Dobrý večer, prosím o preventivní kontrolu logu z RSIT, člověk nikdy neví. Mám Windows XP. Zde je log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-10-16 18:50:54
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 102 GB (45%) free of 228 GB
Total RAM: 2031 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51:11, on 16.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\Total Commander\TOTALCMD.EXE
c:\program files\winamp\winamp.exe
c:\Ondra\Staženo\RSIT.exe
C:\Program Files\trend micro\Administrator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.volny.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\SnagIt 7\SnagItBHO.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {490aca7c-0c96-42b4-8f86-49903ba61fd7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {858FDE05-345A-4182-B40A-FC23A3A56924} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: (no name) - {AE18A53A-8FB0-4F90-B1D5-03CB51E4AB7B} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: {ee3784b6-8638-fd9a-83d4-f06f2d16f0ec} - {ce0f61d2-f60f-4d38-a9df-83686b4873ee} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [KB923561] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - HKCU\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\tepepife.dll c:\windows\system32\veyevida.dll,c:\progra~1\Manson\liser.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: xxyWqomM - xxyWqomM.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
--
End of file - 11370 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
HelperObject Class - C:\Program Files\SnagIt 7\SnagItBHO.dll [2005-10-14 49152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2008-07-11 1190912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-23 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{490aca7c-0c96-42b4-8f86-49903ba61fd7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{858FDE05-345A-4182-B40A-FC23A3A56924}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-08 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE18A53A-8FB0-4F90-B1D5-03CB51E4AB7B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-30 762864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-10-08 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce0f61d2-f60f-4d38-a9df-83686b4873ee}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\SnagIt 7\SnagItIEAddin.dll [2005-10-14 131072]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\ctbr.dll [2008-07-11 1190912]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-08 256112]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-07-21 86016]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2006-05-12 1138688]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"CloneCDElbyCDFL"=C:\Program Files\CloneCD\ElbyCheck.exe [2002-11-02 45056]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2006-12-22 497176]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2006-12-22 756248]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-10-05 2023704]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KB923561"=apphelp.dll,ShimFlushCache []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-07 39408]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"=cmd.exe /C cscript C:\WINDOWS\Installer\TSClientMsiTrans\tscuinst.vbs []
"TSClientAXDisabler"=cmd.exe /C C:\WINDOWS\Installer\TSClientMsiTrans\tscdsbl.bat []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\11827344]
C:\Documents and Settings\All Users\Data aplikací\11827344\11827344.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6bdd86f3]
C:\WINDOWS\system32\kuvimulo.dll,b []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\91837336]
C:\Documents and Settings\All Users\Data aplikací\91837336\91837336.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdslTaskBar]
stmctrl.dll,TaskBar []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM68eeb56f]
c:\windows\system32\veyevida.dll,a []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit]
C:\WINDOWS\system32\drivers\hldrrr.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fowibekuli]
C:\WINDOWS\system32\doluwuhi.dll,s []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kell]
C:\program Files\Manson\liser.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mule_st_key]
C:\Documents and Settings\Administrator\Data aplikací\m\flec006.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysldtray]
C:\windows\ld09.exe []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\tepepife.dll c:\windows\system32\veyevida.dll,c:\progra~1\Manson\liser.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-23 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-07-21 147456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyWqomM]
xxyWqomM.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{858FDE05-345A-4182-B40A-FC23A3A56924}"= []
"{f3bc3c18-0645-4a1f-a023-baf82af08d47}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\ddcYsTlJ
"notification packages"=scecli
C:\WINDOWS\system32\tepepife.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Hry\Warcraft III\Warcraft III.exe"="C:\Hry\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ Library"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"="C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe:*:Enabled:NMIndexingService"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2006344d-c9b0-11dd-a4d8-000ffe6b1600}]
shell\AutoRun\command - L:\nideiect.com
shell\explore\command - L:\nideiect.com
shell\open\command - L:\nideiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46a39827-ae80-11dd-a46c-000ffe6b1600}]
shell\AutoRun\command - nideiect.com
shell\explore\command - nideiect.com
shell\open\command - nideiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0f262c8-8f8d-11dd-a3e8-000ffe6b1600}]
shell\AutoRun\command - nideiect.com
shell\explore\command - nideiect.com
shell\open\command - nideiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f262cb30-91f8-11dc-a12d-000ffe6b1600}]
shell\AutoRun\command - nideiect.com
shell\explore\command - nideiect.com
shell\open\command - nideiect.com
======File associations======
.js - open - NOTEPAD.EXE %1
.reg - open - NOTEPAD.EXE %1
.scr - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1
======List of files/folders created in the last 1 months======
2009-10-16 18:50:55 ----D---- C:\Program Files\trend micro
2009-10-16 18:50:54 ----D---- C:\rsit
2009-10-16 18:31:42 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-10-16 18:31:32 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-10-16 18:31:26 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-10-16 18:31:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-10-16 18:31:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-10-16 18:31:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-10-16 18:31:03 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-10-16 18:30:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-10-16 18:30:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-10-16 18:30:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-10-16 18:30:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-10-16 18:30:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-10-16 18:30:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-10-16 18:30:14 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-10-16 18:30:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-10-16 18:30:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-10-16 18:29:48 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-10-16 18:29:39 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-10-16 18:29:37 ----D---- C:\WINDOWS\LastGood
2009-10-16 18:26:19 ----A---- C:\WINDOWS\setuplog.txt
2009-10-16 18:25:26 ----D---- C:\WINDOWS\system32\cs
2009-10-16 18:25:26 ----D---- C:\WINDOWS\system32\bits
2009-10-16 18:25:26 ----D---- C:\WINDOWS\l2schemas
2009-10-16 18:22:51 ----D---- C:\WINDOWS\ServicePackFiles
2009-10-16 18:18:21 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-10-16 17:44:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2009-10-16 17:25:04 ----D---- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools Lite
2009-10-14 18:22:48 ----HD---- C:\$AVG8.VAULT$
2009-10-14 18:05:54 ----D---- C:\Program Files\Gabest
2009-10-14 18:04:38 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-10-14 18:04:37 ----D---- C:\Program Files\Xvid
2009-10-14 18:00:22 ----D---- C:\Program Files\AVI ReComp
2009-10-14 17:10:31 ----D---- C:\Program Files\AviSynth 2.5
2009-10-14 17:05:57 ----D---- C:\MTV_OUTPUT
2009-10-10 10:30:29 ----D---- C:\Program Files\Revo Uninstaller
2009-10-10 09:44:34 ----D---- C:\Program Files\Common Files\Skype
2009-10-10 09:35:57 ----D---- C:\Program Files\CCleaner
2009-10-01 16:58:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Friday's games
2009-09-21 13:43:10 ----SHD---- C:\Config.Msi
======List of files/folders modified in the last 1 months======
2009-10-16 18:50:55 ----RD---- C:\Program Files
2009-10-16 18:35:25 ----D---- C:\WINDOWS\security
2009-10-16 18:32:23 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-16 18:31:45 ----HD---- C:\WINDOWS\inf
2009-10-16 18:31:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-16 18:31:45 ----D---- C:\WINDOWS\system32
2009-10-16 18:31:44 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-10-16 18:31:44 ----D---- C:\WINDOWS
2009-10-16 18:31:33 ----D---- C:\Hry
2009-10-16 18:30:58 ----HD---- C:\WINDOWS\system32\drivers
2009-10-16 18:30:30 ----D---- C:\WINDOWS\system32\wbem
2009-10-16 18:30:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-16 18:29:49 ----D---- C:\WINDOWS\WinSxS
2009-10-16 18:29:41 ----D---- C:\WINDOWS\AppPatch
2009-10-16 18:28:41 ----D---- C:\WINDOWS\Temp
2009-10-16 18:25:41 ----D---- C:\Program Files\Messenger
2009-10-16 18:25:38 ----D---- C:\WINDOWS\system32\Setup
2009-10-16 18:25:38 ----D---- C:\WINDOWS\ehome
2009-10-16 18:25:37 ----D---- C:\WINDOWS\system32\inetsrv
2009-10-16 18:25:37 ----D---- C:\WINDOWS\network diagnostic
2009-10-16 18:25:37 ----D---- C:\WINDOWS\ime
2009-10-16 18:25:37 ----D---- C:\WINDOWS\Help
2009-10-16 18:25:27 ----D---- C:\WINDOWS\system32\usmt
2009-10-16 18:25:27 ----D---- C:\WINDOWS\system32\cs-cz
2009-10-16 18:25:26 ----SHD---- C:\WINDOWS\Installer
2009-10-16 18:25:26 ----D---- C:\WINDOWS\PeerNet
2009-10-16 18:25:26 ----D---- C:\Program Files\Movie Maker
2009-10-16 18:22:41 ----D---- C:\WINDOWS\system32\Restore
2009-10-16 18:22:41 ----D---- C:\WINDOWS\system32\npp
2009-10-16 18:22:40 ----D---- C:\WINDOWS\msagent
2009-10-16 18:22:38 ----D---- C:\WINDOWS\srchasst
2009-10-16 18:22:38 ----D---- C:\Program Files\NetMeeting
2009-10-16 18:22:37 ----D---- C:\WINDOWS\system32\Com
2009-10-16 18:22:35 ----D---- C:\Program Files\Windows Media Player
2009-10-16 18:22:34 ----D---- C:\Program Files\Windows NT
2009-10-16 18:22:34 ----D---- C:\Program Files\Outlook Express
2009-10-16 18:22:31 ----D---- C:\Program Files\Common Files\System
2009-10-16 18:22:21 ----RSD---- C:\WINDOWS\Fonts
2009-10-16 18:22:19 ----D---- C:\WINDOWS\system32\oobe
2009-10-16 18:22:17 ----D---- C:\WINDOWS\system
2009-10-16 18:20:16 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-10-16 18:12:52 ----D---- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2009-10-16 18:11:55 ----D---- C:\Program Files\ICQToolbar
2009-10-16 18:11:52 ----D---- C:\Program Files\Crawler
2009-10-16 18:11:14 ----D---- C:\Program Files\Mozilla Firefox
2009-10-16 17:26:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-15 16:58:51 ----A---- C:\WINDOWS\disney.ini
2009-10-15 16:58:50 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-14 19:06:51 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2009-10-14 17:21:11 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-11 16:13:42 ----D---- C:\Program Files\SnagIt 7
2009-10-10 11:17:29 ----D---- C:\WINDOWS\Debug
