Dobrý den, mám problém s virem stejný jako popisoval uživatel ahiv. (w32 blaster.worm).
Logfile of random's system information tool 1.06 (written by random/random)
Run by Jary at 2010-01-05 10:53:02
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 255 GB (84%) free of 305 GB
Total RAM: 3327 MB (85% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:03, on 5.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jary\Local Settings\Temporary Internet Files\Content.IE5\U1ONIXWL\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Jary.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKLM\..\Run: [BDRegion] c:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "c:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "c:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan\QFanHelp.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Security Central] C:\Program Files\Security Central\Security Central.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKCU\..\Run: [WinFlip] C:\Program Files\WinFlip\WinFlip.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\190.62\english\PhysX_9.09.0814_SystemSoftware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stáhnout obsah FLV videa s IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF2D4A7B-EB04-413C-BD41-9626ABD9E57A}: NameServer = 172.16.0.1,10.1.2.10,212.47.1.4,212.47.0.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - c:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O24 - Desktop Component 0: (no name) - (no file)
--
End of file - 10420 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2007-09-28 95664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2008-05-07 491520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2008-05-07 491520]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"THGuard"=C:\Program Files\TrojanHunter 4.7\THGuard.exe []
"BDRegion"=c:\Program Files\Cyberlink\Shared Files\brs.exe [2007-11-16 91432]
"RemoteControl"=c:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-10-28 72736]
"LanguageShortcut"=c:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2007-08-31 988584]
"Copperhead"=C:\Program Files\Razer\Copperhead\razerhid.exe [2005-11-25 155648]
"Ai Nap"=C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe [2008-04-24 1421824]
"QFan Help"=C:\Program Files\ASUS\AI Suite\QFan\QFanHelp.exe []
"CPU Power Monitor"=C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe [2008-01-09 627200]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-03-29 79224]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\smax4.exe [2006-07-13 729088]
"NPSStartup"= []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-09-11 1168264]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"Security Central"=C:\Program Files\Security Central\Security Central.exe [2010-01-03 942080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"CursorXP"=C:\Program Files\CursorXP\CursorXP.exe [2005-01-19 128000]
"OEXPRESS"= []
"STYLEXP"=C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2006-05-24 1372160]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe clear []
"LClock"=C:\Program Files\LClock\LClock.exe []
"Vista Sidebar"=C:\Program Files\Vista Sidebar\sidebar.exe []
"ViStart"=C:\Program Files\ViStart\ViStart.exe []
"ViOrb"=C:\Program Files\ViOrb\ViOrb.exe []
"VisualTooltip"=C:\Program Files\VisualTooltip\VisualToolTip.exe []
"WinFlip"=C:\Program Files\WinFlip\WinFlip.exe []
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-01-08 98304]
"Steam"=C:\Program Files\Steam\Steam.exe [2009-10-24 1217808]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-03-01 172792]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"=MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI TRANSFORMS=C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST WISE_SETUP_EXE_PATH=c:\nvidia\displaydriver\190.62\english\PhysX_9.09.0814_SystemSoftware.exe []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\tuvWnkIC
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoResolveTrack"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\My Games\Test Drive Unlimited\TestDriveUnlimited.exe"="C:\My Games\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"C:\Program Files\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe"="C:\Program Files\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe:*:Enabled:MxDownloadServer"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\DAP Premium\DAP.exe"="C:\Program Files\DAP Premium\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\My Games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\My Games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\My Games\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe"="C:\My Games\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\My Games\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe"="C:\My Games\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\My Games\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe"="C:\My Games\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-01-05 10:38:54 ----D---- C:\rsit
2010-01-05 10:25:31 ----D---- C:\WINDOWS\pss
2010-01-03 11:09:20 ----D---- C:\Program Files\Security Central
2010-01-03 11:09:10 ----A---- C:\htzq6z.exe
2009-12-30 14:14:51 ----D---- C:\Documents and Settings\Jary\Data aplikací\ArcSoft
2009-12-30 12:00:24 ----D---- C:\Program Files\Webteh
2009-12-28 11:43:09 ----D---- C:\ddddd
======List of files/folders modified in the last 1 months======
2010-01-05 10:51:12 ----D---- C:\WINDOWS\Temp
2010-01-05 10:35:27 ----D---- C:\WINDOWS
2010-01-05 10:35:27 ----A---- C:\WINDOWS\MAILTRAN.INI
2010-01-05 10:34:21 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-01-05 10:34:05 ----D---- C:\WINDOWS\system32\drivers
2010-01-05 10:33:48 ----D---- C:\Program Files\Steam
2010-01-05 10:32:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-05 09:51:38 ----D---- C:\WINDOWS\Prefetch
2010-01-04 14:45:02 ----D---- C:\WINDOWS\system32
2010-01-04 14:44:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-03 13:15:35 ----A---- C:\WINDOWS\wincmd.ini
2010-01-03 11:09:20 ----RD---- C:\Program Files
2010-01-03 10:51:52 ----D---- C:\Documents and Settings\Jary\Data aplikací\DMCache
2009-12-31 17:36:16 ----D---- C:\Documents and Settings\Jary\Data aplikací\Azureus
2009-12-30 17:07:19 ----D---- C:\WINDOWS\Minidump
2009-12-30 17:07:19 ----D---- C:\Program Files\Spyware Doctor
2009-12-30 14:29:36 ----D---- C:\Program Files\ESTsoft
2009-12-30 14:29:36 ----D---- C:\Documents and Settings\Jary\Data aplikací\ESTsoft
2009-12-30 13:08:25 ----D---- C:\Documents and Settings\Jary\Data aplikací\BSplayer PRO
2009-12-30 11:56:32 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-28 11:45:46 ----A---- C:\WINDOWS\WTRAN32.INI
2009-12-27 16:06:40 ----D---- C:\Documents and Settings\Jary\Data aplikací\IDM
2009-12-22 00:08:11 ----D---- C:\WINDOWS\system32\NtmsData
2009-12-20 16:35:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2009-12-20 03:01:51 ----D---- C:\Program Files\Azureus
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-03-29 26944]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 75856]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-03-29 42912]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-03-13 29704]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-03-13 54280]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2009-09-11 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2009-09-11 81288]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\c:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-03-29 94544]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-03-13 40456]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-03-13 71176]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-03-29 23152]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-08-28 47360]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 UsbFltr;Razer Copperhead Driver; C:\WINDOWS\system32\drivers\copperhd.sys [2005-11-02 11596]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-06-08 262912]
S2 NVR0FLASHDev;NVR0FLASHDev; \??\C:\WINDOWS\nvflash.sys []
S3 a07if2qa;a07if2qa; C:\WINDOWS\system32\drivers\a07if2qa.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
S3 DIGIRPS;Ovladač Digi PortServer Driver; C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-10-24 42432]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-07 21760]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2008-02-22 87936]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2008-02-22 14976]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2008-02-22 114304]
S3 w800bus;Sony Ericsson W800 driver (WDM); C:\WINDOWS\system32\DRIVERS\w800bus.sys [2005-05-24 52384]
S3 w800mdfl;Sony Ericsson W800 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w800mdfl.sys [2005-05-24 6096]
S3 w800mdm;Sony Ericsson W800 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\w800mdm.sys [2005-05-24 87424]
S3 w800mgmt;Sony Ericsson W800 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\w800mgmt.sys [2005-05-24 79216]
S3 w800obex;Sony Ericsson W800 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\w800obex.sys [2005-05-24 77040]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-03-29 17272]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-03-29 144760]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-09-11 1079176]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-03-29 247160]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-03-29 345464]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-01 66872]
S2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-03-01 107832]
S2 RichVideo;Cyberlink RichVideo Service(CRVS); c:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-10-15 243056]
S2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2006-05-24 372736]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-01-09 410976]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
S4 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S4 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-01-08 233472]
S4 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Security central (w32 blaster.worm)
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Security central (w32 blaster.worm)
Původní jsem chtěl psát skript, ale ulehčím se práci ComboFixem. 
