Logfile of random's system information tool 1.06 (written by random/random)
Run by Ivana Chalupkova at 2011-05-04 20:32:38
Systém Microsoft Windows XP Professional
System drive C: has 2 GB (11%) free of 16 GB
Total RAM: 256 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:49, on 4.5.2011
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\QuickTime\qttask.exe
D:\SONY\SsAAD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
D:\SONY\SsAAD.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Ivana Chalupkova\Desktop\RSIT.exe
C:\Program Files\trend micro\Ivana Chalupkova.exe
D:\FILMY\Mozila\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] D:\SONY\SsAAD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA driver monitor] c:\windows\nvsvc32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.globtelnet.sk
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7690978-C4CB-41FF-9156-062FE04473C6}: NameServer = 217.73.17.39
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: datcom - C:\WINDOWS\
O23 - Service: EFD907FC - Unknown owner - C:\WINDOWS\System32\ADE54C8.EXE (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - D:\Programy\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - D:\Programy\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
--
End of file - 5810 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2007-12-21 1443072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]
"SsAAD.exe"=D:\SONY\SsAAD.exe [2006-01-07 81920]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\System32\ctfmon.exe [2001-08-23 13312]
"NVIDIA driver monitor"=c:\windows\nvsvc32.exe []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2001-08-02 1077277]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2002-12-17 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe [2003-03-11 172032]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe -minimize []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
D:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
D:\Programy\Spyware Doctor\SDTrayApp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2002-11-19 46592]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
D:\Programy\Spybot - Search & Destroy\TeaTimer.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
D:\SONY\SsAAD.exe [2006-01-07 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
D:\K510\Reader\AdobeUpdateManager.exe AcRdB7_0_9 []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
D:\K510\Reader\READER~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
C:\PROGRA~1\MICROS~2\Office\1051\OLFSNT40.EXE []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\datcom]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oty20.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\syncm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wincg73.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winch62.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windh84.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windi04.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windi05.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windi16.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windi40.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windi48.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windj62.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windp48.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winei52.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winei73.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winej16.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winej27.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winej83.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfj51.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfj84.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk26.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk50.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk83.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingk05.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingk40.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingl26.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingl72.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhm40.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winim38.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winim51.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winin04.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winin27.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winin51.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winin73.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winin84.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjn83.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjo62.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkp38.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkp84.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlp40.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winns48.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winos27.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winos51.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winot37.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winot50.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winot51.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winot84.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpt16.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpt84.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpu05.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpu27.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpu40.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqu38.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqv62.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrv05.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrw38.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrw84.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrx16.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsw38.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsw50.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsx72.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wintx40.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winty05.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winua04.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winua27.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winva26.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvb04.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvb27.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvb37.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwc04.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwc50.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxd38.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winyd50.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winyd83.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winye51.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Oty20.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\syncm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wincg73.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winch62.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Windh84.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Windi04.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Windi05.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Windi16.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Windi40.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Windi48.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Windj62.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Windp48.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winei52.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winei73.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winej16.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winej27.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winej83.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winfj51.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winfj84.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winfk26.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winfk50.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winfk83.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wingk05.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wingk40.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wingl26.