2009-10-10 11:14:32 ----D---- C:\Program Files\Common Files\Teleca Shared
2009-10-10 11:14:29 ----D---- C:\Program Files\Common Files
2009-10-10 11:14:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony Ericsson
2009-10-10 11:14:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-10 10:33:11 ----A---- C:\WINDOWS\system.ini
2009-10-10 09:58:16 ----D---- C:\hra
2009-10-10 09:44:35 ----RD---- C:\Program Files\Skype
2009-10-10 09:44:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2009-10-10 09:43:07 ----D---- C:\Documents and Settings\Administrator\Data aplikací\skypePM
2009-10-10 09:42:33 ----D---- C:\Ondra
2009-09-27 09:34:59 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Alawar
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-23 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-23 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-29 108552]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 nltdi;nltdi; C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 81688]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2004-01-27 9728]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-19 230400]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2002-11-28 15360]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2004-01-27 3840]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2006-12-06 44416]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-07-21 1095968]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-04 4306944]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120]
R3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2006-12-22 1683232]
R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2006-12-22 1963680]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2006-12-22 25632]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2006-12-15 41248]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2006-12-15 14240]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2006-12-15 936864]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-14 46592]
S1 srosa;Megadrv3; \??\C:\WINDOWS\system32\drivers\srosa.sys []
S1 sysdrv;sysdrv; \??\C:\Program Files\sys\sys.sys []
S1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
S2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
S3 ac97intc;Služba instalace zvukového ovladače Intel(r) (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTWUSB;%BTWUSB.SvcDesc%; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
S3 emu10k;Creative SB Live! Value (WDM); C:\WINDOWS\system32\drivers\emu10k1f.sys [2000-02-01 274487]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\System32\drivers\ctlface.sys [1999-09-01 9612]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-07-18 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2008-07-18 21672]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-06-26 47360]
S3 se45bus;Sony Ericsson Device 069 driver (WDM); C:\WINDOWS\system32\DRIVERS\se45bus.sys [2006-11-30 61536]
S3 se45mdfl;Sony Ericsson Device 069 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se45mdfl.sys [2006-11-30 9360]
S3 se45mdm;Sony Ericsson Device 069 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se45mdm.sys [2006-11-30 97088]
S3 se45mgmt;Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se45mgmt.sys [2006-11-30 88624]
S3 se45nd5;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS); C:\WINDOWS\system32\DRIVERS\se45nd5.sys [2006-11-30 18704]
S3 se45obex;Sony Ericsson Device 069 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se45obex.sys [2006-11-30 86432]
S3 se45unic;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM); C:\WINDOWS\system32\DRIVERS\se45unic.sys [2006-11-30 90800]
S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\System32\drivers\sfman.sys [1999-08-25 41524]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 adpu320;adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [2002-05-08 105472]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]
S4 Symmpi;Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [2002-04-04 28416]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-23 297752]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTSvcCDA.exe [1999-12-13 44032]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2006-12-22 109344]
R2 nlsvc;NetLimiter; C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe [2007-04-23 491520]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2007-04-13 540448]
R2 ProtexisLicensing;ProtexisLicensing; C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [2006-11-02 174656]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\PROGRA~1\SPYWAR~1\sp_rsser.exe [2008-08-20 570880]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2006-12-22 105248]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-06-13 364544]
S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2007-08-10 26488]
S2 sys;sys; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-17 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Preventivka
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Preventivka
Dobrý večer 
Něco se mi v logu nelíbí, pro jistotu použijeme combofix
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-souhlaste s instalací konzole pro zotavení
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Něco se mi v logu nelíbí, pro jistotu použijeme combofix
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe -souhlaste s instalací konzole pro zotavení
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Combofix
Dobrý večer, níže přikládám log z Combofixu. Provedl nějáké průmazy, tak uvídíte. Děkuji předem.
ComboFix 09-10-20.03 - Administrator 21.10.2009 17:42.1.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2031.1439 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1201 [VPS 080615-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Data aplikací\m\shared
c:\documents and settings\Administrator\Data aplikací\m\shared\404
c:\documents and settings\Administrator\Data aplikací\m\shared\ActiveWords Plus 1.95.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\AIM2Fone_2.0_[Patch].zip
c:\documents and settings\Administrator\Data aplikací\m\shared\Amazon.com Search Box 0.1.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\BiblePromise
c:\documents and settings\Administrator\Data aplikací\m\shared\BlackMail_1.0.0_With_Crack.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\CD_BurnRip_4.5.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\Clean Now 1.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\Command Finder 1.0.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\ContactsCollector_1.1.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\CW_Mail_Exchange_1.02.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\Disk Shower 3.0.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\DVD Case Dual Style 01.czip
c:\documents and settings\Administrator\Data aplikací\m\shared\DVD Case Dual Style 01.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\E-Pad_1.0.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\Fanurio 1.10.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\GeoQuiz 1.1.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\Keep_Up_1.46.6.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\LameGen_1.1.3.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\Micrometals Inductor Design For Power Filter.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\NetTools Ping 1.0.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\PAL Decoding 1.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\Pandion 2.5.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\PixWiz Visual Trivia Game Volume 3 1.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\Turbo_Image_Batch_Converter_2.0.1.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\Vidis_Pro_1.3.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\Win32.MyDoom.S@mm Free Removal tool 1.0.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\xero
c:\program files\Manson
c:\program files\Manson\liser.dll.vir
c:\recycler\S-1-5-21-4122495788-2713112069-802892778-500
c:\windows\Installer\184bd45.msi
c:\windows\Installer\209ba.msi
c:\windows\Installer\2d334.msp
c:\windows\Installer\34c1d.msp
c:\windows\Installer\34c24.msp
c:\windows\Installer\3c2b5.msi
c:\windows\Installer\4a337b.msp
c:\windows\Installer\4d5722.msp
c:\windows\Installer\59c478.msp
c:\windows\Installer\59c47f.msp
c:\windows\Installer\66f58b.msp
c:\windows\Installer\691ffc.msp
c:\windows\Installer\a85c9.msi
c:\windows\Installer\fcecf6.msp
c:\windows\regedit.com
c:\windows\system32\abetogap.ini
c:\windows\system32\acytmexr.ini
c:\windows\system32\adozoyey.ini
c:\windows\system32\amegisez.ini
c:\windows\system32\aydaulcf.ini
c:\windows\system32\bmhxrkmx.ini
c:\windows\system32\bwsspmgg.ini
c:\windows\system32\ckbtulfn.ini
c:\windows\system32\crejvokq.ini
c:\windows\system32\ctmfqrbn.ini
c:\windows\system32\dhwpycni.ini
c:\windows\system32\dlvuwxfb.ini
c:\windows\system32\dnmjryik.ini
c:\windows\system32\drivers\down
c:\windows\system32\drivers\downld
c:\windows\system32\dybwaqym.ini
c:\windows\system32\ebakurof.ini
c:\windows\system32\efipitaj.ini
c:\windows\system32\efjiemfk.ini
c:\windows\system32\efydqgws.ini
c:\windows\system32\exomvpcs.ini
c:\windows\system32\ftagxelo.ini
c:\windows\system32\fwqcvpfd.ini
c:\windows\system32\gapyiobt.ini
c:\windows\system32\gkexvqdl.ini
c:\windows\system32\gnwvsoco.ini
c:\windows\system32\gtmgjlrb.ini
c:\windows\system32\gurgfvmk.ini
c:\windows\system32\gvyuwjkd.ini
c:\windows\system32\hkbsatuf.ini
c:\windows\system32\hueyopfw.ini
c:\windows\system32\iexbilkv.ini
c:\windows\system32\igawafak.ini
c:\windows\system32\ioorphvi.ini
c:\windows\system32\iqusyvih.ini
c:\windows\system32\jddaphet.ini
c:\windows\system32\jesgkhob.ini
c:\windows\system32\jfsggmpi.ini
c:\windows\system32\JlTsYcdd.ini
c:\windows\system32\JlTsYcdd.ini2
c:\windows\system32\jpwcxuox.ini
c:\windows\system32\kbjoecna.ini
c:\windows\system32\kfjsfpnj.ini
c:\windows\system32\khvkbglc.ini
c:\windows\system32\klqmmubu.ini
c:\windows\system32\kukjtltr.ini
c:\windows\system32\mgprncyq.ini
c:\windows\system32\mlheflob.ini
c:\windows\system32\nbkihvqn.ini
c:\windows\system32\nctflwqm.ini
c:\windows\system32\ndhokfts.ini
c:\windows\system32\nrfecyld.ini
c:\windows\system32\odadorig.ini
c:\windows\system32\offxvnit.ini
c:\windows\system32\ojovoteg.ini
c:\windows\system32\olabehoh.ini
c:\windows\system32\oyemukul.ini
c:\windows\system32\pjbymiyu.ini
c:\windows\system32\prubjuij.ini
c:\windows\system32\qfmmafxw.ini
c:\windows\system32\qmlwtbcm.ini
c:\windows\system32\qsjggxdl.ini
c:\windows\system32\qxypwmym.ini
c:\windows\system32\rjpvaxcf.ini
c:\windows\system32\rnmsmild.ini
c:\windows\system32\sbauyiwi.ini
c:\windows\system32\sbhhlaar.ini
c:\windows\system32\sfkoxyad.ini
c:\windows\system32\sjasprft.ini
c:\windows\system32\smrnjytk.ini
c:\windows\system32\sotnajlx.ini
c:\windows\system32\stknnhll.ini
c:\windows\system32\taskmgr.com
c:\windows\system32\twiupnas.ini
c:\windows\system32\udujekom.ini
c:\windows\system32\uelyewxp.ini
c:\windows\system32\ukolosib.ini
c:\windows\system32\umnmbvge.ini
c:\windows\system32\uwijuvoz.ini
c:\windows\system32\vowfgbof.ini
c:\windows\system32\vruhlrsy.ini
c:\windows\system32\waetwvqp.ini
c:\windows\system32\wajaygac.ini
c:\windows\system32\wdxrxxoy.ini
c:\windows\system32\xdrgvkij.ini
c:\windows\system32\xerbnxva.ini
c:\windows\system32\xkwakcvk.ini
c:\windows\system32\xqtrceox.ini
c:\windows\system32\yblmyxcn.ini
c:\windows\system32\ybxegsaa.ini
c:\windows\system32\yfapfjrp.ini
c:\windows\zaponce52689.dat
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SROSA
-------\Legacy_SYS
-------\Legacy_SYSDRV
-------\Service_srosa
-------\Service_sys
-------\Service_sysdrv
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-21 do 2009-10-21 )))))))))))))))))))))))))))))))
.