~~~
Vložte sem log z ComboFix.
Stáhněte a uložte na Plochu ComboFix, poté ho spusťte s administrátorským oprávněním.
Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'. Budete také dotázán na instalaci konzole pro zotavení, klikněte na 'Ano'.
Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat. Váš PC bude pravděpodobně restartován, tak se toho neděste. Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
Po skončení skenu na Vás vypadne log, který vkopírujete sem.
~~~
Vložte sem log z ComboFix.
Stáhněte a uložte na Plochu ComboFix, poté ho spusťte s administrátorským oprávněním.
Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'. Budete také dotázán na instalaci konzole pro zotavení, klikněte na 'Ano'.
Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat. Váš PC bude pravděpodobně restartován, tak se toho neděste. Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
Po skončení skenu na Vás vypadne log, který vkopírujete sem.
inactive
Re: Security central (w32 blaster.worm)
Předem děkuji za radu a vkládám log. z combo fix
ComboFix 10-01-04.01 - Jary 05.01.2010 22:54:26.1.4 - x86
Spuštěný z: c:\documents and settings\Jary\Plocha\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Jary\Local Settings\Temporary Internet Files\WTRAN32.INI
c:\documents and settings\Jary\Plocha\Security Central.lnk
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\Security Central
c:\program files\Security Central\Security Central.exe
c:\windows\system32\CIknWvut.ini
c:\windows\system32\CIknWvut.ini2
c:\windows\system32\d3d10core.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\fnveanuo.ini
c:\windows\system32\ieuinit.inf
c:\windows\system32\nuwbjarg.ini
c:\windows\system32\oagbdvru.ini
c:\windows\system32\WORK.DAT
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-05 do 2010-01-05 )))))))))))))))))))))))))))))))
.
2010-01-05 09:38 . 2010-01-05 09:53 -------- d-----w- C:\rsit
2010-01-03 10:09 . 2010-01-03 10:09 19109 ----a-w- C:\htzq6z.exe
2009-12-30 11:00 . 2009-12-30 11:32 -------- d-----w- c:\program files\Webteh
2009-12-28 10:43 . 2009-12-28 10:43 -------- d-----w- C:\ddddd
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 21:58 . 2009-04-24 14:25 -------- d-----w- c:\program files\Steam
2009-12-30 16:07 . 2009-09-11 22:13 -------- d-----w- c:\program files\Spyware Doctor
2009-12-30 13:29 . 2009-04-20 20:18 -------- d-----w- c:\program files\ESTsoft
2009-12-20 02:01 . 2008-05-23 11:27 -------- d-----w- c:\program files\Azureus
2009-12-03 14:44 . 2008-06-30 13:52 -------- d-----w- c:\program files\Maxthon2
2009-11-26 09:05 . 2009-11-26 09:05 3481968 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2009-11-23 22:54 . 2008-05-23 11:26 -------- d-----w- c:\program files\Java
2009-11-23 22:54 . 2001-10-25 14:00 70106 ----a-w- c:\windows\system32\perfc005.dat
2009-11-23 22:54 . 2001-10-25 14:00 393192 ----a-w- c:\windows\system32\perfh005.dat
2009-10-11 03:17 . 2009-08-28 19:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-04-23 17:49 . 2009-04-23 17:49 3006 ----a-w- c:\program files\Common Files\unins000.dat
2009-04-23 17:48 . 2009-04-23 17:49 728858 ----a-w- c:\program files\Common Files\unins000.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-01-08 98304]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-24 1217808]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-04-24 1421824]
"CPU Power Monitor"="c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\My Games\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\My Games\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\My Games\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.5.2008 23:56 717296]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [23.7.2008 17:25 149376]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.7.2008 14:06 75856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.7.2008 14:06 20560]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [28.5.2008 15:49 11596]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [28.8.2009 23:48 410976]
S3 DIGIRPS;Ovladač Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [23.7.2008 17:27 42432]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [10.4.2009 12:35 36608]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11.9.2009 23:13 356920]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [29.8.2009 0:10 464264]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [29.8.2009 0:10 234888]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [10.4.2009 12:35 233472]
S4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [11.6.2009 18:17 222968]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Stáhnout obsah FLV videa s IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout všechny odkazy s IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: c:\windows\system32\idmmbc.dll
TCP: {AF2D4A7B-EB04-413C-BD41-9626ABD9E57A} = 172.16.0.1,10.1.2.10,212.47.1.4,212.47.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKCU-Run-OEXPRESS - (no file)
HKCU-Run-NVIDIA nTune - c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
HKCU-Run-LClock - c:\program files\LClock\LClock.exe
HKCU-Run-Vista Sidebar - c:\program files\Vista Sidebar\sidebar.exe
HKCU-Run-ViStart - c:\program files\ViStart\ViStart.exe
HKCU-Run-ViOrb - c:\program files\ViOrb\ViOrb.exe
HKCU-Run-VisualTooltip - c:\program files\VisualTooltip\VisualToolTip.exe
HKCU-Run-WinFlip - c:\program files\WinFlip\WinFlip.exe
HKLM-Run-THGuard - c:\program files\TrojanHunter 4.7\THGuard.exe
HKLM-Run-QFan Help - c:\program files\ASUS\AI Suite\QFan\QFanHelp.exe
HKLM-Run-NPSStartup - (no file)
HKU-Default-Run-NVIDIA nTune - c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
AddRemove-TrojanHunter_is1 - c:\program files\TrojanHunter 4.7\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 22:59
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A69F1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cfc3
\Driver\ACPI -> ACPI.sys @ 0xb7e67cb8
\Driver\atapi -> 0x8a69f1f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2 -> SendCompleteHandler -> NDIS.sys @ 0xb7cf3ba0
PacketIndicateHandler -> NDIS.sys @ 0xb7ce2a0b
SendHandler -> NDIS.sys @ 0xb7cf6b31
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-776561741-651377827-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:73,48,ef,10,a8,81,91,4d,ff,f2,3e,69,4c,e6,5d,90,64,e5,bf,bd,e2,0a,8a,
d0,5b,4e,a8,c7,a7,8d,d7,49,0f,53,df,63,9c,23,ed,2e,0e,b0,a4,58,60,08,04,fd,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{52b94889-dd24-4079-b5eb-8caae0ab29b8}]
@Denied: (Full) (Everyone)
"Model"=dword:00000148
"Therad"=dword:0000001d
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,b3,63,f0,cc,91,14,13,44,46,8f,3c,f2,5c,68,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a8,f9,1c,4c,4b,f8,54,59,06,4c,c5,b1,75,c4,56,46,b9,aa,03,b6,23,
62,f7,ef,90,f3,63,67,73,fd,1f,ee,53,f9,03,cc,48,63,32,dc,00,00,00,00,00,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(964)
c:\windows\system32\idmmbc.dll
- - - - - - - > 'explorer.exe'(2276)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\program files\CursorXP\CurXP0.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Razer\Copperhead\razertra.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-01-05 23:01:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-05 22:01
Před spuštěním: Volných bajtů: 267 331 407 872
Po spuštění: Volných bajtů: 268 184 805 376
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 78218BAC863FEDAF6BE98A6E5364AEB4
ComboFix 10-01-04.01 - Jary 05.01.2010 22:54:26.1.4 - x86
Spuštěný z: c:\documents and settings\Jary\Plocha\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Jary\Local Settings\Temporary Internet Files\WTRAN32.INI
c:\documents and settings\Jary\Plocha\Security Central.lnk
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\Security Central
c:\program files\Security Central\Security Central.exe
c:\windows\system32\CIknWvut.ini
c:\windows\system32\CIknWvut.ini2
c:\windows\system32\d3d10core.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\fnveanuo.ini
c:\windows\system32\ieuinit.inf
c:\windows\system32\nuwbjarg.ini
c:\windows\system32\oagbdvru.ini
c:\windows\system32\WORK.DAT
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-05 do 2010-01-05 )))))))))))))))))))))))))))))))
.
