.04.20 -
McAfee 5.400.0.1158 2010.04.20 -
McAfee-GW-Edition 6.8.5 2010.04.20 -
Microsoft 1.5703 2010.04.20 -
NOD32 5043 2010.04.20 -
Norman 6.04.11 2010.04.20 -
nProtect 2010-04-20.01 2010.04.20 -
Panda 10.0.2.7 2010.04.19 -
PCTools 7.0.3.5 2010.04.20 -
Prevx 3.0 2010.04.20 -
Rising 22.44.01.03 2010.04.20 -
Sophos 4.52.0 2010.04.20 -
Sunbelt 6199 2010.04.20 -
Symantec 20091.2.0.41 2010.04.20 -
TheHacker 6.5.2.0.265 2010.04.19 -
TrendMicro 9.120.0.1004 2010.04.20 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.20 -
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.19 -
Additional information
File size: 39424 bytes
MD5...: 611d62fd3c22dad606a26d3ab00a9360
SHA1..: ed18454f654d5b19aeef531805df7bf051ea9909
SHA256: b6be19c4925609de30a787647e46440a8bd85e398bc4101aee5d8bd66604092f
ssdeep: 768:LBFqMpLKRRGReQw5SHcIImr0l3SmI/GqS/:9FqsLKRwf8eS3SmI/c/
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x807c
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)
( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x70a0 0x7200 6.58 01760dfce39f3e55a7613e0490019cf1
DATA 0x9000 0x19c 0x200 3.62 4ad51996f46b4c1a382b944f277a3db9
BSS 0xa000 0x560 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0xb000 0x57c 0x600 4.17 af821d527eccf1ebac927c55de15ee73
.tls 0xc000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xd000 0x18 0x200 0.20 67c6f08ad59a25de1d0086b839500bc5
.reloc 0xe000 0x630 0x800 5.72 99358d08409584f2c6a6db82cda6928b
.rsrc 0xf000 0x1200 0x1200 3.58 be64cf073bdada775644b56ad448ece5
( 7 imports )
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, SetCurrentDirectoryA, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, GetCurrentDirectoryA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, ExitProcess, CreateFileA, CloseHandle
> user32.dll: MessageBoxA
> oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
> kernel32.dll: Sleep, SetThreadPriority, SetPriorityClass, GetVersionExA, GetSystemDefaultLCID, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetCurrentThread, GetCurrentProcess, CreateMutexA, CloseHandle
> user32.dll: MessageBoxA, LoadStringA
> winmm.dll: timeSetEvent, timeKillEvent
> shell32.dll: ShellExecuteA
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Borland Delphi 3 (87.6%)
Win32 Executable Delphi generic (4.9%)
Win32 Executable Generic (2.8%)
Win32 Dynamic Link Library (generic) (2.5%)
Win16/32 Executable Delphi generic (0.6%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
SVChost
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.20 -
AhnLab-V3 5.0.0.2 2010.04.20 -
AntiVir 7.10.6.142 2010.04.20 -
Antiy-AVL 2.0.3.7 2010.04.19 -
Authentium 5.2.0.5 2010.04.20 -
Avast 4.8.1351.0 2010.04.20 -
Avast5 5.0.332.0 2010.04.20 -
AVG 9.0.0.787 2010.04.20 -
BitDefender 7.2 2010.04.20 -
CAT-QuickHeal 10.00 2010.04.20 -
ClamAV 0.96.0.3-git 2010.04.20 -
Comodo 4652 2010.04.20 -
DrWeb 5.0.2.03300 2010.04.20 -
eSafe 7.0.17.0 2010.04.18 -
eTrust-Vet 35.2.7436 2010.04.20 -
F-Prot 4.5.1.85 2010.04.20 -
F-Secure 9.0.15370.0 2010.04.20 -
Fortinet 4.0.14.0 2010.04.20 -
GData 19 2010.04.20 -
Ikarus T3.1.1.80.0 2010.04.20 -
Jiangmin 13.0.900 2010.04.20 -
Kaspersky 7.0.0.125 2010.04.20 -
McAfee 5.400.0.1158 2010.04.20 W32/Wecorl.a
McAfee-GW-Edition 6.8.5 2010.04.20 -
Microsoft 1.5703 2010.04.20 -
NOD32 5043 2010.04.20 -
Norman 6.04.11 2010.04.20 -
nProtect 2010-04-20.01 2010.04.20 -