2009-10-19 15:56 . 2009-10-19 15:56 -------- d-----w- c:\windows\system32\KB905474
2009-10-19 15:56 . 2009-03-10 20:26 1435008 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-10-19 15:56 . 2009-03-10 20:18 454024 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-10-16 18:52 . 2008-06-14 17:35 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-10-16 18:51 . 2009-06-21 21:48 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-10-16 18:50 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-10-16 18:45 . 2009-07-10 13:28 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-10-16 18:45 . 2008-04-11 19:06 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-16 18:42 . 2009-08-13 15:24 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2009-10-16 16:50 . 2009-10-16 16:51 -------- d-----w- c:\program files\trend micro
2009-10-16 16:25 . 2009-10-16 16:25 -------- d-----w- c:\windows\system32\cs
2009-10-16 16:25 . 2009-10-16 16:25 -------- d-----w- c:\windows\system32\bits
2009-10-16 16:25 . 2009-10-16 16:25 -------- d-----w- c:\windows\l2schemas
2009-10-16 16:22 . 2009-10-16 16:25 -------- d-----w- c:\windows\ServicePackFiles
2009-10-16 15:25 . 2009-10-16 15:25 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-14 16:22 . 2009-10-14 16:22 -------- d-----w- C:\$AVG8.VAULT$
2009-10-14 16:05 . 2009-10-14 16:05 -------- d-----w- c:\program files\Gabest
2009-10-14 16:04 . 2006-11-01 12:54 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-14 16:04 . 2009-10-14 16:05 -------- d-----w- c:\program files\Xvid
2009-10-14 16:00 . 2009-10-14 16:06 -------- d-----w- c:\program files\AVI ReComp
2009-10-14 15:10 . 2009-10-14 16:03 -------- d-----w- c:\program files\AviSynth 2.5
2009-10-14 15:05 . 2009-10-14 16:01 -------- d-----w- C:\MTV_OUTPUT
2009-10-10 08:30 . 2009-10-10 08:30 -------- d-----w- c:\program files\Revo Uninstaller
2009-10-10 07:44 . 2009-10-10 07:44 -------- d-----w- c:\program files\Common Files\Skype
2009-10-10 07:35 . 2009-10-10 07:35 -------- d-----w- c:\program files\CCleaner
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 15:18 . 2008-07-19 15:32 -------- d-----w- c:\program files\Crawler
2009-10-21 13:54 . 2006-05-04 15:29 63328 ----a-w- c:\windows\system32\perfc005.dat
2009-10-21 13:54 . 2006-05-04 15:29 382822 ----a-w- c:\windows\system32\perfh005.dat
2009-10-18 17:03 . 2007-07-03 15:36 -------- d-----w- c:\program files\SnagIt 7
2009-10-16 19:20 . 2007-06-03 17:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-16 16:11 . 2008-02-28 16:09 -------- d-----w- c:\program files\ICQToolbar
2009-10-10 09:14 . 2008-06-29 12:36 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-10-10 07:44 . 2007-06-08 15:54 -------- d-----r- c:\program files\Skype
2009-09-11 14:19 . 2006-03-02 02:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2006-03-02 02:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:02 . 2006-03-02 02:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 08:19 . 2009-06-29 20:56 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-23 08:19 . 2009-06-29 20:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-23 08:19 . 2008-10-25 15:47 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-06 17:24 . 2006-03-02 02:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2006-03-02 02:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2006-03-02 02:00 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2005-05-26 02:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2006-03-02 02:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2006-03-02 02:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2006-03-02 02:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2006-03-02 02:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2006-03-02 02:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2006-03-02 02:00 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2006-03-02 02:00 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:36 . 2006-03-02 02:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:36 . 2006-03-02 02:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2008-03-31 17:47 . 2008-03-31 14:08 88 --sh--r- c:\windows\system32\7D2B97C863.sys
2006-05-03 09:06 . 2007-12-14 15:00 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-01-20 17:29 . 2008-03-30 18:02 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 . 2007-12-14 15:00 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-04-14 03:21 . 2006-03-02 02:00 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 03:21 . 2006-03-02 02:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2009-06-25 06:33 . 2009-06-25 06:11 1398061 --sha-w- c:\windows\system32\olumivuk.ini.vir
2008-04-14 03:22 . 2006-03-02 02:00 12288 --sh--w- c:\windows\system32\regsvr32.exe
2009-06-25 06:11 . 2009-03-25 06:11 81408 --sha-w- c:\windows\system32\veyevida.dll.vir
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 09:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-07 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"CloneCDElbyCDFL"="c:\program files\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 497176]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 756248]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-1 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 08:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\System Mechanic Professional 6"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexingService.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [28.11.2002 12:43 22016]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29.6.2009 22:56 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29.6.2009 22:56 108552]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.4.2007 18:08 81688]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [15.6.2007 17:25 141312]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [29.6.2009 22:56 297752]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [9.5.2007 16:31 540448]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [18.7.2008 22:01 13352]
.