2010-01-05 09:38 . 2010-01-05 09:53 -------- d-----w- C:\rsit
2010-01-03 10:09 . 2010-01-03 10:09 19109 ----a-w- C:\htzq6z.exe
2009-12-30 11:00 . 2009-12-30 11:32 -------- d-----w- c:\program files\Webteh
2009-12-28 10:43 . 2009-12-28 10:43 -------- d-----w- C:\ddddd
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 21:58 . 2009-04-24 14:25 -------- d-----w- c:\program files\Steam
2009-12-30 16:07 . 2009-09-11 22:13 -------- d-----w- c:\program files\Spyware Doctor
2009-12-30 13:29 . 2009-04-20 20:18 -------- d-----w- c:\program files\ESTsoft
2009-12-20 02:01 . 2008-05-23 11:27 -------- d-----w- c:\program files\Azureus
2009-12-03 14:44 . 2008-06-30 13:52 -------- d-----w- c:\program files\Maxthon2
2009-11-26 09:05 . 2009-11-26 09:05 3481968 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2009-11-23 22:54 . 2008-05-23 11:26 -------- d-----w- c:\program files\Java
2009-11-23 22:54 . 2001-10-25 14:00 70106 ----a-w- c:\windows\system32\perfc005.dat
2009-11-23 22:54 . 2001-10-25 14:00 393192 ----a-w- c:\windows\system32\perfh005.dat
2009-10-11 03:17 . 2009-08-28 19:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-04-23 17:49 . 2009-04-23 17:49 3006 ----a-w- c:\program files\Common Files\unins000.dat
2009-04-23 17:48 . 2009-04-23 17:49 728858 ----a-w- c:\program files\Common Files\unins000.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-01-08 98304]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-24 1217808]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-04-24 1421824]
"CPU Power Monitor"="c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\My Games\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\My Games\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\My Games\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.5.2008 23:56 717296]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [23.7.2008 17:25 149376]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.7.2008 14:06 75856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.7.2008 14:06 20560]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [28.5.2008 15:49 11596]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [28.8.2009 23:48 410976]
S3 DIGIRPS;Ovladač Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [23.7.2008 17:27 42432]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [10.4.2009 12:35 36608]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11.9.2009 23:13 356920]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [29.8.2009 0:10 464264]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [29.8.2009 0:10 234888]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [10.4.2009 12:35 233472]
S4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [11.6.2009 18:17 222968]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Stáhnout obsah FLV videa s IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout všechny odkazy s IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: c:\windows\system32\idmmbc.dll
TCP: {AF2D4A7B-EB04-413C-BD41-9626ABD9E57A} = 172.16.0.1,10.1.2.10,212.47.1.4,212.47.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKCU-Run-OEXPRESS - (no file)
HKCU-Run-NVIDIA nTune - c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
HKCU-Run-LClock - c:\program files\LClock\LClock.exe
HKCU-Run-Vista Sidebar - c:\program files\Vista Sidebar\sidebar.exe
HKCU-Run-ViStart - c:\program files\ViStart\ViStart.exe
HKCU-Run-ViOrb - c:\program files\ViOrb\ViOrb.exe
HKCU-Run-VisualTooltip - c:\program files\VisualTooltip\VisualToolTip.exe
HKCU-Run-WinFlip - c:\program files\WinFlip\WinFlip.exe
HKLM-Run-THGuard - c:\program files\TrojanHunter 4.7\THGuard.exe
HKLM-Run-QFan Help - c:\program files\ASUS\AI Suite\QFan\QFanHelp.exe
HKLM-Run-NPSStartup - (no file)
HKU-Default-Run-NVIDIA nTune - c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
AddRemove-TrojanHunter_is1 - c:\program files\TrojanHunter 4.7\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 22:59
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A69F1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cfc3
\Driver\ACPI -> ACPI.sys @ 0xb7e67cb8
\Driver\atapi -> 0x8a69f1f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2 -> SendCompleteHandler -> NDIS.sys @ 0xb7cf3ba0
PacketIndicateHandler -> NDIS.sys @ 0xb7ce2a0b
SendHandler -> NDIS.sys @ 0xb7cf6b31
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-776561741-651377827-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:73,48,ef,10,a8,81,91,4d,ff,f2,3e,69,4c,e6,5d,90,64,e5,bf,bd,e2,0a,8a,
d0,5b,4e,a8,c7,a7,8d,d7,49,0f,53,df,63,9c,23,ed,2e,0e,b0,a4,58,60,08,04,fd,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{52b94889-dd24-4079-b5eb-8caae0ab29b8}]
@Denied: (Full) (Everyone)
"Model"=dword:00000148
"Therad"=dword:0000001d
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,b3,63,f0,cc,91,14,13,44,46,8f,3c,f2,5c,68,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a8,f9,1c,4c,4b,f8,54,59,06,4c,c5,b1,75,c4,56,46,b9,aa,03,b6,23,
62,f7,ef,90,f3,63,67,73,fd,1f,ee,53,f9,03,cc,48,63,32,dc,00,00,00,00,00,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(964)
c:\windows\system32\idmmbc.dll
- - - - - - - > 'explorer.exe'(2276)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\program files\CursorXP\CurXP0.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Razer\Copperhead\razertra.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-01-05 23:01:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-05 22:01
Před spuštěním: Volných bajtů: 267 331 407 872
Po spuštění: Volných bajtů: 268 184 805 376
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 78218BAC863FEDAF6BE98A6E5364AEB4
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Security central (w32 blaster.worm)
Něco si ověřím.
~~~
odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)
Super, CF si s částí havěti poradil, zbytek odmažeme skriptem.
Otevřete si Poznámkový blok a zkopírujte do něj
uložte to na Plochu jako CFScript.txt Pak jej myší přetáhněte nad ComboFix (!musí být na Ploše!) a pusťte.
ComboFix vykoná příkazy ze skriptu, PC může být opět restartován.
Po skončení mi sem dejte log, který na Vás po dočistění vybafne.
~~~
Otestujte na VirusTotal soubory:
Jednoduše tam vkopírujete cesty, co jsem napsal do code, když Vám to napíše, že soubor byl testován, dejte otestovat znovu. Poté jsem vložíte linky (odkazy) na jednotlivé testy.
~~~
odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)
~~~motji píše:Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
Super, CF si s částí havěti poradil, zbytek odmažeme skriptem.
Otevřete si Poznámkový blok a zkopírujte do něj
Kód: Vybrat vše
KillAll::
Collect::
C:\htzq6z.exe
Folder::
c:\program files\ICQ6Toolbar
c:\program files\AskBarDis
c:\program files\AskSearch
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"=-
"SSBkgdUpdate"=-
"SunJavaUpdateSched"=-
"QuickTime Task"=-
Driver::
ASKService
ASKUpgrade
ICQ Service
JavaQuickStarterServiceComboFix vykoná příkazy ze skriptu, PC může být opět restartován.
Po skončení mi sem dejte log, který na Vás po dočistění vybafne.
~~~
Otestujte na VirusTotal soubory:
Kód: Vybrat vše
C:\WINDOWS\system32\tuvWnkICinactive
Re: Security central (w32 blaster.worm)
Vkládám nový log. po zkopírování scriptu do CF.Vypadá to že je zase nějaká havět prič
ComboFix 10-01-04.01 - Jary 06.01.2010 10:46:33.2.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3327.2841 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jary\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jary\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1169 [VPS 100105-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
file zipped: C:\htzq6z.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\htzq6z.exe
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\AskSplash.exe
c:\program files\AskBarDis\bar\bin\AskTBApp.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\000B8E8E
c:\program files\AskBarDis\bar\Cache\000B9228
c:\program files\AskBarDis\bar\Cache\000B9341.bin
c:\program files\AskBarDis\bar\Cache\000B9545.bin
c:\program files\AskBarDis\bar\Cache\000B965E.bin
c:\program files\AskBarDis\bar\Cache\000B9777.bin
c:\program files\AskBarDis\bar\Cache\000B9881.bin
c:\program files\AskBarDis\bar\Cache\000B998B.bin
c:\program files\AskBarDis\bar\Cache\000B9A94.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\AskLogo.ico
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\program files\AskSearch
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASKSERVICE
-------\Legacy_ASKUPGRADE
-------\Legacy_ICQ_SERVICE
-------\Legacy_JAVAQUICKSTARTERSERVICE
-------\Service_ASKService
-------\Service_ASKUpgrade
-------\Service_ICQ Service
-------\Service_JavaQuickStarterService
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-06 do 2010-01-06 )))))))))))))))))))))))))))))))
.