Panda 10.0.2.7 2010.04.19 -
PCTools 7.0.3.5 2010.04.20 -
Prevx 3.0 2010.04.20 -
Rising 22.44.01.03 2010.04.20 -
Sophos 4.52.0 2010.04.20 -
Sunbelt 6199 2010.04.20 -
Symantec 20091.2.0.41 2010.04.20 -
TheHacker 6.5.2.0.265 2010.04.19 -
TrendMicro 9.120.0.1004 2010.04.20 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.20 -
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.19 -
Additional information
File size: 14336 bytes
MD5...: be4a520e29b6391f49e79ccc52044d93
SHA1..: f87c6ea4a068ed7f515b20e5f5f22c0329403fad
SHA256: dd4fed011a9574094b0278e801686666441dfd3acd52e9f979cb85419dd04cf2
ssdeep: 384:SKvi+JmG6yqlCRaJt4RHS5LutGJae7g9VJnpWCNJbW:SocG6xlCRaJKGOA7S
HJ
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2509
timedatestamp.....: 0x48025bc0 (Sun Apr 13 19:15:12 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2c00 0x2c00 6.29 3fc505520ad9ee2f32bb888c6943d471
.data 0x4000 0x210 0x200 1.62 cbd504e46c836e09e8faabdcfbabaec2
.rsrc 0x5000 0x408 0x600 2.51 dcede0c303bbb48c6875eb64477e5882
( 4 imports )
> ADVAPI32.dll: RegQueryValueExW, SetSecurityDescriptorDacl, SetEntriesInAclW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, RegOpenKeyExW, StartServiceCtrlDispatcherW
> KERNEL32.dll: HeapFree, GetLastError, WideCharToMultiByte, lstrlenW, LocalFree, GetCurrentProcess, GetCurrentThread, GetProcAddress, LoadLibraryExW, LeaveCriticalSection, HeapAlloc, EnterCriticalSection, LCMapStringW, FreeLibrary, lstrcpyW, ExpandEnvironmentStringsW, lstrcmpiW, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, SetUnhandledExceptionFilter, RegisterWaitForSingleObject, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, LocalAlloc, lstrcmpW, DelayLoadFailureHook
> ntdll.dll: NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, wcscat, wcscpy, RtlAllocateHeap, RtlCompareUnicodeString, RtlInitUnicodeString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtClose, RtlSubAuthorityCountSid, RtlGetDaclSecurityDescriptor, RtlQueryInformationAcl, RtlGetAce, RtlImageNtHeader, wcslen, RtlUnhandledExceptionFilter, RtlCopySid
> RPCRT4.dll: RpcServerUnregisterIfEx, RpcMgmtWaitServerListen, RpcMgmtSetServerStackSize, RpcServerUnregisterIf, RpcServerListen, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcMapWin32Status, RpcMgmtStopServerListening
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Generic Host Process for Win32 Services
original name: svchost.exe
internal name: svchost.exe
file version.: 5.1.2600.5512 (xpsp.080413-2111)
comments.....: n/a
signers......: -
signing date.: -
Re: Avira - 'TR/Crypt.XPACK.Gen [trojan], co s tym?
Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
DDS::
uInternet Connection Wizard,ShellNext = hxxp://www.wincustomize.com/skins.asp?library=26
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
lubomirkos
- Návštěvník
- Příspěvky: 11
- Registrován: 19 dub 2010 09:02
Re: Avira - 'TR/Crypt.XPACK.Gen [trojan], co s tym?
Tak tu je: inac uz je klud . . . takze neviem ci tam este niekde nieco ostalo . ..
ComboFix 10-04-20.01 - Lubo . 04. 2010 11:00:59.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3318.2727 [GMT 2:00]
Running from: c:\documents and settings\Lubo\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Lubo\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\dllcache\mspmsnsv.dll
.
((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.