Obsah adresáře 'Naplánované úlohy'
2009-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
2009-10-21 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-19 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://web.volny.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\n27xacn2.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.csfd.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{490aca7c-0c96-42b4-8f86-49903ba61fd7} - (no file)
BHO-{AE18A53A-8FB0-4F90-B1D5-03CB51E4AB7B} - (no file)
BHO-{ce0f61d2-f60f-4d38-a9df-83686b4873ee} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
ShellExecuteHooks-{f3bc3c18-0645-4a1f-a023-baf82af08d47} - (no file)
Notify-NavLogon - (no file)
Notify-xxyWqomM - xxyWqomM.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 17:48
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(816)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(3892)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\combofix\CF3649.exe
c:\windows\system32\CTSvcCDA.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\NetLimiter 2 Monitor\nlsvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\progra~1\SPYWAR~1\sp_rsser.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\NetLimiter 2 Monitor\NLClient.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Logitech\SetPoint\LU\LULnchr.exe
c:\program files\Logitech\SetPoint\LU\LogitechUpdate.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Celkový čas: 2009-10-21 17:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-21 15:53
Před spuštěním: Volných bajtů: 106 642 001 920
Po spuštění: Volných bajtů: 106 383 626 240
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - ADC8E4D8CBED6818F4D9624F83D04610
ComboFix 09-10-20.03 - Administrator 21.10.2009 17:42.1.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2031.1439 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1201 [VPS 080615-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Data aplikací\m\shared
c:\documents and settings\Administrator\Data aplikací\m\shared\404
c:\documents and settings\Administrator\Data aplikací\m\shared\ActiveWords Plus 1.95.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\AIM2Fone_2.0_[Patch].zip
c:\documents and settings\Administrator\Data aplikací\m\shared\Amazon.com Search Box 0.1.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\BiblePromise
c:\documents and settings\Administrator\Data aplikací\m\shared\BlackMail_1.0.0_With_Crack.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\CD_BurnRip_4.5.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\Clean Now 1.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\Command Finder 1.0.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\ContactsCollector_1.1.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\CW_Mail_Exchange_1.02.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\Disk Shower 3.0.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\DVD Case Dual Style 01.czip
c:\documents and settings\Administrator\Data aplikací\m\shared\DVD Case Dual Style 01.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\E-Pad_1.0.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\Fanurio 1.10.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\GeoQuiz 1.1.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\Keep_Up_1.46.6.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\LameGen_1.1.3.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\Micrometals Inductor Design For Power Filter.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\NetTools Ping 1.0.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\PAL Decoding 1.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\Pandion 2.5.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\PixWiz Visual Trivia Game Volume 3 1.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\Turbo_Image_Batch_Converter_2.0.1.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\Vidis_Pro_1.3.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\Win32.MyDoom.S@mm Free Removal tool 1.0.zip
c:\documents and settings\Administrator\Data aplikací\m\shared\xero
c:\program files\Manson
c:\program files\Manson\liser.dll.vir
c:\recycler\S-1-5-21-4122495788-2713112069-802892778-500
c:\windows\Installer\184bd45.msi
c:\windows\Installer\209ba.msi
c:\windows\Installer\2d334.msp
c:\windows\Installer\34c1d.msp
c:\windows\Installer\34c24.msp
c:\windows\Installer\3c2b5.msi
c:\windows\Installer\4a337b.msp
c:\windows\Installer\4d5722.msp
c:\windows\Installer\59c478.msp
c:\windows\Installer\59c47f.msp
c:\windows\Installer\66f58b.msp
c:\windows\Installer\691ffc.msp
c:\windows\Installer\a85c9.msi
c:\windows\Installer\fcecf6.msp
c:\windows\regedit.com
c:\windows\system32\abetogap.ini
c:\windows\system32\acytmexr.ini
c:\windows\system32\adozoyey.ini
c:\windows\system32\amegisez.ini
c:\windows\system32\aydaulcf.ini
c:\windows\system32\bmhxrkmx.ini
c:\windows\system32\bwsspmgg.ini
c:\windows\system32\ckbtulfn.ini
c:\windows\system32\crejvokq.ini
c:\windows\system32\ctmfqrbn.ini
c:\windows\system32\dhwpycni.ini
c:\windows\system32\dlvuwxfb.ini
c:\windows\system32\dnmjryik.ini
c:\windows\system32\drivers\down
c:\windows\system32\drivers\downld
c:\windows\system32\dybwaqym.ini
c:\windows\system32\ebakurof.ini
c:\windows\system32\efipitaj.ini
c:\windows\system32\efjiemfk.ini
c:\windows\system32\efydqgws.ini
c:\windows\system32\exomvpcs.ini
c:\windows\system32\ftagxelo.ini
c:\windows\system32\fwqcvpfd.ini
c:\windows\system32\gapyiobt.ini
c:\windows\system32\gkexvqdl.ini
c:\windows\system32\gnwvsoco.ini
c:\windows\system32\gtmgjlrb.ini
c:\windows\system32\gurgfvmk.ini
c:\windows\system32\gvyuwjkd.ini
c:\windows\system32\hkbsatuf.ini
c:\windows\system32\hueyopfw.ini
c:\windows\system32\iexbilkv.ini
c:\windows\system32\igawafak.ini
c:\windows\system32\ioorphvi.ini
c:\windows\system32\iqusyvih.ini
c:\windows\system32\jddaphet.ini
c:\windows\system32\jesgkhob.ini
c:\windows\system32\jfsggmpi.ini
c:\windows\system32\JlTsYcdd.ini
c:\windows\system32\JlTsYcdd.ini2
c:\windows\system32\jpwcxuox.ini
c:\windows\system32\kbjoecna.ini
c:\windows\system32\kfjsfpnj.ini
c:\windows\system32\khvkbglc.ini
c:\windows\system32\klqmmubu.ini
c:\windows\system32\kukjtltr.ini
c:\windows\system32\mgprncyq.ini
c:\windows\system32\mlheflob.ini
c:\windows\system32\nbkihvqn.ini
c:\windows\system32\nctflwqm.ini
c:\windows\system32\ndhokfts.ini
c:\windows\system32\nrfecyld.ini
c:\windows\system32\odadorig.ini
c:\windows\system32\offxvnit.ini
c:\windows\system32\ojovoteg.ini
c:\windows\system32\olabehoh.ini
c:\windows\system32\oyemukul.ini
c:\windows\system32\pjbymiyu.ini
c:\windows\system32\prubjuij.ini
c:\windows\system32\qfmmafxw.ini
c:\windows\system32\qmlwtbcm.ini
c:\windows\system32\qsjggxdl.ini
c:\windows\system32\qxypwmym.ini
c:\windows\system32\rjpvaxcf.ini
c:\windows\system32\rnmsmild.ini
c:\windows\system32\sbauyiwi.ini
c:\windows\system32\sbhhlaar.ini
c:\windows\system32\sfkoxyad.ini
c:\windows\system32\sjasprft.ini
c:\windows\system32\smrnjytk.ini
c:\windows\system32\sotnajlx.ini
c:\windows\system32\stknnhll.ini
c:\windows\system32\taskmgr.com
c:\windows\system32\twiupnas.ini
c:\windows\system32\udujekom.ini
c:\windows\system32\uelyewxp.ini
c:\windows\system32\ukolosib.ini
c:\windows\system32\umnmbvge.ini
c:\windows\system32\uwijuvoz.ini
c:\windows\system32\vowfgbof.ini
c:\windows\system32\vruhlrsy.ini
c:\windows\system32\waetwvqp.ini
c:\windows\system32\wajaygac.ini
c:\windows\system32\wdxrxxoy.ini
c:\windows\system32\xdrgvkij.ini
c:\windows\system32\xerbnxva.ini
c:\windows\system32\xkwakcvk.ini
c:\windows\system32\xqtrceox.ini
c:\windows\system32\yblmyxcn.ini
c:\windows\system32\ybxegsaa.ini
c:\windows\system32\yfapfjrp.ini
c:\windows\zaponce52689.dat
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SROSA
-------\Legacy_SYS
-------\Legacy_SYSDRV
-------\Service_srosa
-------\Service_sys
-------\Service_sysdrv
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-21 do 2009-10-21 )))))))))))))))))))))))))))))))
.
2009-10-19 15:56 . 2009-10-19 15:56 -------- d-----w- c:\windows\system32\KB905474
2009-10-19 15:56 . 2009-03-10 20:26 1435008 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-10-19 15:56 . 2009-03-10 20:18 454024 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-10-16 18:52 . 2008-06-14 17:35 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-10-16 18:51 . 2009-06-21 21:48 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-10-16 18:50 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-10-16 18:45 . 2009-07-10 13:28 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-10-16 18:45 . 2008-04-11 19:06 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-16 18:42 . 2009-08-13 15:24 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2009-10-16 16:50 . 2009-10-16 16:51 -------- d-----w- c:\program files\trend micro
2009-10-16 16:25 . 2009-10-16 16:25 -------- d-----w- c:\windows\system32\cs
2009-10-16 16:25 . 2009-10-16 16:25 -------- d-----w- c:\windows\system32\bits
2009-10-16 16:25 . 2009-10-16 16:25 -------- d-----w- c:\windows\l2schemas
2009-10-16 16:22 . 2009-10-16 16:25 -------- d-----w- c:\windows\ServicePackFiles
2009-10-16 15:25 . 2009-10-16 15:25 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-14 16:22 . 2009-10-14 16:22 -------- d-----w- C:\$AVG8.VAULT$
2009-10-14 16:05 . 2009-10-14 16:05 -------- d-----w- c:\program files\Gabest
2009-10-14 16:04 . 2006-11-01 12:54 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-14 16:04 . 2009-10-14 16:05 -------- d-----w- c:\program files\Xvid
2009-10-14 16:00 . 2009-10-14 16:06 -------- d-----w- c:\program files\AVI ReComp
2009-10-14 15:10 . 2009-10-14 16:03 -------- d-----w- c:\program files\AviSynth 2.5
2009-10-14 15:05 . 2009-10-14 16:01 -------- d-----w- C:\MTV_OUTPUT
2009-10-10 08:30 . 2009-10-10 08:30 -------- d-----w- c:\program files\Revo Uninstaller
2009-10-10 07:44 . 2009-10-10 07:44 -------- d-----w- c:\program files\Common Files\Skype
2009-10-10 07:35 . 2009-10-10 07:35 -------- d-----w- c:\program files\CCleaner
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 15:18 . 2008-07-19 15:32 -------- d-----w- c:\program files\Crawler
2009-10-21 13:54 . 2006-05-04 15:29 63328 ----a-w- c:\windows\system32\perfc005.dat
2009-10-21 13:54 . 2006-05-04 15:29 382822 ----a-w- c:\windows\system32\perfh005.dat
2009-10-18 17:03 . 2007-07-03 15:36 -------- d-----w- c:\program files\SnagIt 7
2009-10-16 19:20 . 2007-06-03 17:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-16 16:11 . 2008-02-28 16:09 -------- d-----w- c:\program files\ICQToolbar
2009-10-10 09:14 . 2008-06-29 12:36 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-10-10 07:44 . 2007-06-08 15:54 -------- d-----r- c:\program files\Skype
2009-09-11 14:19 . 2006-03-02 02:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2006-03-02 02:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:02 . 2006-03-02 02:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 08:19 . 2009-06-29 20:56 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-23 08:19 . 2009-06-29 20:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-23 08:19 . 2008-10-25 15:47 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-06 17:24 . 2006-03-02 02:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2006-03-02 02:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2006-03-02 02:00 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2005-05-26 02:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2006-03-02 02:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2006-03-02 02:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2006-03-02 02:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2006-03-02 02:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2006-03-02 02:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2006-03-02 02:00 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2006-03-02 02:00 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:36 . 2006-03-02 02:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:36 . 2006-03-02 02:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2008-03-31 17:47 . 2008-03-31 14:08 88 --sh--r- c:\windows\system32\7D2B97C863.sys
2006-05-03 09:06 . 2007-12-14 15:00 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-01-20 17:29 . 2008-03-30 18:02 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 . 2007-12-14 15:00 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-04-14 03:21 . 2006-03-02 02:00 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 03:21 . 2006-03-02 02:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2009-06-25 06:33 . 2009-06-25 06:11 1398061 --sha-w- c:\windows\system32\olumivuk.ini.vir
2008-04-14 03:22 . 2006-03-02 02:00 12288 --sh--w- c:\windows\system32\regsvr32.exe
2009-06-25 06:11 . 2009-03-25 06:11 81408 --sha-w- c:\windows\system32\veyevida.dll.vir
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 09:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-07 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"CloneCDElbyCDFL"="c:\program files\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 497176]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 756248]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-1 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 08:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\System Mechanic Professional 6"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexingService.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [28.11.2002 12:43 22016]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29.6.2009 22:56 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29.6.2009 22:56 108552]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.4.2007 18:08 81688]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [15.6.2007 17:25 141312]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [29.6.2009 22:56 297752]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [9.5.2007 16:31 540448]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [18.7.2008 22:01 13352]
.