2010-01-05 09:38 . 2010-01-05 09:53 -------- d-----w- C:\rsit
2009-12-30 11:00 . 2009-12-30 11:32 -------- d-----w- c:\program files\Webteh
2009-12-28 10:43 . 2009-12-28 10:43 -------- d-----w- C:\ddddd
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 09:20 . 2009-04-24 14:25 -------- d-----w- c:\program files\Steam
2010-01-06 09:13 . 2009-09-11 22:13 -------- d-----w- c:\program files\Spyware Doctor
2009-12-30 13:29 . 2009-04-20 20:18 -------- d-----w- c:\program files\ESTsoft
2009-12-20 02:01 . 2008-05-23 11:27 -------- d-----w- c:\program files\Azureus
2009-12-03 14:44 . 2008-06-30 13:52 -------- d-----w- c:\program files\Maxthon2
2009-11-26 09:05 . 2009-11-26 09:05 3481968 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2009-11-23 22:54 . 2008-05-23 11:26 -------- d-----w- c:\program files\Java
2009-11-23 22:54 . 2001-10-25 14:00 70106 ----a-w- c:\windows\system32\perfc005.dat
2009-11-23 22:54 . 2001-10-25 14:00 393192 ----a-w- c:\windows\system32\perfh005.dat
2009-10-11 03:17 . 2009-08-28 19:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-04-23 17:49 . 2009-04-23 17:49 3006 ----a-w- c:\program files\Common Files\unins000.dat
2009-04-23 17:48 . 2009-04-23 17:49 728858 ----a-w- c:\program files\Common Files\unins000.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-05_21.58.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-06 09:50 . 2010-01-06 09:50 16384 c:\windows\Temp\Perflib_Perfdata_700.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-01-08 98304]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-04-24 1421824]
"CPU Power Monitor"="c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\My Games\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\My Games\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\My Games\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [23.7.2008 17:25 149376]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.7.2008 14:06 75856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.7.2008 14:06 20560]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [28.5.2008 15:49 11596]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [28.8.2009 23:48 410976]
S3 DIGIRPS;Ovladač Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [23.7.2008 17:27 42432]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [10.4.2009 12:35 36608]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11.9.2009 23:13 356920]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [10.4.2009 12:35 233472]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Stáhnout obsah FLV videa s IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout všechny odkazy s IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: c:\windows\system32\idmmbc.dll
TCP: {AF2D4A7B-EB04-413C-BD41-9626ABD9E57A} = 172.16.0.1,10.1.2.10,212.47.1.4,212.47.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 10:51
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-776561741-651377827-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:73,48,ef,10,a8,81,91,4d,ff,f2,3e,69,4c,e6,5d,90,64,e5,bf,bd,e2,0a,8a,
d0,5b,4e,a8,c7,a7,8d,d7,49,0f,53,df,63,9c,23,ed,2e,0e,b0,a4,58,60,08,04,fd,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{52b94889-dd24-4079-b5eb-8caae0ab29b8}]
@Denied: (Full) (Everyone)
"Model"=dword:00000148
"Therad"=dword:0000001d
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,b3,63,f0,cc,91,14,13,44,46,8f,3c,f2,5c,68,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a8,f9,1c,4c,4b,f8,54,59,06,4c,c5,b1,75,c4,56,46,b9,aa,03,b6,23,
62,f7,ef,90,f3,63,67,73,fd,1f,ee,53,f9,03,cc,48,63,32,dc,00,00,00,00,00,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\idmmbc.dll
- - - - - - - > 'explorer.exe'(2360)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\program files\CursorXP\CurXP0.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Razer\Copperhead\razertra.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Celkový čas: 2010-01-06 10:53:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-06 09:53
ComboFix2.txt 2010-01-05 22:01
Před spuštěním: Volných bajtů: 268 189 020 160
Po spuštění: Volných bajtů: 268 142 051 328
- - End Of File - - 639A572271751A418050214E393BD99A
ComboFix 10-01-04.01 - Jary 06.01.2010 10:46:33.2.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3327.2841 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jary\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jary\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1169 [VPS 100105-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
file zipped: C:\htzq6z.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\htzq6z.exe
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\AskSplash.exe
c:\program files\AskBarDis\bar\bin\AskTBApp.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\000B8E8E
c:\program files\AskBarDis\bar\Cache\000B9228
c:\program files\AskBarDis\bar\Cache\000B9341.bin
c:\program files\AskBarDis\bar\Cache\000B9545.bin
c:\program files\AskBarDis\bar\Cache\000B965E.bin
c:\program files\AskBarDis\bar\Cache\000B9777.bin
c:\program files\AskBarDis\bar\Cache\000B9881.bin
c:\program files\AskBarDis\bar\Cache\000B998B.bin
c:\program files\AskBarDis\bar\Cache\000B9A94.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\AskLogo.ico
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\program files\AskSearch
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASKSERVICE
-------\Legacy_ASKUPGRADE
-------\Legacy_ICQ_SERVICE
-------\Legacy_JAVAQUICKSTARTERSERVICE
-------\Service_ASKService
-------\Service_ASKUpgrade
-------\Service_ICQ Service
-------\Service_JavaQuickStarterService
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-06 do 2010-01-06 )))))))))))))))))))))))))))))))
.
2010-01-05 09:38 . 2010-01-05 09:53 -------- d-----w- C:\rsit
2009-12-30 11:00 . 2009-12-30 11:32 -------- d-----w- c:\program files\Webteh
2009-12-28 10:43 . 2009-12-28 10:43 -------- d-----w- C:\ddddd
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 09:20 . 2009-04-24 14:25 -------- d-----w- c:\program files\Steam
2010-01-06 09:13 . 2009-09-11 22:13 -------- d-----w- c:\program files\Spyware Doctor
2009-12-30 13:29 . 2009-04-20 20:18 -------- d-----w- c:\program files\ESTsoft
2009-12-20 02:01 . 2008-05-23 11:27 -------- d-----w- c:\program files\Azureus
2009-12-03 14:44 . 2008-06-30 13:52 -------- d-----w- c:\program files\Maxthon2
2009-11-26 09:05 . 2009-11-26 09:05 3481968 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2009-11-23 22:54 . 2008-05-23 11:26 -------- d-----w- c:\program files\Java
2009-11-23 22:54 . 2001-10-25 14:00 70106 ----a-w- c:\windows\system32\perfc005.dat
2009-11-23 22:54 . 2001-10-25 14:00 393192 ----a-w- c:\windows\system32\perfh005.dat
2009-10-11 03:17 . 2009-08-28 19:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-04-23 17:49 . 2009-04-23 17:49 3006 ----a-w- c:\program files\Common Files\unins000.dat
2009-04-23 17:48 . 2009-04-23 17:49 728858 ----a-w- c:\program files\Common Files\unins000.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-05_21.58.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-06 09:50 . 2010-01-06 09:50 16384 c:\windows\Temp\Perflib_Perfdata_700.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-01-08 98304]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-04-24 1421824]
"CPU Power Monitor"="c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\My Games\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\My Games\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\My Games\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [23.7.2008 17:25 149376]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.7.2008 14:06 75856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.7.2008 14:06 20560]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [28.5.2008 15:49 11596]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [28.8.2009 23:48 410976]
S3 DIGIRPS;Ovladač Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [23.7.2008 17:27 42432]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [10.4.2009 12:35 36608]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11.9.2009 23:13 356920]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [10.4.2009 12:35 233472]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Stáhnout obsah FLV videa s IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout všechny odkazy s IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: c:\windows\system32\idmmbc.dll
TCP: {AF2D4A7B-EB04-413C-BD41-9626ABD9E57A} = 172.16.0.1,10.1.2.10,212.47.1.4,212.47.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 10:51
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-776561741-651377827-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:73,48,ef,10,a8,81,91,4d,ff,f2,3e,69,4c,e6,5d,90,64,e5,bf,bd,e2,0a,8a,
d0,5b,4e,a8,c7,a7,8d,d7,49,0f,53,df,63,9c,23,ed,2e,0e,b0,a4,58,60,08,04,fd,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{52b94889-dd24-4079-b5eb-8caae0ab29b8}]
@Denied: (Full) (Everyone)
"Model"=dword:00000148
"Therad"=dword:0000001d
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,b3,63,f0,cc,91,14,13,44,46,8f,3c,f2,5c,68,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a8,f9,1c,4c,4b,f8,54,59,06,4c,c5,b1,75,c4,56,46,b9,aa,03,b6,23,
62,f7,ef,90,f3,63,67,73,fd,1f,ee,53,f9,03,cc,48,63,32,dc,00,00,00,00,00,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\idmmbc.dll
- - - - - - - > 'explorer.exe'(2360)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\program files\CursorXP\CurXP0.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Razer\Copperhead\razertra.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Celkový čas: 2010-01-06 10:53:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-06 09:53
ComboFix2.txt 2010-01-05 22:01
Před spuštěním: Volných bajtů: 268 189 020 160
Po spuštění: Volných bajtů: 268 142 051 328
- - End Of File - - 639A572271751A418050214E393BD99A
Re: Security central (w32 blaster.worm)
Na virustotal když jsem vložil soubor k analýze a dal jsem odeslat tak mi to napsalo pouze tohle:
"0 bytes size received / Se ha recibido un archivo vacio"
"0 bytes size received / Se ha recibido un archivo vacio"
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Security central (w32 blaster.worm)
0K. Ještě jeden skript.
