Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosim o pomoc..problem s virem
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
prosim o pomoc..problem s virem
dobry den mam problem s virem,se kterym si awast nevi rady.muzete mi prosim pomoci.
prikladam rsit:
Logfile of random's system information tool 1.06 (written by random/random)
Run by tepan at 2010-02-06 12:43:59
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (10%) free of 12 GB
Total RAM: 1023 MB (31% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:31, on 6.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe
C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\IpSharkk\IpSharkk.exe
C:\Documents and Settings\tepan\Data aplikací\windows_update.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\tepan\Data aplikací\svchost.exe
C:\Program Files\TuneUp Utilities 2009\OneClick.exe
C:\Program Files\TuneUp Utilities 2009\RegistryCleaner.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\tepan\LOCALS~1\Temp\csrss.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
D:\Stazeno z dc\Z netu\RSIT.exe
C:\Program Files\trend micro\HijackThis\tepan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" /min
O4 - HKLM\..\Run: [Windows Live installer 123] C:\WINDOWS\system32\drivers\drivers.exe
O4 - HKLM\..\Run: [windows live update] C:\WINDOWS\system32\drivers\svchosts.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [IpSharkk] "C:\Program Files\IpSharkk\IpSharkk.exe" /auto
O4 - HKCU\..\Run: [MSN] C:\Documents and Settings\tepan\Data aplikací\svchost.exe
O4 - HKCU\..\Run: [windows live update] C:\WINDOWS\system32\drivers\svchosts.exe
O4 - HKCU\..\Run: [csrss] C:\Documents and Settings\tepan\Data aplikací\csrss.exe 1000
O4 - HKCU\..\Run: [Windows Live installer 1214] C:\WINDOWS\system32\drivers\drivers.exe
O4 - HKLM\..\Policies\Explorer\Run: [Windows Live Update 434] C:\WINDOWS\system32\drivers\drivers.exe
O4 - HKLM\..\Policies\Explorer\Run: [windows live update121] C:\WINDOWS\system32\drivers\svchosts.exe
O4 - HKCU\..\Policies\Explorer\Run: [windows live update121] C:\WINDOWS\system32\drivers\svchosts.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Live Update 434] C:\WINDOWS\system32\drivers\drivers.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5463707078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6061926015
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ADDC832-6756-4EB9-A6DF-068620BB9809}: NameServer = 1.1.1.1,1.1.1.17
O17 - HKLM\System\CS3\Services\Tcpip\..\{4ADDC832-6756-4EB9-A6DF-068620BB9809}: NameServer = 1.1.1.1,1.1.1.17
O17 - HKLM\System\CS4\Services\Tcpip\..\{4ADDC832-6756-4EB9-A6DF-068620BB9809}: NameServer = 1.1.1.1,1.1.1.17
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
--
End of file - 10514 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Úklid 1 kliknutím.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
FG2CatchUrl - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-10-24 90112]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"CTSysVol"=C:\Program Files\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe [2005-10-31 57344]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-12-02 2221352]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-11-06 570664]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-11-11 198160]
"FlashGet"=C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe [2008-08-19 1795656]
"Windows Live installer 123"=C:\WINDOWS\system32\drivers\drivers.exe [2010-02-05 301056]
"windows live update"=C:\WINDOWS\system32\drivers\svchosts.exe [2010-02-06 301568]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Windows Live Update 434"=C:\WINDOWS\system32\drivers\drivers.exe [2010-02-05 301056]
"windows live update121"=C:\WINDOWS\system32\drivers\svchosts.exe [2010-02-06 301568]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SetDefaultMIDI"=C:\WINDOWS\MIDIDef.exe [2002-12-03 49152]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"IpSharkk"=C:\Program Files\IpSharkk\IpSharkk.exe [2008-09-11 716800]
"MSN"=C:\Documents and Settings\tepan\Data aplikací\svchost.exe [2010-02-05 76800]
"windows live update"=C:\WINDOWS\system32\drivers\svchosts.exe [2010-02-06 301568]
"csrss"=C:\Documents and Settings\tepan\Data aplikací\csrss.exe [2010-02-06 11776]
"Windows Live installer 1214"=C:\WINDOWS\system32\drivers\drivers.exe [2010-02-05 301056]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"windows live update121"=C:\WINDOWS\system32\drivers\svchosts.exe [2010-02-06 301568]
"Windows Live Update 434"=C:\WINDOWS\system32\drivers\drivers.exe [2010-02-05 301056]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=
"NoResolveSearch"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Strong dc\StrongDC.exe"="C:\Program Files\Strong dc\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\ICQ\Icq.exe"="C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\IpSharkk\IpSharkk.exe"="C:\Program Files\IpSharkk\IpSharkk.exe:*:Enabled:IpSharkk"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13d7f424-f472-11de-9fbf-0018f3677774}]
shell\AutoRun\command - J:\AutoTransfer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa58f76a-8d73-11de-a98a-0018f3677774}]
shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9171f68-bffd-11de-aa61-0018f3677774}]
shell\AutoRun\command - H:\autoverify.exe
======List of files/folders created in the last 1 months======
2010-02-06 03:03:35 ----A---- C:\Documents and Settings\tepan\Data aplikací\csrss.exe
2010-02-05 14:22:52 ----H---- C:\Documents and Settings\tepan\Data aplikací\Window_s_updater.exe
2010-02-05 01:00:30 ----A---- C:\Documents and Settings\tepan\Data aplikací\windows_update.exe
2010-02-04 23:29:30 ----H---- C:\WINDOWS\system32\Windows_updater.exe
2010-02-04 02:26:08 ----D---- C:\TTDX
2010-02-03 23:34:42 ----H---- C:\Documents and Settings\tepan\Data aplikací\winliveupd.exe
2010-02-03 23:34:33 ----A---- C:\Documents and Settings\tepan\Data aplikací\boob.exe
2010-02-03 23:07:29 ----D---- C:\Program Files\Total Video Converter 3.12
2010-02-03 22:51:10 ----RSH---- C:\Documents and Settings\tepan\Data aplikací\svchost.exe
2010-02-03 22:51:09 ----H---- C:\WINDOWS\WLU.exe
2010-02-03 22:48:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\QuickMediaConverter
2010-02-03 22:48:03 ----D---- C:\Documents and Settings\tepan\Data aplikací\CocoonSoftware
2010-02-03 22:47:45 ----D---- C:\Program Files\QuickMediaConverter
2010-02-03 14:40:33 ----D---- C:\Program Files\Aiseesoft Studio
2010-01-31 16:07:27 ----D---- C:\Program Files\IpSharkk
2010-01-31 14:11:14 ----D---- C:\MPS
2010-01-31 12:18:28 ----D---- C:\Program Files\Common Files\DivX Shared
2010-01-27 11:17:55 ----D---- C:\Program Files\Total Video Converter
2010-01-21 15:17:18 ----D---- C:\Program Files\DreamCom
2010-01-13 22:26:37 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-12 19:38:01 ----A---- C:\WINDOWS\imsins.BAK
2010-01-12 19:37:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
======List of files/folders modified in the last 1 months======
2010-02-06 12:44:16 ----D---- C:\Documents and Settings\tepan\Data aplikací\BITS
2010-02-06 12:42:47 ----D---- C:\WINDOWS\Prefetch
2010-02-06 12:41:49 ----A---- C:\WINDOWS\wincmd.ini
2010-02-06 12:28:00 ----D---- C:\Program Files\Mozilla Firefox
2010-02-06 12:05:10 ----D---- C:\WINDOWS\system32\drivers
2010-02-06 12:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-06 08:47:33 ----D---- C:\WINDOWS\temp
2010-02-06 01:19:51 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-05 15:36:52 ----D---- C:\Documents and Settings\tepan\Data aplikací\ICQ
2010-02-05 13:17:04 ----D---- C:\Documents and Settings\tepan\Data aplikací\vlc
2010-02-04 23:29:30 ----D---- C:\WINDOWS\system32
2010-02-04 02:15:00 ----D---- C:\Documents and Settings\tepan\Data aplikací\dvdcss
2010-02-03 23:07:29 ----AD---- C:\Program Files
2010-02-03 22:51:09 ----D---- C:\WINDOWS
2010-02-03 16:22:31 ----SHD---- C:\WINDOWS\Installer
2010-02-03 16:22:29 ----RD---- C:\Program Files\Skype
2010-02-03 16:01:16 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-31 14:50:04 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2010-01-31 14:50:04 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2010-01-31 14:48:12 ----D---- C:\Program Files\Webteh
2010-01-31 14:47:28 ----D---- C:\Documents and Settings\tepan\Data aplikací\BSplayer
2010-01-31 14:19:17 ----D---- C:\Program Files\StormWare
2010-01-31 14:17:53 ----D---- C:\Program Files\Alcohol Soft
2010-01-31 12:18:46 ----D---- C:\WINDOWS\WinSxS
2010-01-31 12:18:28 ----D---- C:\Program Files\Common Files
2010-01-29 09:48:00 ----D---- C:\Program Files\Common Files\STORMWARE Shared
2010-01-29 09:45:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-29 09:44:55 ----D---- C:\WINDOWS\inf