Obsah adresáře 'Naplánované úlohy'
2009-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
2009-10-21 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-19 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://web.volny.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\n27xacn2.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.csfd.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{490aca7c-0c96-42b4-8f86-49903ba61fd7} - (no file)
BHO-{AE18A53A-8FB0-4F90-B1D5-03CB51E4AB7B} - (no file)
BHO-{ce0f61d2-f60f-4d38-a9df-83686b4873ee} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
ShellExecuteHooks-{f3bc3c18-0645-4a1f-a023-baf82af08d47} - (no file)
Notify-NavLogon - (no file)
Notify-xxyWqomM - xxyWqomM.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 17:48
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(816)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(3892)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\combofix\CF3649.exe
c:\windows\system32\CTSvcCDA.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\NetLimiter 2 Monitor\nlsvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\progra~1\SPYWAR~1\sp_rsser.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\NetLimiter 2 Monitor\NLClient.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Logitech\SetPoint\LU\LULnchr.exe
c:\program files\Logitech\SetPoint\LU\LogitechUpdate.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Celkový čas: 2009-10-21 17:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-21 15:53
Před spuštěním: Volných bajtů: 106 642 001 920
Po spuštění: Volných bajtů: 106 383 626 240
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - ADC8E4D8CBED6818F4D9624F83D04610
Re: Preventivka
nádhera 
, kde jste k tomu přišel? 
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.
Stahněte MBAM z mého podpisu-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Gmer
Dobrý den, vkládám logy z Gmeru. Mbam bude trvat trošku déle a jelikož nemám k počítači permanentní přístup, tak nevím, kdy se sem zase dostanu. Ale děkuji za pomoc.
1 log
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit quick scan 2009-11-03 15:52:06
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxliypog.sys
---- System - GMER 1.0.15 ----
SSDT spik.sys ZwEnumerateKey [0xB9EC5CA4]
SSDT spik.sys ZwEnumerateValueKey [0xB9EC6032]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A9C81F8
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)
---- EOF - GMER 1.0.15 ----
2 log
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-03 17:31:25
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxliypog.sys
---- System - GMER 1.0.15 ----
SSDT spik.sys ZwCreateKey [0xB9EA70E0]
SSDT spik.sys ZwEnumerateKey [0xB9EC5CA4]
SSDT spik.sys ZwEnumerateValueKey [0xB9EC6032]
SSDT spik.sys ZwOpenKey [0xB9EA70C0]
SSDT spik.sys ZwQueryKey [0xB9EC610A]
SSDT spik.sys ZwQueryValueKey [0xB9EC5F8A]
SSDT spik.sys ZwSetValueKey [0xB9EC619C]
INT 0x62 ? 8A9C9BF8
INT 0x63 ? 8A878BF8
INT 0x63 ? 8A878BF8
INT 0x63 ? 8A878BF8
INT 0x63 ? 8A878BF8
INT 0x82 ? 8A9C9BF8
INT 0x94 ? 8A878BF8
INT 0xA4 ? 8A878BF8
INT 0xB4 ? 8A878BF8
INT 0xB4 ? 8A878BF8
INT 0xB4 ? 8A878BF8
INT 0xB4 ? 8A878BF8
---- Kernel code sections - GMER 1.0.15 ----
? spik.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload B8F8F8AC 5 Bytes JMP 8A8781D8
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA8042] spik.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA813E] spik.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA80C0] spik.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA8800] spik.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA86D6] spik.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB7E9C] spik.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\NetLimiter 2 Monitor\NLClient.exe[168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C52EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\NetLimiter 2 Monitor\NLClient.exe[168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C52C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\NetLimiter 2 Monitor\NLClient.exe[168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C52C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\NetLimiter 2 Monitor\NLClient.exe[168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C52C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01912EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01912C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01912C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01912C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [011B2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [011B2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [011B2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [011B2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B62EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B62C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B62C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B62C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C32EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C32C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C32C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C32C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Crawler\CToolbar.exe[2464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E72EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Crawler\CToolbar.exe[2464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E72C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Crawler\CToolbar.exe[2464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E72C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Crawler\CToolbar.exe[2464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E72C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[2548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A32EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[2548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A32C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[2548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A32C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[2548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A32C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Administrator\Local Settings\temp\wz2f48\gmer.exe[3592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Administrator\Local Settings\temp\wz2f48\gmer.exe[3592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Administrator\Local Settings\temp\wz2f48\gmer.exe[3592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Administrator\Local Settings\temp\wz2f48\gmer.exe[3592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3776] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3776] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3776] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3776] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Total Commander\TOTALCMD.EXE[3956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BD2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Total Commander\TOTALCMD.EXE[3956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BD2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Total Commander\TOTALCMD.EXE[3956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BD2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Total Commander\TOTALCMD.EXE[3956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BD2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A9C81F8
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBPDO-0 8A8791F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A9CA1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A9CA1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A9CA1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A9CA1F8
Device \Driver\usbuhci \Device\USBPDO-1 8A8791F8
Device \Driver\usbehci \Device\USBPDO-2 8A8201F8
Device \Driver\usbuhci \Device\USBPDO-3 8A8791F8
Device \Driver\usbuhci \Device\USBPDO-4 8A8791F8
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbehci \Device\USBPDO-5 8A8201F8
Device \Driver\usbohci \Device\USBPDO-6 8A7F21F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AA3A1F8
Device \Driver\usbohci \Device\USBPDO-7 8A7F21F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AA3A1F8
Device \Driver\Cdrom \Device\CdRom0 8A7BD1F8
Device \Driver\usbehci \Device\USBPDO-8 8A8201F8
Device \Driver\Cdrom \Device\CdRom1 8A7BD1F8
Device \Driver\atapi \Device\Ide\IdePort0 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 8A7BD1F8
Device \Driver\USBSTOR \Device\00000082 8A5FC500
Device \Driver\USBSTOR \Device\00000083 8A5FC500
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A6E7490
Device \Driver\USBSTOR \Device\00000084 8A5FC500
Device \Driver\NetBT \Device\NetbiosSmb 8A6E7490
Device \Driver\USBSTOR \Device\00000085 8A5FC500
Device \Driver\NetBT \Device\NetBT_Tcpip_{AFF8590D-636E-4ACA-B90D-AB834B3D50DC} 8A6E7490
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\usbuhci \Device\USBFDO-0 8A8791F8
Device \Driver\usbuhci \Device\USBFDO-1 8A8791F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A5BA500
Device \Driver\usbehci \Device\USBFDO-2 8A8201F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A5BA500
Device \Driver\usbuhci \Device\USBFDO-3 8A8791F8
Device \Driver\usbuhci \Device\USBFDO-4 8A8791F8
Device \Driver\Ftdisk \Device\FtControl 8AA3A1F8
Device \Driver\usbehci \Device\USBFDO-5 8A8201F8
Device \Driver\USBSTOR \Device\0000007f 8A5FC500
Device \Driver\usbohci \Device\USBFDO-6 8A7F21F8
Device \Driver\usbohci \Device\USBFDO-7 8A7F21F8
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 8AA391F8
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 8AA391F8
Device \Driver\usbehci \Device\USBFDO-8 8A8201F8
Device \FileSystem\Cdfs \Cdfs 8A604500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0xEE 0x52 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3A 0x08 0x83 0x59 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC2 0xCD 0xAA 0xD3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0xEE 0x52 0xBA ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0xEE 0x52 0xBA ...