~~~
Otevřete si Poznámkový blok a zkopírujte do něj
uložte to na Plochu jako CFScript.txt Pak jej myší přetáhněte nad ComboFix (!musí být na Ploše!) a pusťte.
ComboFix vykoná příkazy ze skriptu, PC může být opět restartován.
Po skončení mi sem dejte log, který na Vás po dočistění vybafne.
~~~
Podívejte se, co je ve složce C:\ddddd a zda ji znáte, pokud ne, udělejte screen souborů.
~~~
Vložte nový RSIT log. (CF log ze skriptu samozřejmě také).
~~~
Otevřete si Poznámkový blok a zkopírujte do něj
Kód: Vybrat vše
KillAll::
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00ComboFix vykoná příkazy ze skriptu, PC může být opět restartován.
Po skončení mi sem dejte log, který na Vás po dočistění vybafne.
~~~
Podívejte se, co je ve složce C:\ddddd a zda ji znáte, pokud ne, udělejte screen souborů.
~~~
Vložte nový RSIT log. (CF log ze skriptu samozřejmě také).
inactive
Re: Security central (w32 blaster.worm)
Nový log. z CF po druhém scriptu:
ComboFix 10-01-04.01 - Jary 06.01.2010 14:59:33.3.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3327.2834 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jary\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jary\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1169 [VPS 100106-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-06 do 2010-01-06 )))))))))))))))))))))))))))))))
.
2010-01-05 09:38 . 2010-01-05 09:53 -------- d-----w- C:\rsit
2009-12-30 11:00 . 2009-12-30 11:32 -------- d-----w- c:\program files\Webteh
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 09:20 . 2009-04-24 14:25 -------- d-----w- c:\program files\Steam
2010-01-06 09:13 . 2009-09-11 22:13 -------- d-----w- c:\program files\Spyware Doctor
2009-12-30 13:29 . 2009-04-20 20:18 -------- d-----w- c:\program files\ESTsoft
2009-12-20 02:01 . 2008-05-23 11:27 -------- d-----w- c:\program files\Azureus
2009-12-03 14:44 . 2008-06-30 13:52 -------- d-----w- c:\program files\Maxthon2
2009-11-26 09:05 . 2009-11-26 09:05 3481968 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2009-11-23 22:54 . 2008-05-23 11:26 -------- d-----w- c:\program files\Java
2009-11-23 22:54 . 2001-10-25 14:00 70106 ----a-w- c:\windows\system32\perfc005.dat
2009-11-23 22:54 . 2001-10-25 14:00 393192 ----a-w- c:\windows\system32\perfh005.dat
2009-10-11 03:17 . 2009-08-28 19:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-04-23 17:49 . 2009-04-23 17:49 3006 ----a-w- c:\program files\Common Files\unins000.dat
2009-04-23 17:48 . 2009-04-23 17:49 728858 ----a-w- c:\program files\Common Files\unins000.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-05_21.58.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-06 14:02 . 2010-01-06 14:02 16384 c:\windows\Temp\Perflib_Perfdata_700.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-01-08 98304]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-04-24 1421824]
"CPU Power Monitor"="c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\My Games\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\My Games\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\My Games\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [23.7.2008 17:25 149376]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.7.2008 14:06 75856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.7.2008 14:06 20560]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [28.5.2008 15:49 11596]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [28.8.2009 23:48 410976]
S3 DIGIRPS;Ovladač Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [23.7.2008 17:27 42432]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [10.4.2009 12:35 36608]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11.9.2009 23:13 356920]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [10.4.2009 12:35 233472]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Stáhnout obsah FLV videa s IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout všechny odkazy s IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: c:\windows\system32\idmmbc.dll
TCP: {AF2D4A7B-EB04-413C-BD41-9626ABD9E57A} = 172.16.0.1,10.1.2.10,212.47.1.4,212.47.0.1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 15:03
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-776561741-651377827-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:73,48,ef,10,a8,81,91,4d,ff,f2,3e,69,4c,e6,5d,90,64,e5,bf,bd,e2,0a,8a,
d0,5b,4e,a8,c7,a7,8d,d7,49,0f,53,df,63,9c,23,ed,2e,0e,b0,a4,58,60,08,04,fd,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{52b94889-dd24-4079-b5eb-8caae0ab29b8}]
@Denied: (Full) (Everyone)
"Model"=dword:00000148
"Therad"=dword:0000001d
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,b3,63,f0,cc,91,14,13,44,46,8f,3c,f2,5c,68,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a8,f9,1c,4c,4b,f8,54,59,06,4c,c5,b1,75,c4,56,46,b9,aa,03,b6,23,
62,f7,ef,90,f3,63,67,73,fd,1f,ee,53,f9,03,cc,48,63,32,dc,00,00,00,00,00,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(952)
c:\windows\system32\idmmbc.dll
- - - - - - - > 'explorer.exe'(2780)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\program files\CursorXP\CurXP0.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Razer\Copperhead\razertra.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-01-06 15:05:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-06 14:05
ComboFix2.txt 2010-01-06 09:53
ComboFix3.txt 2010-01-05 22:01
Před spuštěním: Volných bajtů: 271 567 294 464
Po spuštění: Volných bajtů: 271 536 037 888
- - End Of File - - 73C4A96FEA3BC6534D70981ED4D689B6
adresář C:\ddddd znám nebylo tam nic důležitého tak jsem ho smazal aby to nemátlo.
ComboFix 10-01-04.01 - Jary 06.01.2010 14:59:33.3.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3327.2834 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jary\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jary\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1169 [VPS 100106-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-06 do 2010-01-06 )))))))))))))))))))))))))))))))
.