2010-01-27 11:18:03 ----RSD---- C:\WINDOWS\Fonts
2010-01-26 08:28:17 ----DC---- C:\WINDOWS\system32\dllcache
2010-01-26 08:28:12 ----D---- C:\Program Files\Internet Explorer
2010-01-26 08:28:00 ----D---- C:\WINDOWS\ie8updates
2010-01-26 08:27:31 ----D---- C:\WINDOWS\$hf_mig$
2010-01-22 20:55:44 ----D---- C:\Documents and Settings\tepan\Data aplikací\uTorrent
2010-01-22 07:09:10 ----D---- C:\Documents and Settings\tepan\Data aplikací\Free Download Manager
2010-01-20 12:21:40 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-17 08:38:19 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-17 08:38:15 ----D---- C:\Program Files\The KMPlayer
2010-01-13 22:24:31 ----D---- C:\WINDOWS\Debug
2010-01-13 22:24:02 ----D---- C:\Documents and Settings\tepan\Data aplikací\Skype
2010-01-13 22:20:34 ----D---- C:\Documents and Settings\tepan\Data aplikací\skypePM
2010-01-12 19:39:11 ----D---- C:\WINDOWS\AppPatch
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 anf0100.sys;anf0100.sys; \??\C:\WINDOWS\system32\drivers\anf0100.sys []
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2005-04-05 100096]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R3 AIRPLUS;D-Link AirPlus Wireless Adapter; C:\WINDOWS\system32\DRIVERS\airplus.sys [2003-06-05 155776]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-12-28 1135104]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-10-26 3786944]
S3 auoyoy2z;auoyoy2z; C:\WINDOWS\system32\drivers\auoyoy2z.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-09-04 241664]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-04-29 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-11-30 20543]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-12-02 877864]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2005-04-29 131136]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2005-04-29 57412]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-11-01 66872]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-10-23 603904]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
R2 UTSCSI;Usbest Service Zero; C:\WINDOWS\system32\UTSCSI.EXE [2009-10-23 45568]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-10-23 360192]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-12-12 537896]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
dekuji
prikladam rsit:
Logfile of random's system information tool 1.06 (written by random/random)
Run by tepan at 2010-02-06 12:43:59
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (10%) free of 12 GB
Total RAM: 1023 MB (31% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:31, on 6.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe
C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\IpSharkk\IpSharkk.exe
C:\Documents and Settings\tepan\Data aplikací\windows_update.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\tepan\Data aplikací\svchost.exe
C:\Program Files\TuneUp Utilities 2009\OneClick.exe
C:\Program Files\TuneUp Utilities 2009\RegistryCleaner.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\tepan\LOCALS~1\Temp\csrss.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
D:\Stazeno z dc\Z netu\RSIT.exe
C:\Program Files\trend micro\HijackThis\tepan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" /min
O4 - HKLM\..\Run: [Windows Live installer 123] C:\WINDOWS\system32\drivers\drivers.exe
O4 - HKLM\..\Run: [windows live update] C:\WINDOWS\system32\drivers\svchosts.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [IpSharkk] "C:\Program Files\IpSharkk\IpSharkk.exe" /auto
O4 - HKCU\..\Run: [MSN] C:\Documents and Settings\tepan\Data aplikací\svchost.exe
O4 - HKCU\..\Run: [windows live update] C:\WINDOWS\system32\drivers\svchosts.exe
O4 - HKCU\..\Run: [csrss] C:\Documents and Settings\tepan\Data aplikací\csrss.exe 1000
O4 - HKCU\..\Run: [Windows Live installer 1214] C:\WINDOWS\system32\drivers\drivers.exe
O4 - HKLM\..\Policies\Explorer\Run: [Windows Live Update 434] C:\WINDOWS\system32\drivers\drivers.exe
O4 - HKLM\..\Policies\Explorer\Run: [windows live update121] C:\WINDOWS\system32\drivers\svchosts.exe
O4 - HKCU\..\Policies\Explorer\Run: [windows live update121] C:\WINDOWS\system32\drivers\svchosts.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Live Update 434] C:\WINDOWS\system32\drivers\drivers.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5463707078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6061926015
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ADDC832-6756-4EB9-A6DF-068620BB9809}: NameServer = 1.1.1.1,1.1.1.17
O17 - HKLM\System\CS3\Services\Tcpip\..\{4ADDC832-6756-4EB9-A6DF-068620BB9809}: NameServer = 1.1.1.1,1.1.1.17
O17 - HKLM\System\CS4\Services\Tcpip\..\{4ADDC832-6756-4EB9-A6DF-068620BB9809}: NameServer = 1.1.1.1,1.1.1.17
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
--
End of file - 10514 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Úklid 1 kliknutím.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
FG2CatchUrl - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-10-24 90112]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"CTSysVol"=C:\Program Files\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe [2005-10-31 57344]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-12-02 2221352]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-11-06 570664]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-11-11 198160]
"FlashGet"=C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe [2008-08-19 1795656]
"Windows Live installer 123"=C:\WINDOWS\system32\drivers\drivers.exe [2010-02-05 301056]
"windows live update"=C:\WINDOWS\system32\drivers\svchosts.exe [2010-02-06 301568]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Windows Live Update 434"=C:\WINDOWS\system32\drivers\drivers.exe [2010-02-05 301056]
"windows live update121"=C:\WINDOWS\system32\drivers\svchosts.exe [2010-02-06 301568]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SetDefaultMIDI"=C:\WINDOWS\MIDIDef.exe [2002-12-03 49152]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"IpSharkk"=C:\Program Files\IpSharkk\IpSharkk.exe [2008-09-11 716800]
"MSN"=C:\Documents and Settings\tepan\Data aplikací\svchost.exe [2010-02-05 76800]
"windows live update"=C:\WINDOWS\system32\drivers\svchosts.exe [2010-02-06 301568]
"csrss"=C:\Documents and Settings\tepan\Data aplikací\csrss.exe [2010-02-06 11776]
"Windows Live installer 1214"=C:\WINDOWS\system32\drivers\drivers.exe [2010-02-05 301056]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"windows live update121"=C:\WINDOWS\system32\drivers\svchosts.exe [2010-02-06 301568]
"Windows Live Update 434"=C:\WINDOWS\system32\drivers\drivers.exe [2010-02-05 301056]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=
"NoResolveSearch"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Strong dc\StrongDC.exe"="C:\Program Files\Strong dc\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\ICQ\Icq.exe"="C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\IpSharkk\IpSharkk.exe"="C:\Program Files\IpSharkk\IpSharkk.exe:*:Enabled:IpSharkk"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13d7f424-f472-11de-9fbf-0018f3677774}]
shell\AutoRun\command - J:\AutoTransfer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa58f76a-8d73-11de-a98a-0018f3677774}]
shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9171f68-bffd-11de-aa61-0018f3677774}]
shell\AutoRun\command - H:\autoverify.exe
======List of files/folders created in the last 1 months======
2010-02-06 03:03:35 ----A---- C:\Documents and Settings\tepan\Data aplikací\csrss.exe
2010-02-05 14:22:52 ----H---- C:\Documents and Settings\tepan\Data aplikací\Window_s_updater.exe
2010-02-05 01:00:30 ----A---- C:\Documents and Settings\tepan\Data aplikací\windows_update.exe
2010-02-04 23:29:30 ----H---- C:\WINDOWS\system32\Windows_updater.exe
2010-02-04 02:26:08 ----D---- C:\TTDX
2010-02-03 23:34:42 ----H---- C:\Documents and Settings\tepan\Data aplikací\winliveupd.exe
2010-02-03 23:34:33 ----A---- C:\Documents and Settings\tepan\Data aplikací\boob.exe
2010-02-03 23:07:29 ----D---- C:\Program Files\Total Video Converter 3.12
2010-02-03 22:51:10 ----RSH---- C:\Documents and Settings\tepan\Data aplikací\svchost.exe
2010-02-03 22:51:09 ----H---- C:\WINDOWS\WLU.exe
2010-02-03 22:48:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\QuickMediaConverter
2010-02-03 22:48:03 ----D---- C:\Documents and Settings\tepan\Data aplikací\CocoonSoftware
2010-02-03 22:47:45 ----D---- C:\Program Files\QuickMediaConverter
2010-02-03 14:40:33 ----D---- C:\Program Files\Aiseesoft Studio
2010-01-31 16:07:27 ----D---- C:\Program Files\IpSharkk
2010-01-31 14:11:14 ----D---- C:\MPS
2010-01-31 12:18:28 ----D---- C:\Program Files\Common Files\DivX Shared