---- EOF - GMER 1.0.15 ----
1 log
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit quick scan 2009-11-03 15:52:06
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxliypog.sys
---- System - GMER 1.0.15 ----
SSDT spik.sys ZwEnumerateKey [0xB9EC5CA4]
SSDT spik.sys ZwEnumerateValueKey [0xB9EC6032]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A9C81F8
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)
---- EOF - GMER 1.0.15 ----
2 log
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-03 17:31:25
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxliypog.sys
---- System - GMER 1.0.15 ----
SSDT spik.sys ZwCreateKey [0xB9EA70E0]
SSDT spik.sys ZwEnumerateKey [0xB9EC5CA4]
SSDT spik.sys ZwEnumerateValueKey [0xB9EC6032]
SSDT spik.sys ZwOpenKey [0xB9EA70C0]
SSDT spik.sys ZwQueryKey [0xB9EC610A]
SSDT spik.sys ZwQueryValueKey [0xB9EC5F8A]
SSDT spik.sys ZwSetValueKey [0xB9EC619C]
INT 0x62 ? 8A9C9BF8
INT 0x63 ? 8A878BF8
INT 0x63 ? 8A878BF8
INT 0x63 ? 8A878BF8
INT 0x63 ? 8A878BF8
INT 0x82 ? 8A9C9BF8
INT 0x94 ? 8A878BF8
INT 0xA4 ? 8A878BF8
INT 0xB4 ? 8A878BF8
INT 0xB4 ? 8A878BF8
INT 0xB4 ? 8A878BF8
INT 0xB4 ? 8A878BF8
---- Kernel code sections - GMER 1.0.15 ----
? spik.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload B8F8F8AC 5 Bytes JMP 8A8781D8
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA8042] spik.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA813E] spik.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA80C0] spik.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA8800] spik.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA86D6] spik.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB7E9C] spik.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\NetLimiter 2 Monitor\NLClient.exe[168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C52EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\NetLimiter 2 Monitor\NLClient.exe[168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C52C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\NetLimiter 2 Monitor\NLClient.exe[168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C52C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\NetLimiter 2 Monitor\NLClient.exe[168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C52C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01912EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01912C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01912C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01912C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [011B2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [011B2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [011B2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [011B2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B62EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B62C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B62C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B62C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C32EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C32C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C32C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C32C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Crawler\CToolbar.exe[2464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E72EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Crawler\CToolbar.exe[2464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E72C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Crawler\CToolbar.exe[2464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E72C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Crawler\CToolbar.exe[2464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E72C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[2548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A32EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[2548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A32C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[2548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A32C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[2548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A32C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Administrator\Local Settings\temp\wz2f48\gmer.exe[3592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Administrator\Local Settings\temp\wz2f48\gmer.exe[3592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Administrator\Local Settings\temp\wz2f48\gmer.exe[3592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Administrator\Local Settings\temp\wz2f48\gmer.exe[3592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3776] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3776] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3776] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3776] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Total Commander\TOTALCMD.EXE[3956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BD2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Total Commander\TOTALCMD.EXE[3956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BD2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Total Commander\TOTALCMD.EXE[3956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BD2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Total Commander\TOTALCMD.EXE[3956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BD2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A9C81F8
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBPDO-0 8A8791F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A9CA1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A9CA1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A9CA1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A9CA1F8
Device \Driver\usbuhci \Device\USBPDO-1 8A8791F8
Device \Driver\usbehci \Device\USBPDO-2 8A8201F8
Device \Driver\usbuhci \Device\USBPDO-3 8A8791F8
Device \Driver\usbuhci \Device\USBPDO-4 8A8791F8
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbehci \Device\USBPDO-5 8A8201F8
Device \Driver\usbohci \Device\USBPDO-6 8A7F21F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AA3A1F8
Device \Driver\usbohci \Device\USBPDO-7 8A7F21F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AA3A1F8
Device \Driver\Cdrom \Device\CdRom0 8A7BD1F8
Device \Driver\usbehci \Device\USBPDO-8 8A8201F8
Device \Driver\Cdrom \Device\CdRom1 8A7BD1F8
Device \Driver\atapi \Device\Ide\IdePort0 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 8A7BD1F8
Device \Driver\USBSTOR \Device\00000082 8A5FC500
Device \Driver\USBSTOR \Device\00000083 8A5FC500
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A6E7490
Device \Driver\USBSTOR \Device\00000084 8A5FC500
Device \Driver\NetBT \Device\NetbiosSmb 8A6E7490
Device \Driver\USBSTOR \Device\00000085 8A5FC500
Device \Driver\NetBT \Device\NetBT_Tcpip_{AFF8590D-636E-4ACA-B90D-AB834B3D50DC} 8A6E7490
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\usbuhci \Device\USBFDO-0 8A8791F8
Device \Driver\usbuhci \Device\USBFDO-1 8A8791F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A5BA500
Device \Driver\usbehci \Device\USBFDO-2 8A8201F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A5BA500
Device \Driver\usbuhci \Device\USBFDO-3 8A8791F8
Device \Driver\usbuhci \Device\USBFDO-4 8A8791F8
Device \Driver\Ftdisk \Device\FtControl 8AA3A1F8
Device \Driver\usbehci \Device\USBFDO-5 8A8201F8
Device \Driver\USBSTOR \Device\0000007f 8A5FC500
Device \Driver\usbohci \Device\USBFDO-6 8A7F21F8
Device \Driver\usbohci \Device\USBFDO-7 8A7F21F8
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 8AA391F8
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 8AA391F8
Device \Driver\usbehci \Device\USBFDO-8 8A8201F8
Device \FileSystem\Cdfs \Cdfs 8A604500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0xEE 0x52 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3A 0x08 0x83 0x59 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC2 0xCD 0xAA 0xD3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0xEE 0x52 0xBA ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0xEE 0x52 0xBA ...
---- EOF - GMER 1.0.15 ----
Re: Preventivka
Ten starý combofix odinstalujte a nainstalujte nový..aktualizovaný
Odinstalujte combofix přes
Start >> Spustit zkopírujte do okénka:
ComboFix /Uninstall
stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-Log vložte sem
Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179
-Podle návodu nainstalujte a proveďte sken
-vložte zde log z výsledky
Jak to vypadá s počítačem?
Odinstalujte combofix přesStart >> Spustit zkopírujte do okénka:
ComboFix /Uninstall
stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe -Log vložte sem
Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179-Podle návodu nainstalujte a proveďte sken
-vložte zde log z výsledky
Jak to vypadá s počítačem?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Skeny
Počítač se zdá být o něco rychlejší. Zde přikládám log z Combofixu:
ComboFix 09-11-19.05 - Administrator 20.11.2009 14:46.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2031.1575 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1201 [VPS 080615-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\DRIVERS\ElbyVCD.sys . . . je infikován!!
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-10-20 do 2009-11-20 )))))))))))))))))))))))))))))))
.
2009-11-20 13:42 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-20 13:42 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-20 12:58 . 2009-11-20 13:00 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-11-03 16:35 . 2009-11-03 16:35 -------- d-----w- c:\program files\QIP
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 13:50 . 2006-05-04 15:29 63328 ----a-w- c:\windows\system32\perfc005.dat
2009-11-20 13:50 . 2006-05-04 15:29 382822 ----a-w- c:\windows\system32\perfh005.dat
2009-11-20 13:02 . 2008-07-19 15:32 -------- d-----w- c:\program files\Crawler
2009-11-20 12:58 . 2009-10-16 15:25 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-11 11:41 . 2008-02-28 16:09 -------- d-----w- c:\program files\ICQToolbar
2009-11-09 18:56 . 2007-07-03 15:36 -------- d-----w- c:\program files\SnagIt 7
2009-10-23 09:50 . 2007-06-03 17:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-16 16:51 . 2009-10-16 16:50 -------- d-----w- c:\program files\trend micro
2009-10-16 16:28 . 2006-05-04 15:16 4018 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-10-16 16:28 . 2006-05-04 15:16 88207 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-14 16:06 . 2009-10-14 16:00 -------- d-----w- c:\program files\AVI ReComp
2009-10-14 16:05 . 2009-10-14 16:05 -------- d-----w- c:\program files\Gabest
2009-10-14 16:05 . 2009-10-14 16:04 -------- d-----w- c:\program files\Xvid
2009-10-14 16:03 . 2009-10-14 15:10 -------- d-----w- c:\program files\AviSynth 2.5
2009-10-10 09:14 . 2008-06-29 12:36 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-10-10 08:30 . 2009-10-10 08:30 -------- d-----w- c:\program files\Revo Uninstaller
2009-10-10 07:44 . 2007-06-08 15:54 -------- d-----r- c:\program files\Skype
2009-10-10 07:44 . 2009-10-10 07:44 -------- d-----w- c:\program files\Common Files\Skype
2009-10-10 07:35 . 2009-10-10 07:35 -------- d-----w- c:\program files\CCleaner
2009-09-11 14:19 . 2006-03-02 02:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2006-03-02 02:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:31 . 2006-03-02 02:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:30 . 2006-03-02 02:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:30 . 2006-03-02 02:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:02 . 2006-03-02 02:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 08:19 . 2009-06-29 20:56 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-23 08:19 . 2009-06-29 20:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-23 08:19 . 2008-10-25 15:47 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2008-03-31 17:47 . 2008-03-31 14:08 88 --sh--r- c:\windows\system32\7D2B97C863.sys
2006-05-03 09:06 . 2007-12-14 15:00 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-01-20 17:29 . 2008-03-30 18:02 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 . 2007-12-14 15:00 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-04-14 03:21 . 2006-03-02 02:00 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 03:21 . 2006-03-02 02:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2009-06-25 06:33 . 2009-06-25 06:11 1398061 --sha-w- c:\windows\system32\olumivuk.ini.vir
2008-04-14 03:22 . 2006-03-02 02:00 12288 --sh--w- c:\windows\system32\regsvr32.exe
2009-06-25 06:11 . 2009-03-25 06:11 81408 --sha-w- c:\windows\system32\veyevida.dll.vir
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 09:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-07 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"CloneCDElbyCDFL"="c:\program files\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 497176]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 756248]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-1 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 08:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\System Mechanic Professional 6
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexingService.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [28.11.2002 11:43 22016]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.10.2009 16:25 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29.6.2009 21:56 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29.6.2009 21:56 108552]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.4.2007 17:08 81688]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [15.6.2007 16:25 141312]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [29.6.2009 21:56 297752]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [9.5.2007 15:31 540448]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [18.7.2008 21:01 13352]
.