2010-01-05 09:38 . 2010-01-05 09:53 -------- d-----w- C:\rsit
2009-12-30 11:00 . 2009-12-30 11:32 -------- d-----w- c:\program files\Webteh
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 09:20 . 2009-04-24 14:25 -------- d-----w- c:\program files\Steam
2010-01-06 09:13 . 2009-09-11 22:13 -------- d-----w- c:\program files\Spyware Doctor
2009-12-30 13:29 . 2009-04-20 20:18 -------- d-----w- c:\program files\ESTsoft
2009-12-20 02:01 . 2008-05-23 11:27 -------- d-----w- c:\program files\Azureus
2009-12-03 14:44 . 2008-06-30 13:52 -------- d-----w- c:\program files\Maxthon2
2009-11-26 09:05 . 2009-11-26 09:05 3481968 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2009-11-23 22:54 . 2008-05-23 11:26 -------- d-----w- c:\program files\Java
2009-11-23 22:54 . 2001-10-25 14:00 70106 ----a-w- c:\windows\system32\perfc005.dat
2009-11-23 22:54 . 2001-10-25 14:00 393192 ----a-w- c:\windows\system32\perfh005.dat
2009-10-11 03:17 . 2009-08-28 19:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-04-23 17:49 . 2009-04-23 17:49 3006 ----a-w- c:\program files\Common Files\unins000.dat
2009-04-23 17:48 . 2009-04-23 17:49 728858 ----a-w- c:\program files\Common Files\unins000.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-05_21.58.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-06 14:02 . 2010-01-06 14:02 16384 c:\windows\Temp\Perflib_Perfdata_700.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-01-08 98304]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-04-24 1421824]
"CPU Power Monitor"="c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\My Games\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\My Games\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\My Games\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [23.7.2008 17:25 149376]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.7.2008 14:06 75856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.7.2008 14:06 20560]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [28.5.2008 15:49 11596]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [28.8.2009 23:48 410976]
S3 DIGIRPS;Ovladač Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [23.7.2008 17:27 42432]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [10.4.2009 12:35 36608]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11.9.2009 23:13 356920]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [10.4.2009 12:35 233472]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Stáhnout obsah FLV videa s IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout všechny odkazy s IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: c:\windows\system32\idmmbc.dll
TCP: {AF2D4A7B-EB04-413C-BD41-9626ABD9E57A} = 172.16.0.1,10.1.2.10,212.47.1.4,212.47.0.1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 15:03
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-776561741-651377827-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:73,48,ef,10,a8,81,91,4d,ff,f2,3e,69,4c,e6,5d,90,64,e5,bf,bd,e2,0a,8a,
d0,5b,4e,a8,c7,a7,8d,d7,49,0f,53,df,63,9c,23,ed,2e,0e,b0,a4,58,60,08,04,fd,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{52b94889-dd24-4079-b5eb-8caae0ab29b8}]
@Denied: (Full) (Everyone)
"Model"=dword:00000148
"Therad"=dword:0000001d
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,b3,63,f0,cc,91,14,13,44,46,8f,3c,f2,5c,68,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a8,f9,1c,4c,4b,f8,54,59,06,4c,c5,b1,75,c4,56,46,b9,aa,03,b6,23,
62,f7,ef,90,f3,63,67,73,fd,1f,ee,53,f9,03,cc,48,63,32,dc,00,00,00,00,00,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(952)
c:\windows\system32\idmmbc.dll
- - - - - - - > 'explorer.exe'(2780)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\program files\CursorXP\CurXP0.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Razer\Copperhead\razertra.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-01-06 15:05:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-06 14:05
ComboFix2.txt 2010-01-06 09:53
ComboFix3.txt 2010-01-05 22:01
Před spuštěním: Volných bajtů: 271 567 294 464
Po spuštění: Volných bajtů: 271 536 037 888
- - End Of File - - 73C4A96FEA3BC6534D70981ED4D689B6
adresář C:\ddddd znám nebylo tam nic důležitého tak jsem ho smazal aby to nemátlo.
Re: Security central (w32 blaster.worm)
Nový rsit log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Jary at 2010-01-06 15:11:46
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 259 GB (85%) free of 305 GB
Total RAM: 3327 MB (85% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:11:48, on 6.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Documents and Settings\Jary\Plocha\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jary.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [BDRegion] c:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [LanguageShortcut] "c:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\190.62\english\PhysX_9.09.0814_SystemSoftware.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stáhnout obsah FLV videa s IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF2D4A7B-EB04-413C-BD41-9626ABD9E57A}: NameServer = 172.16.0.1,10.1.2.10,212.47.1.4,212.47.0.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - c:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O24 - Desktop Component 0: (no name) - (no file)
--
End of file - 9023 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2007-09-28 95664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2008-05-07 491520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2008-05-07 491520]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BDRegion"=c:\Program Files\Cyberlink\Shared Files\brs.exe [2007-11-16 91432]
"LanguageShortcut"=c:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2007-08-31 988584]
"Copperhead"=C:\Program Files\Razer\Copperhead\razerhid.exe [2005-11-25 155648]
"Ai Nap"=C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe [2008-04-24 1421824]
"CPU Power Monitor"=C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe [2008-01-09 627200]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-03-29 79224]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"=C:\Program Files\CursorXP\CursorXP.exe [2005-01-19 128000]
"STYLEXP"=C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2006-05-24 1372160]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-01-08 98304]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-03-01 172792]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"=MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI TRANSFORMS=C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST WISE_SETUP_EXE_PATH=c:\nvidia\displaydriver\190.62\english\PhysX_9.09.0814_SystemSoftware.exe []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoResolveTrack"=
"NoDriveAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\Program Files\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe"="C:\Program Files\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe:*:Enabled:MxDownloadServer"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\My Games\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe"="C:\My Games\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\My Games\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe"="C:\My Games\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\My Games\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe"="C:\My Games\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-01-06 15:05:20 ----A---- C:\ComboFix.txt
2010-01-05 22:53:32 ----A---- C:\Boot.bak
2010-01-05 22:53:28 ----RASHD---- C:\cmdcons
2010-01-05 22:52:18 ----A---- C:\WINDOWS\zip.exe
2010-01-05 22:52:18 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-05 22:52:18 ----A---- C:\WINDOWS\SWSC.exe
2010-01-05 22:52:18 ----A---- C:\WINDOWS\SWREG.exe
2010-01-05 22:52:18 ----A---- C:\WINDOWS\sed.exe
2010-01-05 22:52:18 ----A---- C:\WINDOWS\PEV.exe
2010-01-05 22:52:18 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-05 22:52:18 ----A---- C:\WINDOWS\MBR.exe
2010-01-05 22:52:18 ----A---- C:\WINDOWS\grep.exe
2010-01-05 22:52:05 ----D---- C:\WINDOWS\ERDNT
2010-01-05 22:49:30 ----D---- C:\Qoobox
2010-01-05 10:38:54 ----D---- C:\rsit
2010-01-05 10:25:31 ----D---- C:\WINDOWS\pss
2009-12-30 14:14:51 ----D---- C:\Documents and Settings\Jary\Data aplikací\ArcSoft
2009-12-30 12:00:24 ----D---- C:\Program Files\Webteh
======List of files/folders modified in the last 1 months======
2010-01-06 15:05:23 ----D---- C:\WINDOWS\Prefetch
2010-01-06 15:05:22 ----D---- C:\WINDOWS\system32\drivers
2010-01-06 15:05:10 ----D---- C:\WINDOWS\Temp
2010-01-06 15:04:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-06 15:03:10 ----D---- C:\WINDOWS
2010-01-06 15:03:09 ----A---- C:\WINDOWS\system.ini
2010-01-06 15:00:36 ----D---- C:\WINDOWS\system32
2010-01-06 15:00:36 ----D---- C:\WINDOWS\AppPatch
2010-01-06 15:00:34 ----D---- C:\Program Files\Common Files
2010-01-06 14:59:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-06 14:58:07 ----D---- C:\Documents and Settings\Jary\Data aplikací\DMCache
2010-01-06 14:52:09 ----A---- C:\WINDOWS\MAILTRAN.INI
2010-01-06 14:51:18 ----A---- C:\WINDOWS\wincmd.ini
2010-01-06 10:49:10 ----D---- C:\WINDOWS\system32\config
2010-01-06 10:48:55 ----RD---- C:\Program Files
2010-01-06 10:43:24 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-01-06 10:20:34 ----D---- C:\Program Files\Steam
2010-01-06 10:13:49 ----D---- C:\Program Files\Spyware Doctor
2010-01-05 22:53:32 ----RASH---- C:\boot.ini
2009-12-31 17:36:16 ----D---- C:\Documents and Settings\Jary\Data aplikací\Azureus
2009-12-30 17:07:19 ----D---- C:\WINDOWS\Minidump
2009-12-30 14:29:36 ----D---- C:\Program Files\ESTsoft
2009-12-30 14:29:36 ----D---- C:\Documents and Settings\Jary\Data aplikací\ESTsoft
2009-12-30 13:08:25 ----D---- C:\Documents and Settings\Jary\Data aplikací\BSplayer PRO
2009-12-30 11:56:32 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-28 11:45:46 ----A---- C:\WINDOWS\WTRAN32.INI
2009-12-27 16:06:40 ----D---- C:\Documents and Settings\Jary\Data aplikací\IDM
2009-12-22 00:08:11 ----D---- C:\WINDOWS\system32\NtmsData
2009-12-20 16:35:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2009-12-20 03:01:51 ----D---- C:\Program Files\Azureus
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-03-29 26944]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 75856]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-03-29 42912]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-03-13 29704]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-03-13 54280]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\c:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-03-29 94544]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-03-13 40456]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-03-13 71176]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-03-29 23152]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-08-28 47360]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 UsbFltr;Razer Copperhead Driver; C:\WINDOWS\system32\drivers\copperhd.sys [2005-11-02 11596]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-06-08 262912]
S2 NVR0FLASHDev;NVR0FLASHDev; \??\C:\WINDOWS\nvflash.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