2010-01-27 11:17:55 ----D---- C:\Program Files\Total Video Converter
2010-01-21 15:17:18 ----D---- C:\Program Files\DreamCom
2010-01-13 22:26:37 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-12 19:38:01 ----A---- C:\WINDOWS\imsins.BAK
2010-01-12 19:37:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
======List of files/folders modified in the last 1 months======
2010-02-06 12:44:16 ----D---- C:\Documents and Settings\tepan\Data aplikací\BITS
2010-02-06 12:42:47 ----D---- C:\WINDOWS\Prefetch
2010-02-06 12:41:49 ----A---- C:\WINDOWS\wincmd.ini
2010-02-06 12:28:00 ----D---- C:\Program Files\Mozilla Firefox
2010-02-06 12:05:10 ----D---- C:\WINDOWS\system32\drivers
2010-02-06 12:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-06 08:47:33 ----D---- C:\WINDOWS\temp
2010-02-06 01:19:51 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-05 15:36:52 ----D---- C:\Documents and Settings\tepan\Data aplikací\ICQ
2010-02-05 13:17:04 ----D---- C:\Documents and Settings\tepan\Data aplikací\vlc
2010-02-04 23:29:30 ----D---- C:\WINDOWS\system32
2010-02-04 02:15:00 ----D---- C:\Documents and Settings\tepan\Data aplikací\dvdcss
2010-02-03 23:07:29 ----AD---- C:\Program Files
2010-02-03 22:51:09 ----D---- C:\WINDOWS
2010-02-03 16:22:31 ----SHD---- C:\WINDOWS\Installer
2010-02-03 16:22:29 ----RD---- C:\Program Files\Skype
2010-02-03 16:01:16 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-31 14:50:04 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2010-01-31 14:50:04 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2010-01-31 14:48:12 ----D---- C:\Program Files\Webteh
2010-01-31 14:47:28 ----D---- C:\Documents and Settings\tepan\Data aplikací\BSplayer
2010-01-31 14:19:17 ----D---- C:\Program Files\StormWare
2010-01-31 14:17:53 ----D---- C:\Program Files\Alcohol Soft
2010-01-31 12:18:46 ----D---- C:\WINDOWS\WinSxS
2010-01-31 12:18:28 ----D---- C:\Program Files\Common Files
2010-01-29 09:48:00 ----D---- C:\Program Files\Common Files\STORMWARE Shared
2010-01-29 09:45:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-29 09:44:55 ----D---- C:\WINDOWS\inf
2010-01-27 11:18:03 ----RSD---- C:\WINDOWS\Fonts
2010-01-26 08:28:17 ----DC---- C:\WINDOWS\system32\dllcache
2010-01-26 08:28:12 ----D---- C:\Program Files\Internet Explorer
2010-01-26 08:28:00 ----D---- C:\WINDOWS\ie8updates
2010-01-26 08:27:31 ----D---- C:\WINDOWS\$hf_mig$
2010-01-22 20:55:44 ----D---- C:\Documents and Settings\tepan\Data aplikací\uTorrent
2010-01-22 07:09:10 ----D---- C:\Documents and Settings\tepan\Data aplikací\Free Download Manager
2010-01-20 12:21:40 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-17 08:38:19 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-17 08:38:15 ----D---- C:\Program Files\The KMPlayer
2010-01-13 22:24:31 ----D---- C:\WINDOWS\Debug
2010-01-13 22:24:02 ----D---- C:\Documents and Settings\tepan\Data aplikací\Skype
2010-01-13 22:20:34 ----D---- C:\Documents and Settings\tepan\Data aplikací\skypePM
2010-01-12 19:39:11 ----D---- C:\WINDOWS\AppPatch
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 anf0100.sys;anf0100.sys; \??\C:\WINDOWS\system32\drivers\anf0100.sys []
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2005-04-05 100096]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R3 AIRPLUS;D-Link AirPlus Wireless Adapter; C:\WINDOWS\system32\DRIVERS\airplus.sys [2003-06-05 155776]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-12-28 1135104]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-10-26 3786944]
S3 auoyoy2z;auoyoy2z; C:\WINDOWS\system32\drivers\auoyoy2z.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-09-04 241664]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-04-29 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-11-30 20543]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-12-02 877864]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2005-04-29 131136]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2005-04-29 57412]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-11-01 66872]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-10-23 603904]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
R2 UTSCSI;Usbest Service Zero; C:\WINDOWS\system32\UTSCSI.EXE [2009-10-23 45568]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-10-23 360192]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-12-12 537896]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
dekuji
Re: prosim o pomoc..problem s virem
Dobré odpoledne
Stahněte MBAM, nainstalujte, dejte Úplný sken. Ještě před zahájením skenu program aktualizujte.
NIC NEMAŽTE (MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu)
Log potom pošlete sem.
Stahněte MBAM, nainstalujte, dejte Úplný sken. Ještě před zahájením skenu program aktualizujte.
NIC NEMAŽTE (MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu)
Log potom pošlete sem.
RSIT | OTMoveIt3 | Avenger | RootRepeal | GMER | AVPTool | CCleaner | T-Cleaner | ATF Cleaner | Win XP Manager | SVI
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému
Re: prosim o pomoc..problem s virem
tak tady je ten log
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3729
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12.2.2010 10:47:34
mbam-log-2010-02-12 (10-47-20).txt
Typ kontroly: Kompletní kontrola (C:\|D:\|F:\|)
Zkontrolované objekty: 213630
Uplynulý čas: 2 hour(s), 12 minute(s), 29 second(s)
Infikované procesy v paměti: 2
Infikované moduly v paměti: 0
Infikované klíče registru: 18
Infikované hodnoty registru: 5
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 8
Infikované procesy v paměti:
C:\Documents and Settings\tepan\Data aplikací\csrss.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\tepan\Data aplikací\svchost.exe (Trojan.Delf) -> No action taken.
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5c0-4fcb-11cf-aax5-00401c608512} (Generic.Bot.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6rgy181e-8dn8-44d2-7k17-5038e1470846} (Generic.Bot.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{vhmd682l-8071-06e5-jt1s-h13ae34wvfgt} (Generic.Bot.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5c0-4fcb-11cf-aax5-00401c608512} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msn (Trojan.Delf) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\csrss (Trojan.Agent) -> No action taken.
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\WINDOWS\system32\drivers\svchosts.exe (Generic.Bot.H) -> No action taken.
C:\WINDOWS\system32\drivers\drivers.exe (Generic.Bot.H) -> No action taken.
F:\Documents and Settings\Mr Zdenek\My Documents\Filmy\Dinosaur-021216_1935 (D)\DivXPro502GAINBundle.exe (Adware.Gain) -> No action taken.
C:\Documents and Settings\tepan\Local Settings\temp\UuU.uUu (Malware.Trace) -> No action taken.
C:\Documents and Settings\tepan\Local Settings\temp\XxX.xXx (Malware.Trace) -> No action taken.
C:\Documents and Settings\tepan\Data aplikací\csrss.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\tepan\Data aplikací\svchost.exe (Trojan.Delf) -> No action taken.
C:\Documents and Settings\tepan\Local Settings\temp\csrss.exe (Trojan.Agent) -> No action taken.
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3729
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12.2.2010 10:47:34
mbam-log-2010-02-12 (10-47-20).txt
Typ kontroly: Kompletní kontrola (C:\|D:\|F:\|)
Zkontrolované objekty: 213630
Uplynulý čas: 2 hour(s), 12 minute(s), 29 second(s)
Infikované procesy v paměti: 2
Infikované moduly v paměti: 0
Infikované klíče registru: 18
Infikované hodnoty registru: 5
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 8
Infikované procesy v paměti:
C:\Documents and Settings\tepan\Data aplikací\csrss.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\tepan\Data aplikací\svchost.exe (Trojan.Delf) -> No action taken.
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5c0-4fcb-11cf-aax5-00401c608512} (Generic.Bot.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6rgy181e-8dn8-44d2-7k17-5038e1470846} (Generic.Bot.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{vhmd682l-8071-06e5-jt1s-h13ae34wvfgt} (Generic.Bot.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5c0-4fcb-11cf-aax5-00401c608512} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msn (Trojan.Delf) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\csrss (Trojan.Agent) -> No action taken.
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\WINDOWS\system32\drivers\svchosts.exe (Generic.Bot.H) -> No action taken.
C:\WINDOWS\system32\drivers\drivers.exe (Generic.Bot.H) -> No action taken.
F:\Documents and Settings\Mr Zdenek\My Documents\Filmy\Dinosaur-021216_1935 (D)\DivXPro502GAINBundle.exe (Adware.Gain) -> No action taken.