2010-04-19 12:54 . 2010-04-19 12:56 -------- d-----w- C:\My Web Sites5
2010-04-19 12:32 . 2010-04-19 12:32 -------- d-----w- C:\My Web Sites3
2010-04-19 12:24 . 2010-04-19 12:25 -------- d-----w- C:\My Web Sites1
2010-04-19 11:40 . 2010-04-19 11:40 -------- d-----w- c:\program files\WinHTTrack
2010-04-19 11:09 . 2010-04-19 11:10 -------- d-----w- c:\windows\system32\NtmsData
2010-04-19 11:06 . 2010-04-19 11:06 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2010-04-19 11:06 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-19 11:06 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-19 11:06 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-19 11:06 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-19 11:06 . 2010-04-19 11:06 -------- d-----w- c:\program files\Avira
2010-04-19 09:44 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-19 09:44 . 2010-04-19 09:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 09:44 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-19 09:39 . 2010-04-19 09:39 -------- d-----w- C:\rsit
2010-04-19 07:11 . 2010-04-19 10:38 2836768 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-19 07:11 . 2010-04-19 10:38 20000 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-04-19 07:05 . 2010-04-19 08:57 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-04-19 07:01 . 2010-04-19 07:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-09 12:39 . 2010-04-20 12:05 -------- d-----w- C:\temp
2010-04-09 12:39 . 2010-03-31 08:32 -------- d---a-w- c:\temp\package
2010-04-09 12:26 . 2010-04-09 12:26 -------- d-----w- c:\windows\Cache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-20 12:12 . 2001-10-25 12:00 83474 ----a-w- c:\windows\system32\perfc005.dat
2010-04-20 12:12 . 2001-10-25 12:00 438050 ----a-w- c:\windows\system32\perfh005.dat
2010-04-19 10:38 . 2010-04-19 07:11 2924 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-04-19 10:38 . 2010-04-19 07:11 40112 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-11 20:06 . 2009-05-30 20:10 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-10 18:36 . 2004-08-17 13:49 14336 ----a-w- c:\windows\system32\svchost.exe
2010-04-07 20:01 . 2009-05-30 20:12 -------- d-----w- c:\program files\Skype
2010-03-12 09:36 . 2009-11-12 17:50 -------- d-----w- c:\program files\Windows Live
2010-03-09 11:46 . 2010-03-09 11:46 -------- d-----w- c:\program files\Vimicro
2010-03-09 11:46 . 2009-05-30 19:32 -------- d--h--w- c:\program files\InstallShield Installation Information
.
((((((((((((((((((((((((((((( SnapShot@2010-04-19_11.20.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-10-25 12:00 . 2010-04-19 11:09 72010 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2010-04-20 12:12 72010 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2010-04-20 12:12 441692 c:\windows\system32\perfh009.dat
- 2001-10-25 12:00 . 2010-04-19 11:09 441692 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"ASuite"="c:\asuite\asuite.exe" [2008-08-11 516608]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"BigDogPath323VMSnap"="c:\windows\VMSnap23.exe" [2007-06-29 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-6-17 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-6-17 651264]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2009-5-30 155648]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-6-3 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVerMedia\\AVerTV\\AVerTV.exe"=
"c:\\T\\FileZillaPortable\\App\\filezilla\\filezilla.exe"=
"c:\\T\\TeamViewer\\TeamViewer.exe"=
"d:\\xampplite\\apache\\bin\\httpd.exe"=
"d:\\xampplite\\mysql\\bin\\mysqld.exe"=
"c:\\T\\aMSNPortable\\App\\aMSN\\bin\\wish.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ASUS\\Wireless Router Utilities\\DiscoveryR.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\xampplite\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [19. 4. 2010 13:06 135336]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [17. 6. 2009 22:54 344064]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [17. 6. 2009 22:54 405504]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [12. 6. 2009 12:34 436480]
S3 CRON;Cron service;d:\zalohovanie\crons.exe [16. 5. 2000 0:30 60928]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [19. 4. 2010 11:44 38224]
S3 PORTMON;PORTMON;\??\c:\t\SysInternalsSuite\PORTMSYS.SYS --> c:\t\SysInternalsSuite\PORTMSYS.SYS [?]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [9. 3. 2010 13:47 476672]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\t\RealTemp\WinRing0.sys [2. 7. 2009 12:30 14416]
S3 ZSMC326;CANYON USB PC Camera;c:\windows\system32\drivers\usbvm323.sys [9. 3. 2010 13:47 260224]
.
.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-21 11:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1748)
c:\windows\system32\netprovcredman.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-04-21 11:05:56
ComboFix-quarantined-files.txt 2010-04-21 09:05
ComboFix.txt 2010-04-19 11:23
ComboFix2.txt 2010-04-20 12:11
Pre-Run: 5 380 648 960
Post-Run: 5 478 248 448
- - End Of File - - C116E44E2C9D6E0E8170E8A45E33BD7C
ComboFix 10-04-20.01 - Lubo . 04. 2010 11:00:59.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3318.2727 [GMT 2:00]
Running from: c:\documents and settings\Lubo\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Lubo\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\dllcache\mspmsnsv.dll
.
((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.