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wingl72.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winhm40.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winim38.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winim51.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winin04.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winin27.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winin51.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winin73.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winin84.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winjn83.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winjo62.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winkp38.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winkp84.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winlp40.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winns48.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winos27.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winos51.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winot37.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winot50.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winot51.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winot84.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winpt16.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winpt84.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winpu05.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winpu27.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winpu40.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winqu38.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winqv62.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winrv05.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winrw38.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winrw84.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winrx16.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winsw38.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winsw50.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winsx72.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wintx40.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winty05.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winua04.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winua27.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winva26.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winvb04.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winvb27.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winvb37.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winwc04.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winwc50.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winxd38.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winyd50.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winyd83.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winye51.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000
"GreyMSIAds"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:explorer"
"C:\Documents and Settings\Ivana Chalupkova\Desktop\Download\facebook-pic00005267.exe"="c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2011-05-04 20:32:38 ----D---- C:\rsit
2011-05-04 19:52:33 ----A---- C:\WINDOWS\ntbtlog.txt
2011-04-22 15:45:02 ----SHD---- C:\FOUND.024
======List of files/folders modified in the last 1 months======
2011-04-27 23:11:20 ----A---- C:\WINDOWS\SchedLgU.Txt
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:\WINDOWS\System32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdir;epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-09-03 54368]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\Aspi32.sys [1999-09-10 25244]
R2 eamon;EAMON; C:\WINDOWS\System32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 hwpsgt;hwpsgt; C:\WINDOWS\System32\DRIVERS\hwpsgt.sys [2007-03-20 137344]
R2 lemsgt;lemsgt; C:\WINDOWS\System32\DRIVERS\lemsgt.sys [2007-03-20 9472]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2001-08-23 84864]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-08-23 55936]
R2 STEC3;STEC3; \??\C:\WINDOWS\System32\STEC3.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-11-27 730700]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\AN983.sys [2001-08-17 34112]
R3 ati2mtaa;ati2mtaa; C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys [2002-01-12 295168]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2001-08-17 509353]
R3 NtApm;NT Apm/Legacy Interface Driver; C:\WINDOWS\System32\DRIVERS\NtApm.sys [2001-08-17 9344]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [2001-08-23 155648]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2001-08-17 50688]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-17 21760]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2001-08-17 18944]
S1 syncm;Sync Service; C:\WINDOWS\system32\syncm.sys []
S3 ati2mpaa;ati2mpaa; C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys [2001-08-17 281856]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\System32\DRIVERS\ENTECH.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2001-08-23 37760]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:\WINDOWS\System32\DRIVERS\SE2Ebus.sys [2006-11-10 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\SE2Emdfl.sys [2006-11-10 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver; C:\WINDOWS\System32\DRIVERS\SE2Emdm.sys [2006-11-10 97184]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM); C:\WINDOWS\System32\DRIVERS\SE2Emgmt.sys [2006-11-10 88688]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface; C:\WINDOWS\System32\DRIVERS\SE2Eobex.sys [2006-11-10 86560]
S3 se45bus;Sony Ericsson Device 069 driver (WDM); C:\WINDOWS\System32\DRIVERS\se45bus.sys [2006-11-30 61536]
S3 se45mdfl;Sony Ericsson Device 069 USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\se45mdfl.sys [2006-11-30 9360]
S3 se45mdm;Sony Ericsson Device 069 USB WMC Modem Driver; C:\WINDOWS\System32\DRIVERS\se45mdm.sys [2006-11-30 97088]
S3 se45mgmt;Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM); C:\WINDOWS\System32\DRIVERS\se45mgmt.sys [2006-11-30 88624]
S3 se45nd5;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS); C:\WINDOWS\System32\DRIVERS\se45nd5.sys [2006-11-30 18704]
S3 se45obex;Sony Ericsson Device 069 USB WMC OBEX Interface; C:\WINDOWS\System32\DRIVERS\se45obex.sys [2006-11-30 86432]
S3 se45unic;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM); C:\WINDOWS\System32\DRIVERS\se45unic.sys [2006-11-30 90800]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2001-08-17 24960]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2001-08-17 24832]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2001-08-17 13824]
S4 ACPI;ACPI; C:\WINDOWS\System32\drivers\ACPI.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\WINDOWS\TEMP\mc21.tmp []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\System32\svchost.exe [2001-08-23 12800]
R2 TUWinStylerThemeSvc;TuneUp WinStyler Theme Service; C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe [2004-08-05 117760]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Design Expansion; C:\WINDOWS\System32\svchost.exe [2001-08-23 12800]
S2 EFD907FC;EFD907FC; C:\WINDOWS\System32\ADE54C8.EXE -k []
S2 sdAuxService;PC Tools Auxiliary Service; D:\Programy\Spyware Doctor\svcntaux.exe []
S2 sdCoreService;PC Tools Security Service; D:\Programy\Spyware Doctor\swdsvc.exe []
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2007-12-21 19200]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-11-24 53337]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-11-24 53337]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-12-10 353280]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-11-24 69718]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2006-01-06 69632]
-----------------EOF-----------------
ComboFix 11-05-04.02 - N/A 04.05.2011 21:32:28.1.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.0.1250.421.1033.18.256.95 [GMT 2:00]
Running from: c:\documents and settings\n/a\Desktop\Download\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ivana Chalupkova\Application Data\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\Ivana Chalupkova\WINDOWS
c:\windows\desktop
c:\windows\desktop\EA Hot Titles!.exe
c:\windows\system32\restart.exe
c:\windows\system32\STEC3.sys
c:\windows\system32\system.dll
.
c:\windows\system32\qmgr.dll . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FFI
-------\Legacy_STEC3
-------\Service_STEC3
-------\Service_syncm
.