C:\Documents and Settings\tepan\Local Settings\temp\UuU.uUu (Malware.Trace) -> No action taken.
C:\Documents and Settings\tepan\Local Settings\temp\XxX.xXx (Malware.Trace) -> No action taken.
C:\Documents and Settings\tepan\Data aplikací\csrss.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\tepan\Data aplikací\svchost.exe (Trojan.Delf) -> No action taken.
C:\Documents and Settings\tepan\Local Settings\temp\csrss.exe (Trojan.Agent) -> No action taken.
Re: prosim o pomoc..problem s virem
OK, klikněte na Odstranit vše.
Pak sem pošlete log z ComboFix.
Stáhněte na plochu ComboFix.
▪ Před použitím ComboFixu je doporučeno vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
▪ Po spuštění potvrďte podmínky užití.
▪ Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujících se oken.
▪ Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem.
▪ ComboFix je třeba spustit pod účtem s právy administrátora.
Pak sem pošlete log z ComboFix.
Stáhněte na plochu ComboFix.
▪ Před použitím ComboFixu je doporučeno vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
▪ Po spuštění potvrďte podmínky užití.
▪ Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujících se oken.
▪ Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem.
▪ ComboFix je třeba spustit pod účtem s právy administrátora.
RSIT | OTMoveIt3 | Avenger | RootRepeal | GMER | AVPTool | CCleaner | T-Cleaner | ATF Cleaner | Win XP Manager | SVI
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému
Re: prosim o pomoc..problem s virem
ComboFix 10-02-12.01 - tepan 13.02.2010 16:50:22.6.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.609 [GMT 1:00]
Spuštěný z: d:\stazeno z dc\Z netu\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100213-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\tepan\blaabxxxababaa2.exe
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\btcore.dll
c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\4b15efda.torrent
c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\4b15f71d.torrent
c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\4b15f7d7.torrent
c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\4b15fa2a.torrent
c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\4b592662.torrent
c:\program files\FlashGet Network\FlashGet universal\btwrap.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.exe
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhocfg.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\ComDlls.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\flashget.xpi
c:\program files\FlashGet Network\FlashGet universal\ComDlls\FlashgetXpi.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\IFlashgetXpi.xpt
c:\program files\FlashGet Network\FlashGet universal\dbghelp.dll
c:\program files\FlashGet Network\FlashGet universal\DBTrans.dll
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\DBTransC.exe
c:\program files\FlashGet Network\FlashGet universal\ed2kwrap.dll
c:\program files\FlashGet Network\FlashGet universal\explorerbar.dll
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\FGVer.dll
c:\program files\FlashGet Network\FlashGet universal\flashget.exe
c:\program files\FlashGet Network\FlashGet universal\gt.exe
c:\program files\FlashGet Network\FlashGet universal\hashgen.dll
c:\program files\FlashGet Network\FlashGet universal\Help\license.txt
c:\program files\FlashGet Network\FlashGet universal\Help\Readme.txt
c:\program files\FlashGet Network\FlashGet universal\Help\WHATSNEW.TXT
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBatchLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBTTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Added.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddEMTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddHpFpLink.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlgEx.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksModern.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BrowserPlugins.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BTOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CategoryView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ComfirmWhenExitDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CommonDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ConfirmInvalidLinks.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ContextMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DefaultDownloadsDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DeleteFilesDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DetailStatus.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMServers.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExplorerPane.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExtensionRuleDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FG2SearchTopPlugin.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileRemovedDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FindTaskDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashgetAbout.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashGetDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FSUStatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageLoginDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HotResource.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HpFpOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\LogsOutput.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MACReader.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MonitorOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NormalOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NotifyOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Option.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\P4PPluginMain.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ProxySetting.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SearchBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Security.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityScan.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Shutdown.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\StatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskDefOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskListView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskNotify.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\UserListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\XpEnhance.ini
c:\program files\FlashGet Network\FlashGet universal\libupnp.dll
c:\program files\FlashGet Network\FlashGet universal\LiveUpdateUI.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\ComHelper.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Downstat.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\P4pclient.dll
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\iexplorer.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.xml
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\search.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\subscribe.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\SearchTop.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\FunctionalRepair.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Scanning.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SECURITY.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.xml
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SystemFix.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SamplerCli.dll
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SnapShot.dll
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\tasknotifier.dll
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCore.dll
c:\program files\FlashGet Network\FlashGet universal\p2pprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2snetio.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p2sprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2spwrap.dll
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\Skins\close_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify.wav
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_board.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_icon.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Back.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\BrowserBarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\FlashgetResource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\BrowserBarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Available.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\CategoryTreeCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloaded.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloading.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Favorite.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Flashget.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Release.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Rubbish.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Search.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\Expbar.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\garage.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\transfer.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\BT.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\EM.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\GlobalOptionCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\HpFp.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Monitor.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Notify.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Proxy.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\TaskDef.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MainMenuCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveDownTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveUpTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\MainToolbarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\MainToolbarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\InfoBkg.Bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\MonitorBkg.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Down.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\OutpuLogCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Up.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\All.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Book.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Bt.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Game.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Movie.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Music.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Phone.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Picture.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\SobarIconCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Software.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\hashing.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\OK.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pause.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pin.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Schedule.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Start.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\TaskListCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Upload.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Wait.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\storage.dll
c:\program files\FlashGet Network\FlashGet universal\SysOpt.exe
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\program files\FlashGet Network\FlashGet universal\uninst.exe
c:\program files\FlashGet Network\FlashGet universal\zlib.dll
c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\regedit.com
c:\windows\system32\Data
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-13 do 2010-02-13 )))))))))))))))))))))))))))))))
.
2010-02-12 07:29 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-12 07:28 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-05 13:25 . 2010-02-05 13:25 301056 ----a-w- c:\documents and settings\tepan\boooooooo.exe
2010-02-05 13:22 . 2010-02-05 13:22 301056 ----a-w- c:\documents and settings\tepan\dritt.exe
2010-02-04 22:29 . 2010-02-05 13:34 76800 ---h--w- c:\windows\system32\Windows_updater.exe
2010-02-04 01:26 . 2010-02-04 04:49 -------- d-----w- C:\TTDX
2010-02-03 22:07 . 2010-02-03 22:07 -------- d-----w- c:\program files\Total Video Converter 3.12
2010-02-03 21:47 . 2010-02-03 21:48 -------- d-----w- c:\program files\QuickMediaConverter
2010-02-03 13:40 . 2010-02-03 14:57 -------- d-----w- c:\program files\Aiseesoft Studio
2010-01-31 15:07 . 2007-10-03 15:21 9728 ----a-w- c:\windows\system32\drivers\anf0100.sys
2010-01-31 15:07 . 2010-01-31 15:08 -------- d-----w- c:\program files\IpSharkk
2010-01-31 13:11 . 2010-01-31 13:11 -------- d-----w- C:\MPS
2010-01-31 11:18 . 2010-01-31 11:18 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-27 10:17 . 2010-02-03 15:00 -------- d-----w- c:\program files\Total Video Converter
2010-01-21 14:17 . 2010-01-21 14:37 -------- d-----w- c:\program files\DreamCom
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 15:54 . 2008-12-29 00:36 -------- d-----w- c:\program files\ICQ6.5
2010-02-13 15:38 . 2010-02-13 15:38 390144 ----a-w- c:\windows\system32\CF359.exe
2010-02-13 15:37 . 2010-02-13 15:38 390144 ----a-w- c:\windows\system32\CF183.exe
2010-02-13 14:25 . 2010-02-13 14:26 390144 ----a-w- c:\windows\system32\CF18830.exe
2010-02-12 07:29 . 2008-12-27 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-03 15:22 . 2008-07-14 14:05 -------- d-----r- c:\program files\Skype
2010-02-03 15:01 . 2008-07-05 14:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-31 13:50 . 2009-11-07 11:31 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-31 13:50 . 2009-11-07 11:31 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-31 13:48 . 2008-07-18 07:11 -------- d-----w- c:\program files\Webteh
2010-01-31 13:19 . 2009-12-29 20:46 -------- d-----w- c:\program files\StormWare
2010-01-31 13:17 . 2008-09-29 15:17 -------- d-----w- c:\program files\Alcohol Soft
2010-01-29 08:48 . 2009-12-29 20:46 -------- d-----w- c:\program files\Common Files\STORMWARE Shared
2010-01-20 11:21 . 2009-11-28 12:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-17 07:38 . 2009-11-30 01:54 -------- d-----w- c:\program files\The KMPlayer