2010-04-19 12:54 . 2010-04-19 12:56 -------- d-----w- C:\My Web Sites5
2010-04-19 12:32 . 2010-04-19 12:32 -------- d-----w- C:\My Web Sites3
2010-04-19 12:24 . 2010-04-19 12:25 -------- d-----w- C:\My Web Sites1
2010-04-19 11:40 . 2010-04-19 11:40 -------- d-----w- c:\program files\WinHTTrack
2010-04-19 11:09 . 2010-04-19 11:10 -------- d-----w- c:\windows\system32\NtmsData
2010-04-19 11:06 . 2010-04-19 11:06 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2010-04-19 11:06 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-19 11:06 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-19 11:06 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-19 11:06 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-19 11:06 . 2010-04-19 11:06 -------- d-----w- c:\program files\Avira
2010-04-19 09:44 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-19 09:44 . 2010-04-19 09:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 09:44 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-19 09:39 . 2010-04-19 09:39 -------- d-----w- C:\rsit
2010-04-19 07:11 . 2010-04-19 10:38 2836768 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-19 07:11 . 2010-04-19 10:38 20000 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-04-19 07:05 . 2010-04-19 08:57 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-04-19 07:01 . 2010-04-19 07:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-09 12:39 . 2010-04-20 12:05 -------- d-----w- C:\temp
2010-04-09 12:39 . 2010-03-31 08:32 -------- d---a-w- c:\temp\package
2010-04-09 12:26 . 2010-04-09 12:26 -------- d-----w- c:\windows\Cache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-20 12:12 . 2001-10-25 12:00 83474 ----a-w- c:\windows\system32\perfc005.dat
2010-04-20 12:12 . 2001-10-25 12:00 438050 ----a-w- c:\windows\system32\perfh005.dat
2010-04-19 10:38 . 2010-04-19 07:11 2924 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-04-19 10:38 . 2010-04-19 07:11 40112 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-11 20:06 . 2009-05-30 20:10 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-10 18:36 . 2004-08-17 13:49 14336 ----a-w- c:\windows\system32\svchost.exe
2010-04-07 20:01 . 2009-05-30 20:12 -------- d-----w- c:\program files\Skype
2010-03-12 09:36 . 2009-11-12 17:50 -------- d-----w- c:\program files\Windows Live
2010-03-09 11:46 . 2010-03-09 11:46 -------- d-----w- c:\program files\Vimicro
2010-03-09 11:46 . 2009-05-30 19:32 -------- d--h--w- c:\program files\InstallShield Installation Information
.
((((((((((((((((((((((((((((( SnapShot@2010-04-19_11.20.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-10-25 12:00 . 2010-04-19 11:09 72010 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2010-04-20 12:12 72010 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2010-04-20 12:12 441692 c:\windows\system32\perfh009.dat
- 2001-10-25 12:00 . 2010-04-19 11:09 441692 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"ASuite"="c:\asuite\asuite.exe" [2008-08-11 516608]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"BigDogPath323VMSnap"="c:\windows\VMSnap23.exe" [2007-06-29 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-6-17 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-6-17 651264]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2009-5-30 155648]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-6-3 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVerMedia\\AVerTV\\AVerTV.exe"=
"c:\\T\\FileZillaPortable\\App\\filezilla\\filezilla.exe"=
"c:\\T\\TeamViewer\\TeamViewer.exe"=
"d:\\xampplite\\apache\\bin\\httpd.exe"=
"d:\\xampplite\\mysql\\bin\\mysqld.exe"=
"c:\\T\\aMSNPortable\\App\\aMSN\\bin\\wish.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ASUS\\Wireless Router Utilities\\DiscoveryR.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\xampplite\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [19. 4. 2010 13:06 135336]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [17. 6. 2009 22:54 344064]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [17. 6. 2009 22:54 405504]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [12. 6. 2009 12:34 436480]
S3 CRON;Cron service;d:\zalohovanie\crons.exe [16. 5. 2000 0:30 60928]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [19. 4. 2010 11:44 38224]
S3 PORTMON;PORTMON;\??\c:\t\SysInternalsSuite\PORTMSYS.SYS --> c:\t\SysInternalsSuite\PORTMSYS.SYS [?]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [9. 3. 2010 13:47 476672]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\t\RealTemp\WinRing0.sys [2. 7. 2009 12:30 14416]
S3 ZSMC326;CANYON USB PC Camera;c:\windows\system32\drivers\usbvm323.sys [9. 3. 2010 13:47 260224]
.
.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-21 11:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1748)
c:\windows\system32\netprovcredman.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-04-21 11:05:56
ComboFix-quarantined-files.txt 2010-04-21 09:05
ComboFix.txt 2010-04-19 11:23
ComboFix2.txt 2010-04-20 12:11
Pre-Run: 5 380 648 960
Post-Run: 5 478 248 448
- - End Of File - - C116E44E2C9D6E0E8170E8A45E33BD7C
Přispějete na provoz fóra?