.
((((((((((((((((((((((((( Files Created from 2011-04-04 to 2011-05-04 )))))))))))))))))))))))))))))))
.
.
2011-05-04 18:32 . 2011-05-04 18:32 -------- d-----w- C:\rsit
2011-04-22 13:45 . 2011-04-22 13:45 -------- d-----w- C:\FOUND.024
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
------- Sigcheck -------
.
.
.
[-] 2004-07-09 02:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\d3d9.dll
.
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2001-08-02 1077277]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"SsAAD.exe"="d:\sony\SsAAD.exe" [2006-01-07 81920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2001-08-23 13312]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"GreyMSIAds"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
2002-12-02 18:56 40960 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2002-12-17 09:40 49152 ----a-r- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-03-11 09:08 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-04-27 07:41 282624 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2002-11-19 13:01 46592 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-01-07 00:36 81920 ------w- d:\sony\SSAAD.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AtiPTA"=atiptaxx.exe
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3.2.2008 18:35 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 8:21 468224]
R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [24.10.2003 18:59 9344]
S2 EFD907FC;EFD907FC;c:\windows\System32\ADE54C8.EXE -k --> c:\windows\System32\ADE54C8.EXE -k [?]
S2 sdAuxService;PC Tools Auxiliary Service;d:\programy\Spyware Doctor\svcntaux.exe --> d:\programy\Spyware Doctor\svcntaux.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mchInjDrv
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2004\SystemOptimizer.exe [2004-08-10 17:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {C7690978-C4CB-41FF-9156-062FE04473C6} = 217.73.17.39
FF - ProfilePath - c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - Ext: Megaupload Toolbar: {991A772A-BA13-4c1d-A9EF-F897F31DEC7D} - %profile%\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\filmy\Mozila\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
SafeBoot-Oty20.sys
SafeBoot-syncm.sys
SafeBoot-Wincg73.sys
SafeBoot-Winch62.sys
SafeBoot-Windh84.sys
SafeBoot-Windi04.sys
SafeBoot-Windi05.sys
SafeBoot-Windi16.sys
SafeBoot-Windi40.sys
SafeBoot-Windi48.sys
SafeBoot-Windj62.sys
SafeBoot-Windp48.sys
SafeBoot-Winei52.sys
SafeBoot-Winei73.sys
SafeBoot-Winej16.sys
SafeBoot-Winej27.sys
SafeBoot-Winej83.sys
SafeBoot-Winfj51.sys
SafeBoot-Winfj84.sys
SafeBoot-Winfk26.sys
SafeBoot-Winfk50.sys
SafeBoot-Winfk83.sys
SafeBoot-Wingk05.sys
SafeBoot-Wingk40.sys
SafeBoot-Wingl26.sys
SafeBoot-Wingl72.sys
SafeBoot-Winhm40.sys
SafeBoot-Winim38.sys
SafeBoot-Winim51.sys
SafeBoot-Winin04.sys
SafeBoot-Winin27.sys
SafeBoot-Winin51.sys
SafeBoot-Winin73.sys
SafeBoot-Winin84.sys
SafeBoot-Winjn83.sys
SafeBoot-Winjo62.sys
SafeBoot-Winkp38.sys
SafeBoot-Winkp84.sys
SafeBoot-Winlp40.sys
SafeBoot-Winns48.sys
SafeBoot-Winos27.sys
SafeBoot-Winos51.sys
SafeBoot-Winot37.sys
SafeBoot-Winot50.sys
SafeBoot-Winot51.sys
SafeBoot-Winot84.sys
SafeBoot-Winpt16.sys
SafeBoot-Winpt84.sys
SafeBoot-Winpu05.sys
SafeBoot-Winpu27.sys
SafeBoot-Winpu40.sys
SafeBoot-Winqu38.sys
SafeBoot-Winqv62.sys
SafeBoot-Winrv05.sys
SafeBoot-Winrw38.sys
SafeBoot-Winrw84.sys
SafeBoot-Winrx16.sys
SafeBoot-Winsw38.sys
SafeBoot-Winsw50.sys
SafeBoot-Winsx72.sys
SafeBoot-Wintx40.sys
SafeBoot-Winty05.sys
SafeBoot-Winua04.sys
SafeBoot-Winua27.sys
SafeBoot-Winva26.sys
SafeBoot-Winvb04.sys
SafeBoot-Winvb27.sys
SafeBoot-Winvb37.sys
SafeBoot-Winwc04.sys
SafeBoot-Winwc50.sys
SafeBoot-Winxd38.sys
SafeBoot-Winyd50.sys
SafeBoot-Winyd83.sys
SafeBoot-Winye51.sys
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe
MSConfigStartUp-AVG7_EMC - c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe
MSConfigStartUp-AVP - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
MSConfigStartUp-ICQ Lite - c:\program files\ICQLite\ICQLite.exe
MSConfigStartUp-PcSync - d:\nokia\Nokia PC Suite 6\PcSync2.exe
MSConfigStartUp-SDTray - d:\programy\Spyware Doctor\SDTrayApp.exe
MSConfigStartUp-SpybotSD TeaTimer - d:\programy\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSConfigStartUp-updateMgr - d:\k510\Reader\AdobeUpdateManager.exe
AddRemove-HijackThis - c:\documents and settings\Ivana Chalupkova\Desktop\HijackThis.exe
AddRemove-{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - c:\program files\NOS\bin\getPlus_HelperSvc.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-04 21:40
Windows 5.1.2600 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1757981266-706699826-1060284298-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\ODBC32.dll
.