2009-12-26 12:29 . 2009-11-01 16:04 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-26 12:29 . 2009-11-01 16:04 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-23 23:31 . 2009-10-23 16:39 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-12-21 19:08 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-09 19:26 . 2001-10-25 14:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-12-09 19:26 . 2001-10-25 14:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-12-06 18:48 . 2009-12-06 18:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-24 23:54 . 2008-07-06 13:56 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-07-06 13:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-07-06 13:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-07-06 19:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-07-06 19:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-07-06 13:56 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-07-06 13:56 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-07-06 13:56 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-07-06 13:56 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-11-23 06:13 . 2008-11-23 06:08 3391 ----a-w- c:\program files\Trefik_Nast.ini
2008-11-23 06:09 . 2008-11-23 06:08 731 ----a-w- c:\program files\hint.htm
2008-11-23 06:08 . 2008-11-23 06:08 14140 ----a-w- c:\program files\hints.txt
2008-11-23 06:08 . 2008-11-23 06:08 0 ----a-w- c:\program files\Trefik_Nast1.ini
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2002-12-03 49152]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"IpSharkk"="c:\program files\IpSharkk\IpSharkk.exe" [2008-09-11 716800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112]
"P17Helper"="P17.dll" [2007-12-28 65536]
"CTSysVol"="c:\program files\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-11-06 570664]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-11 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2009-10-12 262144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Strong dc\\StrongDC.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\IpSharkk\\IpSharkk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [28.6.2009 16:29 5248]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28.6.2009 5:06 64160]
R1 anf0100.sys;anf0100.sys;c:\windows\system32\drivers\anf0100.sys [31.1.2010 16:07 9728]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6.7.2008 20:50 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.7.2008 20:50 20560]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [28.6.2009 16:29 160640]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.7.2008 18:27 691696]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - uphcleanhlp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5DD29C79-0A94-FBDA-DA30-B2BCFF5BB0AD}]
2010-02-05 13:34 76800 ---h--w- c:\windows\system32\Windows_updater.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-02-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
2010-02-13 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
TCP: {4ADDC832-6756-4EB9-A6DF-068620BB9809} = 1.1.1.1,1.1.1.17
FF - ProfilePath - c:\documents and settings\tepan\Data aplikací\Mozilla\Firefox\Profiles\oufdh9bz.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-windows live update - c:\windows\system32\drivers\svchosts.exe
HKCU-Run-Windows Live installer 1214 - c:\windows\system32\drivers\drivers.exe
HKLM-Run-FlashGet - c:\program files\FlashGet Network\FlashGet universal\FlashGet.exe
HKLM-Run-Windows Live installer 123 - c:\windows\system32\drivers\drivers.exe
HKLM-Run-windows live update - c:\windows\system32\drivers\svchosts.exe
HKLM-Explorer_Run-Windows Live Update 434 - c:\windows\system32\drivers\drivers.exe
HKLM-Explorer_Run-windows live update121 - c:\windows\system32\drivers\svchosts.exe
HKCU-Explorer_Run-windows live update121 - c:\windows\system32\drivers\svchosts.exe
HKCU-Explorer_Run-Windows Live Update 434 - c:\windows\system32\drivers\drivers.exe
AddRemove-FlashGet 2.0 - c:\program files\FlashGet Network\FlashGet universal\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 16:54
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2000478354-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5CBAED1B-D2D1-17D4-AB0D-A79783D6DD99}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2a77bdb2-e018-4db8-8fe0-ed264f01e8b8}]
@Denied: (Full) (Everyone)
"Model"=dword:00000132
"Therad"=dword:00000008
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3d,1b,b7,09,42,d9,34,7c,c9,bb,05,ba,24,be,b0,31,43,47,33,c3,2d,
ac,e7,7c,c0,6f,d5,00,be,bc,79,2e,62,77,ba,61,e1,c8,8d,55,00,00,00,00,00,00,\
.
Celkový čas: 2010-02-13 16:56:56
ComboFix-quarantined-files.txt 2010-02-13 15:56
Před spuštěním: 1 098 493 952
Po spuštění: 1 044 078 592
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 6FAF5A62E1FC695416EC6F250E1393CA
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.609 [GMT 1:00]
Spuštěný z: d:\stazeno z dc\Z netu\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100213-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\tepan\blaabxxxababaa2.exe
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\btcore.dll
c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\4b15efda.torrent
c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\4b15f71d.torrent
c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\4b15f7d7.torrent
c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\4b15fa2a.torrent
c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\4b592662.torrent
c:\program files\FlashGet Network\FlashGet universal\btwrap.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.exe
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhocfg.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\ComDlls.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\flashget.xpi
c:\program files\FlashGet Network\FlashGet universal\ComDlls\FlashgetXpi.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\IFlashgetXpi.xpt
c:\program files\FlashGet Network\FlashGet universal\dbghelp.dll
c:\program files\FlashGet Network\FlashGet universal\DBTrans.dll
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\DBTransC.exe
c:\program files\FlashGet Network\FlashGet universal\ed2kwrap.dll
c:\program files\FlashGet Network\FlashGet universal\explorerbar.dll
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\FGVer.dll
c:\program files\FlashGet Network\FlashGet universal\flashget.exe
c:\program files\FlashGet Network\FlashGet universal\gt.exe
c:\program files\FlashGet Network\FlashGet universal\hashgen.dll
c:\program files\FlashGet Network\FlashGet universal\Help\license.txt
c:\program files\FlashGet Network\FlashGet universal\Help\Readme.txt
c:\program files\FlashGet Network\FlashGet universal\Help\WHATSNEW.TXT
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBatchLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBTTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Added.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddEMTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddHpFpLink.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlgEx.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksModern.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BrowserPlugins.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BTOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CategoryView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ComfirmWhenExitDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CommonDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ConfirmInvalidLinks.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ContextMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DefaultDownloadsDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DeleteFilesDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DetailStatus.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMServers.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExplorerPane.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExtensionRuleDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FG2SearchTopPlugin.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileRemovedDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FindTaskDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashgetAbout.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashGetDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FSUStatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageLoginDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HotResource.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HpFpOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\LogsOutput.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MACReader.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MonitorOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NormalOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NotifyOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Option.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\P4PPluginMain.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ProxySetting.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SearchBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Security.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityScan.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Shutdown.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\StatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskDefOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskListView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskNotify.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\UserListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\XpEnhance.ini
c:\program files\FlashGet Network\FlashGet universal\libupnp.dll
c:\program files\FlashGet Network\FlashGet universal\LiveUpdateUI.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\ComHelper.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Downstat.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\P4pclient.dll
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\iexplorer.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.xml
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\search.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\subscribe.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\SearchTop.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\FunctionalRepair.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Scanning.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SECURITY.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.xml
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SystemFix.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SamplerCli.dll
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SnapShot.dll
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\tasknotifier.dll
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCore.dll
c:\program files\FlashGet Network\FlashGet universal\p2pprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2snetio.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p2sprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2spwrap.dll
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\Skins\close_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify.wav
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_board.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_icon.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Back.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\BrowserBarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\FlashgetResource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\BrowserBarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Available.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\CategoryTreeCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloaded.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloading.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Favorite.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Flashget.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Release.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Rubbish.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Search.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\Expbar.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\garage.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\transfer.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\BT.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\EM.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\GlobalOptionCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\HpFp.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Monitor.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Notify.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Proxy.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\TaskDef.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MainMenuCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveDownTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveUpTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\MainToolbarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\MainToolbarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\InfoBkg.Bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\MonitorBkg.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Down.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\OutpuLogCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Up.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\All.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Book.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Bt.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Game.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Movie.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Music.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Phone.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Picture.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\SobarIconCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Software.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\hashing.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\OK.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pause.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pin.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Schedule.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Start.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\TaskListCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Upload.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Wait.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\storage.dll
c:\program files\FlashGet Network\FlashGet universal\SysOpt.exe
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\program files\FlashGet Network\FlashGet universal\uninst.exe
c:\program files\FlashGet Network\FlashGet universal\zlib.dll
c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\regedit.com
c:\windows\system32\Data
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-13 do 2010-02-13 )))))))))))))))))))))))))))))))
.