S3 DIGIRPS;Ovladač Digi PortServer Driver; C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-10-24 42432]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2009-09-11 40840]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2009-09-11 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2009-09-11 81288]
S3 mbr;mbr; \??\C:\DOCUME~1\Jary\LOCALS~1\Temp\mbr.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-07 21760]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2008-02-22 87936]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2008-02-22 14976]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2008-02-22 114304]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 w800bus;Sony Ericsson W800 driver (WDM); C:\WINDOWS\system32\DRIVERS\w800bus.sys [2005-05-24 52384]
S3 w800mdfl;Sony Ericsson W800 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w800mdfl.sys [2005-05-24 6096]
S3 w800mdm;Sony Ericsson W800 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\w800mdm.sys [2005-05-24 87424]
S3 w800mgmt;Sony Ericsson W800 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\w800mgmt.sys [2005-05-24 79216]
S3 w800obex;Sony Ericsson W800 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\w800obex.sys [2005-05-24 77040]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-03-29 17272]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-03-29 144760]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-01 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-03-01 107832]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); c:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-10-15 243056]
R2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2006-05-24 372736]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-03-29 247160]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-03-29 345464]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-01-09 410976]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-09-11 1079176]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-01-08 233472]
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Jary at 2010-01-06 15:11:46
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 259 GB (85%) free of 305 GB
Total RAM: 3327 MB (85% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:11:48, on 6.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Documents and Settings\Jary\Plocha\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jary.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [BDRegion] c:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [LanguageShortcut] "c:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\190.62\english\PhysX_9.09.0814_SystemSoftware.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stáhnout obsah FLV videa s IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF2D4A7B-EB04-413C-BD41-9626ABD9E57A}: NameServer = 172.16.0.1,10.1.2.10,212.47.1.4,212.47.0.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - c:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O24 - Desktop Component 0: (no name) - (no file)
--
End of file - 9023 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2007-09-28 95664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2008-05-07 491520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2008-05-07 491520]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BDRegion"=c:\Program Files\Cyberlink\Shared Files\brs.exe [2007-11-16 91432]
"LanguageShortcut"=c:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2007-08-31 988584]
"Copperhead"=C:\Program Files\Razer\Copperhead\razerhid.exe [2005-11-25 155648]
"Ai Nap"=C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe [2008-04-24 1421824]
"CPU Power Monitor"=C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe [2008-01-09 627200]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-03-29 79224]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"=C:\Program Files\CursorXP\CursorXP.exe [2005-01-19 128000]
"STYLEXP"=C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2006-05-24 1372160]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-01-08 98304]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-03-01 172792]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"=MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI TRANSFORMS=C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST WISE_SETUP_EXE_PATH=c:\nvidia\displaydriver\190.62\english\PhysX_9.09.0814_SystemSoftware.exe []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoResolveTrack"=
"NoDriveAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\Program Files\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe"="C:\Program Files\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe:*:Enabled:MxDownloadServer"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\My Games\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe"="C:\My Games\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\My Games\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe"="C:\My Games\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\My Games\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe"="C:\My Games\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-01-06 15:05:20 ----A---- C:\ComboFix.txt
2010-01-05 22:53:32 ----A---- C:\Boot.bak
2010-01-05 22:53:28 ----RASHD---- C:\cmdcons
2010-01-05 22:52:18 ----A---- C:\WINDOWS\zip.exe
2010-01-05 22:52:18 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-05 22:52:18 ----A---- C:\WINDOWS\SWSC.exe
2010-01-05 22:52:18 ----A---- C:\WINDOWS\SWREG.exe
2010-01-05 22:52:18 ----A---- C:\WINDOWS\sed.exe
2010-01-05 22:52:18 ----A---- C:\WINDOWS\PEV.exe
2010-01-05 22:52:18 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-05 22:52:18 ----A---- C:\WINDOWS\MBR.exe
2010-01-05 22:52:18 ----A---- C:\WINDOWS\grep.exe
2010-01-05 22:52:05 ----D---- C:\WINDOWS\ERDNT
2010-01-05 22:49:30 ----D---- C:\Qoobox
2010-01-05 10:38:54 ----D---- C:\rsit
2010-01-05 10:25:31 ----D---- C:\WINDOWS\pss
2009-12-30 14:14:51 ----D---- C:\Documents and Settings\Jary\Data aplikací\ArcSoft
2009-12-30 12:00:24 ----D---- C:\Program Files\Webteh
======List of files/folders modified in the last 1 months======
2010-01-06 15:05:23 ----D---- C:\WINDOWS\Prefetch
2010-01-06 15:05:22 ----D---- C:\WINDOWS\system32\drivers
2010-01-06 15:05:10 ----D---- C:\WINDOWS\Temp
2010-01-06 15:04:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-06 15:03:10 ----D---- C:\WINDOWS
2010-01-06 15:03:09 ----A---- C:\WINDOWS\system.ini
2010-01-06 15:00:36 ----D---- C:\WINDOWS\system32
2010-01-06 15:00:36 ----D---- C:\WINDOWS\AppPatch
2010-01-06 15:00:34 ----D---- C:\Program Files\Common Files
2010-01-06 14:59:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-06 14:58:07 ----D---- C:\Documents and Settings\Jary\Data aplikací\DMCache
2010-01-06 14:52:09 ----A---- C:\WINDOWS\MAILTRAN.INI
2010-01-06 14:51:18 ----A---- C:\WINDOWS\wincmd.ini
2010-01-06 10:49:10 ----D---- C:\WINDOWS\system32\config
2010-01-06 10:48:55 ----RD---- C:\Program Files
2010-01-06 10:43:24 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-01-06 10:20:34 ----D---- C:\Program Files\Steam
2010-01-06 10:13:49 ----D---- C:\Program Files\Spyware Doctor
2010-01-05 22:53:32 ----RASH---- C:\boot.ini
2009-12-31 17:36:16 ----D---- C:\Documents and Settings\Jary\Data aplikací\Azureus
2009-12-30 17:07:19 ----D---- C:\WINDOWS\Minidump
2009-12-30 14:29:36 ----D---- C:\Program Files\ESTsoft
2009-12-30 14:29:36 ----D---- C:\Documents and Settings\Jary\Data aplikací\ESTsoft
2009-12-30 13:08:25 ----D---- C:\Documents and Settings\Jary\Data aplikací\BSplayer PRO
2009-12-30 11:56:32 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-28 11:45:46 ----A---- C:\WINDOWS\WTRAN32.INI
2009-12-27 16:06:40 ----D---- C:\Documents and Settings\Jary\Data aplikací\IDM
2009-12-22 00:08:11 ----D---- C:\WINDOWS\system32\NtmsData
2009-12-20 16:35:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2009-12-20 03:01:51 ----D---- C:\Program Files\Azureus
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-03-29 26944]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 75856]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-03-29 42912]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-03-13 29704]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-03-13 54280]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\c:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-03-29 94544]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-03-13 40456]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-03-13 71176]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-03-29 23152]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-08-28 47360]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 UsbFltr;Razer Copperhead Driver; C:\WINDOWS\system32\drivers\copperhd.sys [2005-11-02 11596]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-06-08 262912]
S2 NVR0FLASHDev;NVR0FLASHDev; \??\C:\WINDOWS\nvflash.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
S3 DIGIRPS;Ovladač Digi PortServer Driver; C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-10-24 42432]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2009-09-11 40840]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2009-09-11 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2009-09-11 81288]
S3 mbr;mbr; \??\C:\DOCUME~1\Jary\LOCALS~1\Temp\mbr.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-07 21760]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2008-02-22 87936]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2008-02-22 14976]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2008-02-22 114304]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 w800bus;Sony Ericsson W800 driver (WDM); C:\WINDOWS\system32\DRIVERS\w800bus.sys [2005-05-24 52384]
S3 w800mdfl;Sony Ericsson W800 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w800mdfl.sys [2005-05-24 6096]
S3 w800mdm;Sony Ericsson W800 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\w800mdm.sys [2005-05-24 87424]
S3 w800mgmt;Sony Ericsson W800 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\w800mgmt.sys [2005-05-24 79216]
S3 w800obex;Sony Ericsson W800 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\w800obex.sys [2005-05-24 77040]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-03-29 17272]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-03-29 144760]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-01 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-03-01 107832]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); c:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-10-15 243056]
R2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2006-05-24 372736]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-03-29 247160]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-03-29 345464]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-01-09 410976]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-09-11 1079176]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-01-08 233472]
-----------------EOF-----------------
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Security central (w32 blaster.worm)
Již jsem ho vložil ihned po logu z CF jsem dal i rsit log.Nebo mám udělat ještě jeden ?