- - - - - - - > 'lsass.exe'(632)
c:\windows\System32\dssenh.dll
.
- - - - - - - > 'explorer.exe'(440)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1051\OWCI11.DLL
c:\windows\System32\MSCTF.dll
c:\windows\System32\mlang.dll
c:\windows\System32\mshtml.dll
c:\windows\System32\msimtf.dll
c:\windows\System32\MSLS31.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2011-05-04 21:44:42 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-04 19:44
.
Pre-Run: 1 697 734 656 bytes free
Post-Run: 1 897 848 832 bytes free
.
WinXP_EN_PRO_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /TUTag=W2C5G8 /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /fastdetect /TUTag=W2C5G8-BAK
.
- - End Of File - - 87054E1A472FCD89C1F0E5E04A29D4AB
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
rsit a cfx log
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: rsit a cfx log
Zdravim a pekny vecer preji
Vas log se studuje
a pracuje se na nem 
.
Prosim o strpeni!
Vas log se studuje
a pracuje se na nem .Prosim o strpeni!
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: rsit a cfx log
Combofix se nedoporucuje pouzivate bez zkusene osoby - vizte nize Nebezpeci CFka
- Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
- Maze stopy po haveti, takze v logu z RSIT neni nic videt
- Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
- CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
- CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Driver:: mchInjDrv EFD907FC DDS:: uStart Page = hxxp://start.icq.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Firefox:: FF - ProfilePath - c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - Ext: Megaupload Toolbar: {991A772A-BA13-4c1d-A9EF-F897F31DEC7D} - %profile%\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D} File:: c:\windows\TEMP\mc21.tmp c:\windows\System32\ADE54C8.EXE C:\Documents and Settings\Ivana Chalupkova\Desktop\Download\facebook-pic00005267.exe¨ Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"=- "QuickTime Task"=- "SsAAD.exe"=- [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\Explorer.EXE"=- "C:\Documents and Settings\Ivana Chalupkova\Desktop\Download\facebook-pic00005267.exe"=- Restore:: c:\windows\System32\wscntfy.exe c:\windows\System32\xmlprov.dll c:\windows\system32\d3d9.dll c:\windows\system32\qmgr.dll Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: rsit a cfx log
ComboFix 11-05-04.04 - Ivana Chalupkova 05.05.2011 21:23:46.2.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.0.1250.421.1033.18.256.5 [GMT 2:00]
Running from: c:\documents and settings\Ivana Chalupkova\Desktop\Download\ComboFix.exe
Command switches used :: c:\documents and settings\Ivana Chalupkova\Desktop\Download\CFScript.txt
* Resident AV is active
.
.
FILE ::
"c:\documents and settings\Ivana Chalupkova\Desktop\Download\facebook-pic00005267.exe¨"
"c:\windows\System32\ADE54C8.EXE"
"c:\windows\TEMP\mc21.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\components\dtfox-service.js
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome.manifest
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\cache\alexa_59c27372101454208f9ff1fa0d583de5.xml
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\cache\alexa_8e862a8004f2594c55efefd76a33c4e2.xml
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\cache\alexa_c7630068ac30e3155cb6e3e9a6358bd4.xml
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\cache\alexa_cache.xml
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\cache\alexa_cb7b24335981b8cca9897593314791e5.xml
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\cache\alexa_db9158dbb72bacf65b94addb44602c4f.xml
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\cache\megauper.exe
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\cache\overlay.dtd
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\cache\overlay.xml
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\cache\overlay3.xml
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\megaupload.jar
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\install.rdf
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\META-INF\MANIFEST.MF
.
c:\windows\system32\d3d9.dll . . . is infected!!