2010-02-12 07:29 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-12 07:28 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-05 13:25 . 2010-02-05 13:25 301056 ----a-w- c:\documents and settings\tepan\boooooooo.exe
2010-02-05 13:22 . 2010-02-05 13:22 301056 ----a-w- c:\documents and settings\tepan\dritt.exe
2010-02-04 22:29 . 2010-02-05 13:34 76800 ---h--w- c:\windows\system32\Windows_updater.exe
2010-02-04 01:26 . 2010-02-04 04:49 -------- d-----w- C:\TTDX
2010-02-03 22:07 . 2010-02-03 22:07 -------- d-----w- c:\program files\Total Video Converter 3.12
2010-02-03 21:47 . 2010-02-03 21:48 -------- d-----w- c:\program files\QuickMediaConverter
2010-02-03 13:40 . 2010-02-03 14:57 -------- d-----w- c:\program files\Aiseesoft Studio
2010-01-31 15:07 . 2007-10-03 15:21 9728 ----a-w- c:\windows\system32\drivers\anf0100.sys
2010-01-31 15:07 . 2010-01-31 15:08 -------- d-----w- c:\program files\IpSharkk
2010-01-31 13:11 . 2010-01-31 13:11 -------- d-----w- C:\MPS
2010-01-31 11:18 . 2010-01-31 11:18 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-27 10:17 . 2010-02-03 15:00 -------- d-----w- c:\program files\Total Video Converter
2010-01-21 14:17 . 2010-01-21 14:37 -------- d-----w- c:\program files\DreamCom
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 15:54 . 2008-12-29 00:36 -------- d-----w- c:\program files\ICQ6.5
2010-02-13 15:38 . 2010-02-13 15:38 390144 ----a-w- c:\windows\system32\CF359.exe
2010-02-13 15:37 . 2010-02-13 15:38 390144 ----a-w- c:\windows\system32\CF183.exe
2010-02-13 14:25 . 2010-02-13 14:26 390144 ----a-w- c:\windows\system32\CF18830.exe
2010-02-12 07:29 . 2008-12-27 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-03 15:22 . 2008-07-14 14:05 -------- d-----r- c:\program files\Skype
2010-02-03 15:01 . 2008-07-05 14:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-31 13:50 . 2009-11-07 11:31 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-31 13:50 . 2009-11-07 11:31 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-31 13:48 . 2008-07-18 07:11 -------- d-----w- c:\program files\Webteh
2010-01-31 13:19 . 2009-12-29 20:46 -------- d-----w- c:\program files\StormWare
2010-01-31 13:17 . 2008-09-29 15:17 -------- d-----w- c:\program files\Alcohol Soft
2010-01-29 08:48 . 2009-12-29 20:46 -------- d-----w- c:\program files\Common Files\STORMWARE Shared
2010-01-20 11:21 . 2009-11-28 12:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-17 07:38 . 2009-11-30 01:54 -------- d-----w- c:\program files\The KMPlayer
2009-12-26 12:29 . 2009-11-01 16:04 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-26 12:29 . 2009-11-01 16:04 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-23 23:31 . 2009-10-23 16:39 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-12-21 19:08 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-09 19:26 . 2001-10-25 14:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-12-09 19:26 . 2001-10-25 14:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-12-06 18:48 . 2009-12-06 18:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-24 23:54 . 2008-07-06 13:56 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-07-06 13:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-07-06 13:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-07-06 19:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-07-06 19:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-07-06 13:56 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-07-06 13:56 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-07-06 13:56 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-07-06 13:56 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-11-23 06:13 . 2008-11-23 06:08 3391 ----a-w- c:\program files\Trefik_Nast.ini
2008-11-23 06:09 . 2008-11-23 06:08 731 ----a-w- c:\program files\hint.htm
2008-11-23 06:08 . 2008-11-23 06:08 14140 ----a-w- c:\program files\hints.txt
2008-11-23 06:08 . 2008-11-23 06:08 0 ----a-w- c:\program files\Trefik_Nast1.ini
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2002-12-03 49152]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"IpSharkk"="c:\program files\IpSharkk\IpSharkk.exe" [2008-09-11 716800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112]
"P17Helper"="P17.dll" [2007-12-28 65536]
"CTSysVol"="c:\program files\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-11-06 570664]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-11 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2009-10-12 262144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Strong dc\\StrongDC.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\IpSharkk\\IpSharkk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [28.6.2009 16:29 5248]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28.6.2009 5:06 64160]
R1 anf0100.sys;anf0100.sys;c:\windows\system32\drivers\anf0100.sys [31.1.2010 16:07 9728]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6.7.2008 20:50 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.7.2008 20:50 20560]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [28.6.2009 16:29 160640]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.7.2008 18:27 691696]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - uphcleanhlp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5DD29C79-0A94-FBDA-DA30-B2BCFF5BB0AD}]
2010-02-05 13:34 76800 ---h--w- c:\windows\system32\Windows_updater.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-02-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
2010-02-13 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
TCP: {4ADDC832-6756-4EB9-A6DF-068620BB9809} = 1.1.1.1,1.1.1.17
FF - ProfilePath - c:\documents and settings\tepan\Data aplikací\Mozilla\Firefox\Profiles\oufdh9bz.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-windows live update - c:\windows\system32\drivers\svchosts.exe
HKCU-Run-Windows Live installer 1214 - c:\windows\system32\drivers\drivers.exe
HKLM-Run-FlashGet - c:\program files\FlashGet Network\FlashGet universal\FlashGet.exe
HKLM-Run-Windows Live installer 123 - c:\windows\system32\drivers\drivers.exe
HKLM-Run-windows live update - c:\windows\system32\drivers\svchosts.exe
HKLM-Explorer_Run-Windows Live Update 434 - c:\windows\system32\drivers\drivers.exe
HKLM-Explorer_Run-windows live update121 - c:\windows\system32\drivers\svchosts.exe
HKCU-Explorer_Run-windows live update121 - c:\windows\system32\drivers\svchosts.exe
HKCU-Explorer_Run-Windows Live Update 434 - c:\windows\system32\drivers\drivers.exe
AddRemove-FlashGet 2.0 - c:\program files\FlashGet Network\FlashGet universal\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 16:54
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2000478354-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5CBAED1B-D2D1-17D4-AB0D-A79783D6DD99}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2a77bdb2-e018-4db8-8fe0-ed264f01e8b8}]
@Denied: (Full) (Everyone)
"Model"=dword:00000132
"Therad"=dword:00000008
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3d,1b,b7,09,42,d9,34,7c,c9,bb,05,ba,24,be,b0,31,43,47,33,c3,2d,
ac,e7,7c,c0,6f,d5,00,be,bc,79,2e,62,77,ba,61,e1,c8,8d,55,00,00,00,00,00,00,\
.
Celkový čas: 2010-02-13 16:56:56
ComboFix-quarantined-files.txt 2010-02-13 15:56
Před spuštěním: 1 098 493 952
Po spuštění: 1 044 078 592
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 6FAF5A62E1FC695416EC6F250E1393CA
Re: prosim o pomoc..problem s virem
Tyto soubory:
c:\program files\IpSharkk\IpSharkk.exe
c:\windows\system32\Windows_updater.exe
c:\documents and settings\tepan\boooooooo.exe
c:\documents and settings\tepan\dritt.exe
otestujte na virustotal.com a vložte sem pouze odkazy (linky) k výsledkům.
Pokud se u nějakého souboru zobrazí, že už dříve byl testován, klikněte na tlačítko Otestovat soubor znovu.
(Poznámka: pokud by nějaké soubory nebyly k nalezení, přesvědčte se, zda máte zapnuté zobrazování skrytých souborů a složek, pokud ne, tak Nabídka Start -> Ovládací panely -> Možnosti složky -> Zobrazení -> Zobrazovat skryté soubory a složky -> OK)
c:\program files\IpSharkk\IpSharkk.exe
c:\windows\system32\Windows_updater.exe
c:\documents and settings\tepan\boooooooo.exe
c:\documents and settings\tepan\dritt.exe
otestujte na virustotal.com a vložte sem pouze odkazy (linky) k výsledkům.
Pokud se u nějakého souboru zobrazí, že už dříve byl testován, klikněte na tlačítko Otestovat soubor znovu.
(Poznámka: pokud by nějaké soubory nebyly k nalezení, přesvědčte se, zda máte zapnuté zobrazování skrytých souborů a složek, pokud ne, tak Nabídka Start -> Ovládací panely -> Možnosti složky -> Zobrazení -> Zobrazovat skryté soubory a složky -> OK)
RSIT | OTMoveIt3 | Avenger | RootRepeal | GMER | AVPTool | CCleaner | T-Cleaner | ATF Cleaner | Win XP Manager | SVI
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému
Re: prosim o pomoc..problem s virem
http://www.virustotal.com/cs/analisis/b ... 1266088445
http://www.virustotal.com/cs/analisis/2 ... 1266088941
http://www.virustotal.com/cs/analisis/2 ... 1266089055
omlouvam se,ale takovyto soubor c:\windows\system32\Windows_updater.exe jsem nenasel a to ani ve vyhledavaci
http://www.virustotal.com/cs/analisis/2 ... 1266088941
http://www.virustotal.com/cs/analisis/2 ... 1266089055
omlouvam se,ale takovyto soubor c:\windows\system32\Windows_updater.exe jsem nenasel a to ani ve vyhledavaci
Re: prosim o pomoc..problem s virem
Otevřete poznámkový blok, tam vložte tohle:
Soubor uložte jako Script.bat (nutno přepsat příponu z .txt na .bat), a soubor otevřete (2x klik levým tl. myši na soubor), chvilku počkejte, vyskočí find.txt, jehož obsah pošlete sem.