Obsah adresáře 'Naplánované úlohy'
2009-10-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
2009-11-20 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-19 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://web.volny.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\n27xacn2.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.csfd.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-20 14:52
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spws.sys >>UNKNOWN [0x8A9EA938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e74cb8
\Driver\atapi -> atapi.sys @ 0xb9e09b40
\Driver\iaStor -> iaStor.sys @ 0xb9c0ff80
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
NDIS: Intel(R) 82566DM Gigabit Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9d12bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d1fa21
SendHandler -> NDIS.sys @ 0xb9cfd87b
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(816)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Celkový čas: 2009-11-20 14:53
ComboFix-quarantined-files.txt 2009-11-20 13:53
Před spuštěním: Volných bajtů: 105 344 733 184
Po spuštění: Volných bajtů: 105 302 675 456
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - C1DE47DFB11BF4C1A197875EBC7981FC
Zatím běží Kaspersky scan.
ComboFix 09-11-19.05 - Administrator 20.11.2009 14:46.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2031.1575 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1201 [VPS 080615-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\DRIVERS\ElbyVCD.sys . . . je infikován!!
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-10-20 do 2009-11-20 )))))))))))))))))))))))))))))))
.
2009-11-20 13:42 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-20 13:42 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-20 12:58 . 2009-11-20 13:00 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-11-03 16:35 . 2009-11-03 16:35 -------- d-----w- c:\program files\QIP
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 13:50 . 2006-05-04 15:29 63328 ----a-w- c:\windows\system32\perfc005.dat
2009-11-20 13:50 . 2006-05-04 15:29 382822 ----a-w- c:\windows\system32\perfh005.dat
2009-11-20 13:02 . 2008-07-19 15:32 -------- d-----w- c:\program files\Crawler
2009-11-20 12:58 . 2009-10-16 15:25 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-11 11:41 . 2008-02-28 16:09 -------- d-----w- c:\program files\ICQToolbar
2009-11-09 18:56 . 2007-07-03 15:36 -------- d-----w- c:\program files\SnagIt 7
2009-10-23 09:50 . 2007-06-03 17:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-16 16:51 . 2009-10-16 16:50 -------- d-----w- c:\program files\trend micro
2009-10-16 16:28 . 2006-05-04 15:16 4018 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-10-16 16:28 . 2006-05-04 15:16 88207 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-14 16:06 . 2009-10-14 16:00 -------- d-----w- c:\program files\AVI ReComp
2009-10-14 16:05 . 2009-10-14 16:05 -------- d-----w- c:\program files\Gabest
2009-10-14 16:05 . 2009-10-14 16:04 -------- d-----w- c:\program files\Xvid
2009-10-14 16:03 . 2009-10-14 15:10 -------- d-----w- c:\program files\AviSynth 2.5
2009-10-10 09:14 . 2008-06-29 12:36 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-10-10 08:30 . 2009-10-10 08:30 -------- d-----w- c:\program files\Revo Uninstaller
2009-10-10 07:44 . 2007-06-08 15:54 -------- d-----r- c:\program files\Skype
2009-10-10 07:44 . 2009-10-10 07:44 -------- d-----w- c:\program files\Common Files\Skype
2009-10-10 07:35 . 2009-10-10 07:35 -------- d-----w- c:\program files\CCleaner
2009-09-11 14:19 . 2006-03-02 02:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2006-03-02 02:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:31 . 2006-03-02 02:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:30 . 2006-03-02 02:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:30 . 2006-03-02 02:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:02 . 2006-03-02 02:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 08:19 . 2009-06-29 20:56 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-23 08:19 . 2009-06-29 20:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-23 08:19 . 2008-10-25 15:47 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2008-03-31 17:47 . 2008-03-31 14:08 88 --sh--r- c:\windows\system32\7D2B97C863.sys
2006-05-03 09:06 . 2007-12-14 15:00 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-01-20 17:29 . 2008-03-30 18:02 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 . 2007-12-14 15:00 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-04-14 03:21 . 2006-03-02 02:00 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 03:21 . 2006-03-02 02:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2009-06-25 06:33 . 2009-06-25 06:11 1398061 --sha-w- c:\windows\system32\olumivuk.ini.vir
2008-04-14 03:22 . 2006-03-02 02:00 12288 --sh--w- c:\windows\system32\regsvr32.exe
2009-06-25 06:11 . 2009-03-25 06:11 81408 --sha-w- c:\windows\system32\veyevida.dll.vir
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 09:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-07 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"CloneCDElbyCDFL"="c:\program files\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 497176]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 756248]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-1 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 08:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\System Mechanic Professional 6
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexingService.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [28.11.2002 11:43 22016]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.10.2009 16:25 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29.6.2009 21:56 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29.6.2009 21:56 108552]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.4.2007 17:08 81688]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [15.6.2007 16:25 141312]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [29.6.2009 21:56 297752]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [9.5.2007 15:31 540448]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [18.7.2008 21:01 13352]
.
Obsah adresáře 'Naplánované úlohy'
2009-10-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
2009-11-20 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-19 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://web.volny.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\n27xacn2.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.csfd.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-20 14:52
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spws.sys >>UNKNOWN [0x8A9EA938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e74cb8
\Driver\atapi -> atapi.sys @ 0xb9e09b40
\Driver\iaStor -> iaStor.sys @ 0xb9c0ff80
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
NDIS: Intel(R) 82566DM Gigabit Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9d12bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d1fa21
SendHandler -> NDIS.sys @ 0xb9cfd87b
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(816)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Celkový čas: 2009-11-20 14:53
ComboFix-quarantined-files.txt 2009-11-20 13:53
Před spuštěním: Volných bajtů: 105 344 733 184
Po spuštění: Volných bajtů: 105 302 675 456
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - C1DE47DFB11BF4C1A197875EBC7981FC
Zatím běží Kaspersky scan.
Re: Preventivka
Stáhněte SystemLookhttp://jpshortstuff.247fixes.com/SystemLook.exe
-uložte ho na plochu a spustte.
-do okénka zkopírujte
Kód: Vybrat vše
:filefind
ElbyVCD.sys
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Preventivka
Udělal jsem vše podle vašich pokynů. Ještě jsem to projel T-Cleanerem kvůli zbytkům po Combofixu. Zde jsou logy.
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 15:16 on 25/12/2009 by Administrator (Administrator - Elevation successful)
========== filefind ==========
Searching for "ElbyVCD.sys"
C:\WINDOWS\system32\drivers\ElbyVCD.sys ------ 22016 bytes [10:43 28/11/2002] [10:43 28/11/2002] C4143FC2F7D39A5A8B1CFE0BC4BD8A9E
-=End Of File=-
A logy z Gmeru:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2009-12-25 15:25:54
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxliypog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-25 16:55:01
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxliypog.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A92EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A92C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A92C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A92C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe[1904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A22EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe[1904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A22C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe[1904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A22C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe[1904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A22C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01772EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01772C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01772C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01772C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe[2088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CE2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe[2088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CE2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe[2088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CE2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe[2088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CE2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[2688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[2688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[2688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[2688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Administrator\Plocha\gmer.exe[3028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Administrator\Plocha\gmer.exe[3028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Administrator\Plocha\gmer.exe[3028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Administrator\Plocha\gmer.exe[3028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B02EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B02C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B02C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B02C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[3076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B32EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[3076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B32C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[3076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B32C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[3076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B32C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AF2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AF2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AF2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AF2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\AVG\AVG8\avgtray.exe[3160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CB2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\AVG\AVG8\avgtray.exe[3160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CB2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\AVG\AVG8\avgtray.exe[3160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CB2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\AVG\AVG8\avgtray.exe[3160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CB2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B52EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B52C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B52C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B52C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A32EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A32C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A32C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A32C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[3496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BD2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[3496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BD2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[3496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BD2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[3496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BD2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A32EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A32C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A32C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A32C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[3744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AA2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[3744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AA2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[3744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AA2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[3744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AA2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0xEE 0x52 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3A 0x08 0x83 0x59 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC2 0xCD 0xAA 0xD3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFC 0x7B 0x2E 0xCA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFC 0x7B 0x2E 0xCA ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
---- EOF - GMER 1.0.15 ----
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 15:16 on 25/12/2009 by Administrator (Administrator - Elevation successful)
========== filefind ==========
Searching for "ElbyVCD.sys"
C:\WINDOWS\system32\drivers\ElbyVCD.sys ------ 22016 bytes [10:43 28/11/2002] [10:43 28/11/2002] C4143FC2F7D39A5A8B1CFE0BC4BD8A9E
-=End Of File=-
A logy z Gmeru:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2009-12-25 15:25:54
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxliypog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-25 16:55:01
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxliypog.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A92EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A92C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A92C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A92C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe[1904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A22EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe[1904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A22C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe[1904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A22C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe[1904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A22C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01772EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01772C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01772C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01772C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe[2088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CE2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe[2088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CE2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe[2088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CE2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe[2088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CE2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[2688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[2688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[2688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[2688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Administrator\Plocha\gmer.exe[3028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Administrator\Plocha\gmer.exe[3028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Administrator\Plocha\gmer.exe[3028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Administrator\Plocha\gmer.exe[3028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B02EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B02C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B02C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B02C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[3076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B32EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[3076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B32C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[3076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B32C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[3076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B32C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AF2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AF2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AF2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AF2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\AVG\AVG8\avgtray.exe[3160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CB2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\AVG\AVG8\avgtray.exe[3160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CB2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\AVG\AVG8\avgtray.exe[3160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CB2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\AVG\AVG8\avgtray.exe[3160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CB2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B52EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B52C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B52C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B52C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A32EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A32C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A32C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A32C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[3496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BD2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[3496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BD2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[3496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BD2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[3496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BD2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A32EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A32C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A32C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A32C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[3744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AA2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[3744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AA2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[3744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AA2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[3744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AA2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0xEE 0x52 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3A 0x08 0x83 0x59 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC2 0xCD 0xAA 0xD3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFC 0x7B 0x2E 0xCA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFC 0x7B 0x2E 0xCA ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
---- EOF - GMER 1.0.15 ----
Re: Preventivka
Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
restore
c:\windows\system32\DRIVERS\ElbyVCD.sys
Srpeek::
c:\windows\system32\DRIVERS\ElbyVCD.sys
File::
c:\windows\system32\olumivuk.ini.vir
c:\windows\system32\veyevida.dll.vir
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Combo
Nestihnul jsem udělat test AVP Tools, ale ComboFixem jsem vyčistil počítač podle vašeho návodu, zde je log:
ComboFix 10-02-01.03 - Administrator 02.02.2010 15:49:27.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2031.1490 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1201 [VPS 080615-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\windows\system32\olumivuk.ini.vir"
"c:\windows\system32\veyevida.dll.vir"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\olumivuk.ini.vir
c:\windows\system32\veyevida.dll.vir
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-02 do 2010-02-02 )))))))))))))))))))))))))))))))
.