.
c:\windows\system32\qmgr.dll . . . is infected!!
.
c:\windows\System32\wscntfy.exe . . . is infected!!
.
c:\windows\System32\xmlprov.dll . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EFD907FC
-------\Legacy_MCHINJDRV
-------\Service_EFD907FC
-------\Service_mchInjDrv
.
.
((((((((((((((((((((((((( Files Created from 2011-04-05 to 2011-05-05 )))))))))))))))))))))))))))))))
.
.
2011-05-04 18:32 . 2011-05-04 18:32 -------- d-----w- C:\rsit
2011-04-22 13:45 . 2011-04-22 13:45 -------- d-----w- C:\FOUND.024
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
------- Sigcheck -------
.
.
.
[-] 2004-07-09 02:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\d3d9.dll
.
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2011-05-04_19.40.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-05 19:16 . 2011-05-05 19:16 235168 c:\windows\system32\Macromed\Flash\FlashUtil10p_Plugin.exe
+ 2004-06-06 20:16 . 2011-05-05 19:21 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2004-06-06 20:16 . 2011-05-04 19:30 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-02-03 01:15 . 2011-05-05 19:16 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"ATIPTA"="atiptaxx.exe" [2002-01-11 311296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2001-08-23 13312]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"GreyMSIAds"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
2002-12-02 18:56 40960 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-03-11 09:08 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2002-11-19 13:01 46592 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-01-07 00:36 81920 ------w- d:\sony\SSAAD.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AtiPTA"=atiptaxx.exe
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3.2.2008 18:35 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 8:21 468224]
R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [24.10.2003 18:59 9344]
S2 sdAuxService;PC Tools Auxiliary Service;d:\programy\Spyware Doctor\svcntaux.exe --> d:\programy\Spyware Doctor\svcntaux.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MCHINJDRV
*Deregistered* - mchInjDrv
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2004\SystemOptimizer.exe [2004-08-10 17:49]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {C7690978-C4CB-41FF-9156-062FE04473C6} = 217.73.17.39
FF - ProfilePath - c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\filmy\Mozila\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-05 21:31
Windows 5.1.2600 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1757981266-706699826-1060284298-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\ODBC32.dll
.
- - - - - - - > 'lsass.exe'(636)
c:\windows\System32\dssenh.dll
.
- - - - - - - > 'explorer.exe'(420)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1051\OWCI11.DLL
c:\windows\System32\MSCTF.dll
c:\windows\System32\mlang.dll
c:\windows\System32\mshtml.dll
c:\windows\System32\msimtf.dll
c:\windows\System32\MSLS31.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\wdfmgr.exe
c:\windows\System32\atiptaxx.exe
c:\program files\Winamp\winampa.exe
.
**************************************************************************
.
Completion time: 2011-05-05 21:35:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-05 19:35
ComboFix2.txt 2011-05-04 19:44
.
Pre-Run: 1 888 100 352 bytes free
Post-Run: 1 874 509 824 voľných bajtov
.
- - End Of File - - 59345D3B77731C59A0DB945B1E14772E
Systém Microsoft Windows XP Professional 5.1.2600.0.1250.421.1033.18.256.5 [GMT 2:00]
Running from: c:\documents and settings\Ivana Chalupkova\Desktop\Download\ComboFix.exe
Command switches used :: c:\documents and settings\Ivana Chalupkova\Desktop\Download\CFScript.txt
* Resident AV is active
.
.