Kód: Vybrat vše
@echo off
echo. >> %temp%\find.log
echo. >> %temp%\find.log
for %%a in (
Windows_updater.exe
) do (
echo. "%%~a": >> %temp%\find.log && dir /b/s/a-d "%localdisk%\%%~a" >> %temp%\find.log && echo. >> %temp%\find.log
)
start %temp%\find.log
exit
RSIT | OTMoveIt3 | Avenger | RootRepeal | GMER | AVPTool | CCleaner | T-Cleaner | ATF Cleaner | Win XP Manager | SVI
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému
Re: prosim o pomoc..problem s virem
"Windows_updater.exe":
C:\WINDOWS\system32\Windows_updater.exe
a chtel bych jeste dodat,ze ted uz se nejaky den pocitac nechce nekdy ani vypnout.Jen "natvrdo".takze v poradku urcite neni..ty odkazy co jsem sem dal,mam nektere z tech souboru smazat?
C:\WINDOWS\system32\Windows_updater.exe
a chtel bych jeste dodat,ze ted uz se nejaky den pocitac nechce nekdy ani vypnout.Jen "natvrdo".takze v poradku urcite neni..ty odkazy co jsem sem dal,mam nektere z tech souboru smazat?
Re: prosim o pomoc..problem s virem
Prozatím ne, k tomu se dostaneme.
Otestujte na virustotal.com tento soubor:
C:\WINDOWS\system32\Windows_updater.exe
Musíte ovšem povolit zobrazování skrytých a systémových souborů. Soubor tam je
Otestujte na virustotal.com tento soubor:
C:\WINDOWS\system32\Windows_updater.exe
Musíte ovšem povolit zobrazování skrytých a systémových souborů. Soubor tam je
RSIT | OTMoveIt3 | Avenger | RootRepeal | GMER | AVPTool | CCleaner | T-Cleaner | ATF Cleaner | Win XP Manager | SVI
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému
Re: prosim o pomoc..problem s virem
Přesuňte Combofix na plochu (pokud tam již není)
K následujícímu úkonu je potřeba, abyste měl/a administrátorská práva
Otevřete poznámkový blok (Notepad) a zkopírujte do něj následující text:
Soubor uložte na plochu jako CFScript.txt a podle obrázku přetáhněte nad ComboFix:
spustí se ComboFix a vykoná příkaz ze skriptu - potom pošlete nový log
K následujícímu úkonu je potřeba, abyste měl/a administrátorská práva
Otevřete poznámkový blok (Notepad) a zkopírujte do něj následující text:
Kód: Vybrat vše
KillAll::
File::
c:\windows\system32\Windows_updater.exe
c:\documents and settings\tepan\boooooooo.exe
c:\documents and settings\tepan\dritt.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5DD29C79-0A94-FBDA-DA30-B2BCFF5BB0AD}]
RegNull::
[HKEY_USERS\S-1-5-21-2000478354-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5CBAED1B-D2D1-17D4-AB0D-A79783D6DD99}*]
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2a77bdb2-e018-4db8-8fe0-ed264f01e8b8}]
spustí se ComboFix a vykoná příkaz ze skriptu - potom pošlete nový log
RSIT | OTMoveIt3 | Avenger | RootRepeal | GMER | AVPTool | CCleaner | T-Cleaner | ATF Cleaner | Win XP Manager | SVI
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému
Re: prosim o pomoc..problem s virem
omlouvan se ,ale neivm,co si mam predsstavit pod pojmem "Administrovska prava",a jak pod nemi pracovat
Re: prosim o pomoc..problem s virem
Omluva za vstup
Pokud máte na počítači víc uživatelských učtů, tak by jste měl být pod tím, který může dělat vše - tedy ne pod učtem s omezenými právy.
Pokud máte jen jeden uživatelský učet, tak ten by měl mít administrátorská práva
Pokud máte na počítači víc uživatelských učtů, tak by jste měl být pod tím, který může dělat vše - tedy ne pod učtem s omezenými právy.
Pokud máte jen jeden uživatelský učet, tak ten by měl mít administrátorská práva
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: prosim o pomoc..problem s virem
ComboFix 10-02-12.01 - tepan 16.02.2010 17:16:08.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.552 [GMT 1:00]
Spuštěný z: d:\stazeno z dc\Z netu\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\tepan\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100216-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FILE ::
"c:\documents and settings\tepan\boooooooo.exe"
"c:\documents and settings\tepan\dritt.exe"
"c:\windows\system32\Windows_updater.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\tepan\boooooooo.exe
c:\documents and settings\tepan\dritt.exe
c:\windows\system32\Windows_updater.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-16 do 2010-02-16 )))))))))))))))))))))))))))))))
.
2010-02-13 23:10 . 2010-02-13 23:11 254 ----a-w- c:\documents and settings\tepan\script.bat
2010-02-13 15:38 . 2010-02-13 15:38 390144 ----a-w- c:\windows\system32\CF359.exe
2010-02-13 15:38 . 2010-02-13 15:37 390144 ----a-w- c:\windows\system32\CF183.exe
2010-02-13 14:26 . 2010-02-13 14:25 390144 ----a-w- c:\windows\system32\CF18830.exe
2010-02-12 07:29 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-12 07:28 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-04 01:26 . 2010-02-04 04:49 -------- d-----w- C:\TTDX
2010-02-03 22:07 . 2010-02-03 22:07 -------- d-----w- c:\program files\Total Video Converter 3.12
2010-02-03 21:47 . 2010-02-03 21:48 -------- d-----w- c:\program files\QuickMediaConverter
2010-02-03 13:40 . 2010-02-03 14:57 -------- d-----w- c:\program files\Aiseesoft Studio
2010-01-31 15:07 . 2007-10-03 15:21 9728 ----a-w- c:\windows\system32\drivers\anf0100.sys
2010-01-31 15:07 . 2010-01-31 15:08 -------- d-----w- c:\program files\IpSharkk
2010-01-31 13:11 . 2010-01-31 13:11 -------- d-----w- C:\MPS
2010-01-31 11:18 . 2010-01-31 11:18 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-27 10:17 . 2010-02-03 15:00 -------- d-----w- c:\program files\Total Video Converter
2010-01-21 14:17 . 2010-01-21 14:37 -------- d-----w- c:\program files\DreamCom
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 15:54 . 2008-12-29 00:36 -------- d-----w- c:\program files\ICQ6.5
2010-02-12 07:29 . 2008-12-27 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-03 15:22 . 2008-07-14 14:05 -------- d-----r- c:\program files\Skype
2010-02-03 15:01 . 2008-07-05 14:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-31 13:50 . 2009-11-07 11:31 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-31 13:50 . 2009-11-07 11:31 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-31 13:48 . 2008-07-18 07:11 -------- d-----w- c:\program files\Webteh
2010-01-31 13:19 . 2009-12-29 20:46 -------- d-----w- c:\program files\StormWare
2010-01-31 13:17 . 2008-09-29 15:17 -------- d-----w- c:\program files\Alcohol Soft
2010-01-29 08:48 . 2009-12-29 20:46 -------- d-----w- c:\program files\Common Files\STORMWARE Shared
2010-01-20 11:21 . 2009-11-28 12:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-17 07:38 . 2009-11-30 01:54 -------- d-----w- c:\program files\The KMPlayer
2009-12-31 16:50 . 2004-08-03 21:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-26 12:29 . 2009-11-01 16:04 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-26 12:29 . 2009-11-01 16:04 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-23 23:31 . 2009-10-23 16:39 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-12-21 19:08 . 2004-08-17 13:49 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-07-05 14:24 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 19:26 . 2001-10-25 14:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-12-09 19:26 . 2001-10-25 14:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-12-06 18:48 . 2009-12-06 18:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-04 18:22 . 2004-08-03 21:15 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-17 13:49 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2001-10-25 14:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2004-08-17 13:49 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 13:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-24 23:54 . 2008-07-06 13:56 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-07-06 13:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-07-06 13:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-07-06 19:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-07-06 19:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-07-06 13:56 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-07-06 13:56 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-07-06 13:56 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-07-06 13:56 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-11-23 06:13 . 2008-11-23 06:08 3391 ----a-w- c:\program files\Trefik_Nast.ini
2008-11-23 06:09 . 2008-11-23 06:08 731 ----a-w- c:\program files\hint.htm
2008-11-23 06:08 . 2008-11-23 06:08 14140 ----a-w- c:\program files\hints.txt
2008-11-23 06:08 . 2008-11-23 06:08 0 ----a-w- c:\program files\Trefik_Nast1.ini
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2002-12-03 49152]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"IpSharkk"="c:\program files\IpSharkk\IpSharkk.exe" [2008-09-11 716800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112]
"P17Helper"="P17.dll" [2007-12-28 65536]
"CTSysVol"="c:\program files\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-11-06 570664]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-11 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2009-10-12 262144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Strong dc\\StrongDC.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\IpSharkk\\IpSharkk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [28.6.2009 16:29 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [28.6.2009 16:29 5248]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28.6.2009 5:06 64160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.7.2008 18:27 691696]
R1 anf0100.sys;anf0100.sys;c:\windows\system32\drivers\anf0100.sys [31.1.2010 16:07 9728]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6.7.2008 20:50 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.7.2008 20:50 20560]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - uphcleanhlp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-02-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