2010-01-14 13:05 . 2009-11-21 16:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 14:38 . 2008-07-19 15:32 -------- d-----w- c:\program files\Crawler
2010-01-28 12:31 . 2009-12-16 11:02 -------- d-----w- c:\program files\Sammy Suricate Full Version
2010-01-13 10:11 . 2008-10-17 14:08 139456 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-13 10:11 . 2009-11-20 14:15 190160 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-09 10:59 . 2008-02-28 16:09 -------- d-----w- c:\program files\ICQToolbar
2010-01-05 09:58 . 2006-03-02 02:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2006-03-02 02:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2006-03-02 02:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-25 16:46 . 2007-07-03 15:36 -------- d-----w- c:\program files\SnagIt 7
2009-12-13 12:06 . 2006-03-02 02:00 704512 ----a-w- c:\windows\system32\mfcl31d.dll
2009-12-12 07:01 . 2006-05-04 15:29 63328 ----a-w- c:\windows\system32\perfc005.dat
2009-12-12 07:01 . 2006-05-04 15:29 382822 ----a-w- c:\windows\system32\perfh005.dat
2009-11-21 16:03 . 2006-03-02 02:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 14:15 . 2009-11-20 14:15 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-20 14:15 . 2009-11-20 14:15 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2008-03-31 17:47 . 2008-03-31 14:08 88 --sh--r- c:\windows\system32\7D2B97C863.sys
2006-05-03 09:06 . 2007-12-14 15:00 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-01-20 17:29 . 2008-03-30 18:02 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 . 2007-12-14 15:00 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-04-14 03:21 . 2006-03-02 02:00 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 03:21 . 2006-03-02 02:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 03:22 . 2006-03-02 02:00 12288 --sh--w- c:\windows\system32\regsvr32.exe
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-07 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"CloneCDElbyCDFL"="c:\program files\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 497176]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 756248]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-1 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 08:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\System Mechanic Professional 6
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 01:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2008-02-29 01:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexingService.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [28.11.2002 11:43 22016]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29.6.2009 21:56 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29.6.2009 21:56 108552]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.4.2007 17:08 81688]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [15.6.2007 16:25 141312]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [29.6.2009 21:56 297752]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [9.5.2007 15:31 540448]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [18.7.2008 21:01 13352]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
2010-02-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-19 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://web.volny.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\n27xacn2.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.csfd.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-11827344 - c:\documents and settings\All Users\Data aplikací\11827344\11827344.exe
MSConfigStartUp-6bdd86f3 - c:\windows\system32\kuvimulo.dll
MSConfigStartUp-91837336 - c:\documents and settings\All Users\Data aplikací\91837336\91837336.exe
MSConfigStartUp-AdslTaskBar - stmctrl.dll
MSConfigStartUp-CPM68eeb56f - c:\windows\system32\veyevida.dll
MSConfigStartUp-drvsyskit - c:\windows\system32\drivers\hldrrr.exe
MSConfigStartUp-fowibekuli - c:\windows\system32\doluwuhi.dll
MSConfigStartUp-ISUSPM Startup - c:\progra~1\common~1\instal~1\update~1\isuspm.exe
MSConfigStartUp-kell - c:\program files\Manson\liser.exe
MSConfigStartUp-mule_st_key - c:\documents and settings\Administrator\Data aplikací\m\flec006.exe
MSConfigStartUp-sysldtray - c:\windows\ld09.exe
AddRemove-Network Play System (Patching) - c:\program files\Electronic Arts\Network Play System\NPSPatch.isu
AddRemove-Sammy Suricate Full Version - c:\progra~1\SAMMYS~1\UNWISE.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-02 15:53
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Celkový čas: 2010-02-02 15:55:13
ComboFix-quarantined-files.txt 2010-02-02 14:55
Před spuštěním: Volných bajtů: 101 715 824 640
Po spuštění: Volných bajtů: 101 683 585 024
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - F6623115AABB61793A72053E5320BC8B
ComboFix 10-02-01.03 - Administrator 02.02.2010 15:49:27.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2031.1490 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1201 [VPS 080615-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\windows\system32\olumivuk.ini.vir"
"c:\windows\system32\veyevida.dll.vir"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\olumivuk.ini.vir
c:\windows\system32\veyevida.dll.vir
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-02 do 2010-02-02 )))))))))))))))))))))))))))))))
.
2010-01-14 13:05 . 2009-11-21 16:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 14:38 . 2008-07-19 15:32 -------- d-----w- c:\program files\Crawler
2010-01-28 12:31 . 2009-12-16 11:02 -------- d-----w- c:\program files\Sammy Suricate Full Version
2010-01-13 10:11 . 2008-10-17 14:08 139456 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-13 10:11 . 2009-11-20 14:15 190160 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-09 10:59 . 2008-02-28 16:09 -------- d-----w- c:\program files\ICQToolbar
2010-01-05 09:58 . 2006-03-02 02:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2006-03-02 02:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2006-03-02 02:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-25 16:46 . 2007-07-03 15:36 -------- d-----w- c:\program files\SnagIt 7
2009-12-13 12:06 . 2006-03-02 02:00 704512 ----a-w- c:\windows\system32\mfcl31d.dll
2009-12-12 07:01 . 2006-05-04 15:29 63328 ----a-w- c:\windows\system32\perfc005.dat
2009-12-12 07:01 . 2006-05-04 15:29 382822 ----a-w- c:\windows\system32\perfh005.dat
2009-11-21 16:03 . 2006-03-02 02:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 14:15 . 2009-11-20 14:15 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-20 14:15 . 2009-11-20 14:15 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2008-03-31 17:47 . 2008-03-31 14:08 88 --sh--r- c:\windows\system32\7D2B97C863.sys
2006-05-03 09:06 . 2007-12-14 15:00 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-01-20 17:29 . 2008-03-30 18:02 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 . 2007-12-14 15:00 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-04-14 03:21 . 2006-03-02 02:00 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 03:21 . 2006-03-02 02:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 03:22 . 2006-03-02 02:00 12288 --sh--w- c:\windows\system32\regsvr32.exe
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-07 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"CloneCDElbyCDFL"="c:\program files\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 497176]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 756248]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-1 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 08:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\System Mechanic Professional 6
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 01:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2008-02-29 01:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexingService.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [28.11.2002 11:43 22016]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29.6.2009 21:56 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29.6.2009 21:56 108552]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.4.2007 17:08 81688]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [15.6.2007 16:25 141312]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [29.6.2009 21:56 297752]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [9.5.2007 15:31 540448]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [18.7.2008 21:01 13352]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
2010-02-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-19 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://web.volny.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\n27xacn2.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.csfd.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-11827344 - c:\documents and settings\All Users\Data aplikací\11827344\11827344.exe
MSConfigStartUp-6bdd86f3 - c:\windows\system32\kuvimulo.dll
MSConfigStartUp-91837336 - c:\documents and settings\All Users\Data aplikací\91837336\91837336.exe
MSConfigStartUp-AdslTaskBar - stmctrl.dll
MSConfigStartUp-CPM68eeb56f - c:\windows\system32\veyevida.dll
MSConfigStartUp-drvsyskit - c:\windows\system32\drivers\hldrrr.exe
MSConfigStartUp-fowibekuli - c:\windows\system32\doluwuhi.dll
MSConfigStartUp-ISUSPM Startup - c:\progra~1\common~1\instal~1\update~1\isuspm.exe
MSConfigStartUp-kell - c:\program files\Manson\liser.exe
MSConfigStartUp-mule_st_key - c:\documents and settings\Administrator\Data aplikací\m\flec006.exe
MSConfigStartUp-sysldtray - c:\windows\ld09.exe
AddRemove-Network Play System (Patching) - c:\program files\Electronic Arts\Network Play System\NPSPatch.isu
AddRemove-Sammy Suricate Full Version - c:\progra~1\SAMMYS~1\UNWISE.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-02 15:53
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Celkový čas: 2010-02-02 15:55:13
ComboFix-quarantined-files.txt 2010-02-02 14:55
Před spuštěním: Volných bajtů: 101 715 824 640
Po spuštění: Volných bajtů: 101 683 585 024
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - F6623115AABB61793A72053E5320BC8B
Re: Preventivka
Fajn, ještě ten AVPTOOL
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?