FILE ::
"c:\documents and settings\Ivana Chalupkova\Desktop\Download\facebook-pic00005267.exe¨"
"c:\windows\System32\ADE54C8.EXE"
"c:\windows\TEMP\mc21.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\components\dtfox-service.js
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome.manifest
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\cache\alexa_59c27372101454208f9ff1fa0d583de5.xml
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\cache\alexa_8e862a8004f2594c55efefd76a33c4e2.xml
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\cache\alexa_c7630068ac30e3155cb6e3e9a6358bd4.xml
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\cache\alexa_cache.xml
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\cache\alexa_cb7b24335981b8cca9897593314791e5.xml
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\cache\alexa_db9158dbb72bacf65b94addb44602c4f.xml
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\cache\megauper.exe
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\cache\overlay.dtd
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\cache\overlay.xml
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\cache\overlay3.xml
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\megaupload.jar
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\install.rdf
c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\META-INF\MANIFEST.MF
.
c:\windows\system32\d3d9.dll . . . is infected!!
.
c:\windows\system32\qmgr.dll . . . is infected!!
.
c:\windows\System32\wscntfy.exe . . . is infected!!
.
c:\windows\System32\xmlprov.dll . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EFD907FC
-------\Legacy_MCHINJDRV
-------\Service_EFD907FC
-------\Service_mchInjDrv
.
.
((((((((((((((((((((((((( Files Created from 2011-04-05 to 2011-05-05 )))))))))))))))))))))))))))))))
.
.
2011-05-04 18:32 . 2011-05-04 18:32 -------- d-----w- C:\rsit
2011-04-22 13:45 . 2011-04-22 13:45 -------- d-----w- C:\FOUND.024
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
------- Sigcheck -------
.
.
.
[-] 2004-07-09 02:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\d3d9.dll
.
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2011-05-04_19.40.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-05 19:16 . 2011-05-05 19:16 235168 c:\windows\system32\Macromed\Flash\FlashUtil10p_Plugin.exe
+ 2004-06-06 20:16 . 2011-05-05 19:21 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2004-06-06 20:16 . 2011-05-04 19:30 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-02-03 01:15 . 2011-05-05 19:16 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"ATIPTA"="atiptaxx.exe" [2002-01-11 311296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2001-08-23 13312]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"GreyMSIAds"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
2002-12-02 18:56 40960 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-03-11 09:08 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2002-11-19 13:01 46592 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-01-07 00:36 81920 ------w- d:\sony\SSAAD.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AtiPTA"=atiptaxx.exe
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3.2.2008 18:35 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 8:21 468224]
R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [24.10.2003 18:59 9344]
S2 sdAuxService;PC Tools Auxiliary Service;d:\programy\Spyware Doctor\svcntaux.exe --> d:\programy\Spyware Doctor\svcntaux.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MCHINJDRV
*Deregistered* - mchInjDrv
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2004\SystemOptimizer.exe [2004-08-10 17:49]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {C7690978-C4CB-41FF-9156-062FE04473C6} = 217.73.17.39
FF - ProfilePath - c:\documents and settings\Ivana Chalupkova\Application Data\Mozilla\Firefox\Profiles\2z2g5sic.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\filmy\Mozila\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-05 21:31
Windows 5.1.2600 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1757981266-706699826-1060284298-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\ODBC32.dll
.
- - - - - - - > 'lsass.exe'(636)
c:\windows\System32\dssenh.dll
.
- - - - - - - > 'explorer.exe'(420)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1051\OWCI11.DLL
c:\windows\System32\MSCTF.dll
c:\windows\System32\mlang.dll
c:\windows\System32\mshtml.dll
c:\windows\System32\msimtf.dll
c:\windows\System32\MSLS31.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\wdfmgr.exe
c:\windows\System32\atiptaxx.exe
c:\program files\Winamp\winampa.exe
.
**************************************************************************
.
Completion time: 2011-05-05 21:35:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-05 19:35
ComboFix2.txt 2011-05-04 19:44
.
Pre-Run: 1 888 100 352 bytes free
Post-Run: 1 874 509 824 voľných bajtov
.
- - End Of File - - 59345D3B77731C59A0DB945B1E14772E
Re: rsit a cfx log
Mate instalacni CD od windows 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: rsit a cfx log
- Nájde sa ale so SP3.
Re: rsit a cfx log
Uvolnete volne misto alespon na 8 giga Provedte opravnou instalaci dle navodu kolegy
Čarls píše:
vlozte instalacni cd do CD rom, nechte nabootovat (predtim ovsem v biosu nastavte first booting device CD rom), chvili vyckejte; pote se zobrazi prvni obrazovka, kde klavesou Enter potvrdte spusteni instalace Windows, v dalsi obrazovce klavesou F8 potvrdte licencni ujednani, v dalsi obrazovce pak klavesou R zvolte Opravit stavajici instalaci Windows
podrobny postup zde
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?