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Security central (w32 blaster.worm)
Byl jste rychlejší, nebo jste editoval.
Vypadá to úplně čisté. Pro moji jistotu ještě můžeme zkusit MBAM.
Zároveň Vám hodím šablony na různé čištění atp.
~~~
Spusťte přejmenované HiJackThis - C:\Program Files\Trend Micro\HijackThis\jmeno_usera.exe
Klikněte na 'Do a system scan only'.
U níže uvedených položek udělejte fajfku do čtverečku a poté klikněte na 'Fix Checked'.
~~~
Odinstalujte ComboFix
Start >> Spustit >> vkopírujte do okénka:
>> stiskněte Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
~~~
Spusťte opět OTM, ale tentokrát klikněte na 'CleanUp!' [vizte obrázek].
~~~
Stáhněte MBAM a postupujte podle popisu. Zatím nic nemažte, MBAM má občas falešné detekce.
Potom mi sem vložte log.
~~~
Zkuste pročistit PC CCleanerem.
Nainstalujte, jen dávejte pozor a při instalaci odfajfkujte položku Instalovat Yahoo! Toolbar.
Spusťte.
Záložka Čistič -> nechte zatrženo vše, jak je, a klikněte na 'Spustit CCleaner'.
Záložka Registry > klikněte na 'Hledej problémy'. Vyhledá problémy v registru, až dokončí analyzování, klikněte na 'Opravit vybrané problémy'. Nabídne Vám vytvoření zálohy - pro jistotu ji vytvořte a uložte například na Plochu.
CCleaner doporučuji používat pravidelně, celkem rapidně dokáže zrychlit PC.
~~~
Po těchto mým 'zákrocích' Vám nebudou fungovat automatické aktualizace například Javy (spouštěly se zbytečně hned po startu systému a zatěžovaly RAM).
Proto doporučuji stáhnout si prográmek jménem FileHippo Update Checker, který stačit jednou týdně spustit a přehledně Vám zobrazí, který software je neaktuální.
Vypadá to úplně čisté. Pro moji jistotu ještě můžeme zkusit MBAM.
Zároveň Vám hodím šablony na různé čištění atp.
~~~
Spusťte přejmenované HiJackThis - C:\Program Files\Trend Micro\HijackThis\jmeno_usera.exe
Klikněte na 'Do a system scan only'.
U níže uvedených položek udělejte fajfku do čtverečku a poté klikněte na 'Fix Checked'.
Pokud by tam nějaká položka nebyla, vynechte ji.cO9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O24 - Desktop Component 0: (no name) - (no file)
~~~
Odinstalujte ComboFix
Start >> Spustit >> vkopírujte do okénka:
Kód: Vybrat vše
ComboFix /UninstallTo odinstaluje ComboFix a smaže s ním související soubory a složky.
~~~
Spusťte opět OTM, ale tentokrát klikněte na 'CleanUp!' [vizte obrázek].
~~~
Stáhněte MBAM a postupujte podle popisu. Zatím nic nemažte, MBAM má občas falešné detekce.
Potom mi sem vložte log.
~~~
Zkuste pročistit PC CCleanerem.
Nainstalujte, jen dávejte pozor a při instalaci odfajfkujte položku Instalovat Yahoo! Toolbar.
Spusťte.
Záložka Čistič -> nechte zatrženo vše, jak je, a klikněte na 'Spustit CCleaner'. Záložka Registry > klikněte na 'Hledej problémy'. Vyhledá problémy v registru, až dokončí analyzování, klikněte na 'Opravit vybrané problémy'. Nabídne Vám vytvoření zálohy - pro jistotu ji vytvořte a uložte například na Plochu.CCleaner doporučuji používat pravidelně, celkem rapidně dokáže zrychlit PC.
~~~
Po těchto mým 'zákrocích' Vám nebudou fungovat automatické aktualizace například Javy (spouštěly se zbytečně hned po startu systému a zatěžovaly RAM).
Proto doporučuji stáhnout si prográmek jménem FileHippo Update Checker, který stačit jednou týdně spustit a přehledně Vám zobrazí, který software je neaktuální.
inactive
Re: Security central (w32 blaster.worm)
Vkládám log. z mbam:
Malwarebytes' Anti-Malware 1.43
Verze databáze: 3501
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
6.1.2010 16:34:29
mbam-log-2010-01-06 (16-34-15).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 104510
Uplynulý čas: 2 minute(s), 29 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 2
Infikované soubory: 2
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
C:\Documents and Settings\LocalService\Data aplikací\twain_32 (Trojan.Zbot) -> No action taken.
C:\Documents and Settings\NetworkService\Data aplikací\twain_32 (Trojan.Zbot) -> No action taken.
Infikované soubory:
C:\Documents and Settings\LocalService\Data aplikací\twain_32\user.ds (Trojan.Zbot) -> No action taken.
C:\Documents and Settings\NetworkService\Data aplikací\twain_32\user.ds (Trojan.Zbot) -> No action taken.
Malwarebytes' Anti-Malware 1.43
Verze databáze: 3501
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
6.1.2010 16:34:29
mbam-log-2010-01-06 (16-34-15).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 104510
Uplynulý čas: 2 minute(s), 29 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 2
Infikované soubory: 2
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
C:\Documents and Settings\LocalService\Data aplikací\twain_32 (Trojan.Zbot) -> No action taken.
C:\Documents and Settings\NetworkService\Data aplikací\twain_32 (Trojan.Zbot) -> No action taken.
Infikované soubory:
C:\Documents and Settings\LocalService\Data aplikací\twain_32\user.ds (Trojan.Zbot) -> No action taken.
C:\Documents and Settings\NetworkService\Data aplikací\twain_32\user.ds (Trojan.Zbot) -> No action taken.
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Přispějete na provoz fóra?