2010-02-16 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
TCP: {4ADDC832-6756-4EB9-A6DF-068620BB9809} = 1.1.1.1,1.1.1.17
FF - ProfilePath - c:\documents and settings\tepan\Data aplikací\Mozilla\Firefox\Profiles\oufdh9bz.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 17:22
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spau.sys >>UNKNOWN [0x86B91938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf730bcb8
\Driver\atapi -> atapi.sys @ 0xf72a0b40
IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a05a9
ParseProcedure -> TUKERNEL.EXE @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a05a9
ParseProcedure -> TUKERNEL.EXE @ 0x8056ea15
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf717fbb0
PacketIndicateHandler -> NDIS.sys @ 0xf716ea0d
SendHandler -> NDIS.sys @ 0xf7182b40
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3d,1b,b7,09,42,d9,34,7c,c9,bb,05,ba,24,be,b0,31,43,47,33,c3,2d,
ac,e7,7c,c0,6f,d5,00,be,bc,79,2e,62,77,ba,61,e1,c8,8d,55,00,00,00,00,00,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(1964)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\ATKKBService.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\Rundll32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\System32\TUProgSt.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\UTSCSI.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2010-02-16 17:27:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-16 16:27
ComboFix2.txt 2010-02-13 15:56
Před spuštěním: 1 000 878 080
Po spuštění: 950 296 576
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 4D4E0DF57EC1B4F4BFF60E16E3C9EDBC
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.552 [GMT 1:00]
Spuštěný z: d:\stazeno z dc\Z netu\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\tepan\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100216-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FILE ::
"c:\documents and settings\tepan\boooooooo.exe"
"c:\documents and settings\tepan\dritt.exe"
"c:\windows\system32\Windows_updater.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\tepan\boooooooo.exe
c:\documents and settings\tepan\dritt.exe
c:\windows\system32\Windows_updater.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-16 do 2010-02-16 )))))))))))))))))))))))))))))))
.
2010-02-13 23:10 . 2010-02-13 23:11 254 ----a-w- c:\documents and settings\tepan\script.bat
2010-02-13 15:38 . 2010-02-13 15:38 390144 ----a-w- c:\windows\system32\CF359.exe
2010-02-13 15:38 . 2010-02-13 15:37 390144 ----a-w- c:\windows\system32\CF183.exe
2010-02-13 14:26 . 2010-02-13 14:25 390144 ----a-w- c:\windows\system32\CF18830.exe
2010-02-12 07:29 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-12 07:28 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-04 01:26 . 2010-02-04 04:49 -------- d-----w- C:\TTDX
2010-02-03 22:07 . 2010-02-03 22:07 -------- d-----w- c:\program files\Total Video Converter 3.12
2010-02-03 21:47 . 2010-02-03 21:48 -------- d-----w- c:\program files\QuickMediaConverter
2010-02-03 13:40 . 2010-02-03 14:57 -------- d-----w- c:\program files\Aiseesoft Studio
2010-01-31 15:07 . 2007-10-03 15:21 9728 ----a-w- c:\windows\system32\drivers\anf0100.sys
2010-01-31 15:07 . 2010-01-31 15:08 -------- d-----w- c:\program files\IpSharkk
2010-01-31 13:11 . 2010-01-31 13:11 -------- d-----w- C:\MPS
2010-01-31 11:18 . 2010-01-31 11:18 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-27 10:17 . 2010-02-03 15:00 -------- d-----w- c:\program files\Total Video Converter
2010-01-21 14:17 . 2010-01-21 14:37 -------- d-----w- c:\program files\DreamCom
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 15:54 . 2008-12-29 00:36 -------- d-----w- c:\program files\ICQ6.5
2010-02-12 07:29 . 2008-12-27 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-03 15:22 . 2008-07-14 14:05 -------- d-----r- c:\program files\Skype
2010-02-03 15:01 . 2008-07-05 14:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-31 13:50 . 2009-11-07 11:31 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-31 13:50 . 2009-11-07 11:31 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-31 13:48 . 2008-07-18 07:11 -------- d-----w- c:\program files\Webteh
2010-01-31 13:19 . 2009-12-29 20:46 -------- d-----w- c:\program files\StormWare
2010-01-31 13:17 . 2008-09-29 15:17 -------- d-----w- c:\program files\Alcohol Soft
2010-01-29 08:48 . 2009-12-29 20:46 -------- d-----w- c:\program files\Common Files\STORMWARE Shared
2010-01-20 11:21 . 2009-11-28 12:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-17 07:38 . 2009-11-30 01:54 -------- d-----w- c:\program files\The KMPlayer
2009-12-31 16:50 . 2004-08-03 21:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-26 12:29 . 2009-11-01 16:04 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-26 12:29 . 2009-11-01 16:04 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-23 23:31 . 2009-10-23 16:39 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-12-21 19:08 . 2004-08-17 13:49 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-07-05 14:24 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 19:26 . 2001-10-25 14:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-12-09 19:26 . 2001-10-25 14:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-12-06 18:48 . 2009-12-06 18:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-04 18:22 . 2004-08-03 21:15 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-17 13:49 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2001-10-25 14:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2004-08-17 13:49 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 13:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-24 23:54 . 2008-07-06 13:56 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-07-06 13:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-07-06 13:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-07-06 19:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-07-06 19:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-07-06 13:56 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-07-06 13:56 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-07-06 13:56 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-07-06 13:56 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-11-23 06:13 . 2008-11-23 06:08 3391 ----a-w- c:\program files\Trefik_Nast.ini
2008-11-23 06:09 . 2008-11-23 06:08 731 ----a-w- c:\program files\hint.htm
2008-11-23 06:08 . 2008-11-23 06:08 14140 ----a-w- c:\program files\hints.txt
2008-11-23 06:08 . 2008-11-23 06:08 0 ----a-w- c:\program files\Trefik_Nast1.ini
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2002-12-03 49152]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"IpSharkk"="c:\program files\IpSharkk\IpSharkk.exe" [2008-09-11 716800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112]
"P17Helper"="P17.dll" [2007-12-28 65536]
"CTSysVol"="c:\program files\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-11-06 570664]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-11 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2009-10-12 262144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Strong dc\\StrongDC.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\IpSharkk\\IpSharkk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [28.6.2009 16:29 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [28.6.2009 16:29 5248]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28.6.2009 5:06 64160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.7.2008 18:27 691696]
R1 anf0100.sys;anf0100.sys;c:\windows\system32\drivers\anf0100.sys [31.1.2010 16:07 9728]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6.7.2008 20:50 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.7.2008 20:50 20560]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - uphcleanhlp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-02-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
2010-02-16 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
TCP: {4ADDC832-6756-4EB9-A6DF-068620BB9809} = 1.1.1.1,1.1.1.17
FF - ProfilePath - c:\documents and settings\tepan\Data aplikací\Mozilla\Firefox\Profiles\oufdh9bz.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 17:22
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spau.sys >>UNKNOWN [0x86B91938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf730bcb8
\Driver\atapi -> atapi.sys @ 0xf72a0b40
IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a05a9
ParseProcedure -> TUKERNEL.EXE @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a05a9
ParseProcedure -> TUKERNEL.EXE @ 0x8056ea15
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf717fbb0
PacketIndicateHandler -> NDIS.sys @ 0xf716ea0d
SendHandler -> NDIS.sys @ 0xf7182b40
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3d,1b,b7,09,42,d9,34,7c,c9,bb,05,ba,24,be,b0,31,43,47,33,c3,2d,
ac,e7,7c,c0,6f,d5,00,be,bc,79,2e,62,77,ba,61,e1,c8,8d,55,00,00,00,00,00,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(1964)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\ATKKBService.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\Rundll32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\System32\TUProgSt.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\UTSCSI.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2010-02-16 17:27:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-16 16:27
ComboFix2.txt 2010-02-13 15:56
Před spuštěním: 1 000 878 080
Po spuštění: 950 296 576
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 4D4E0DF57EC1B4F4BFF60E16E3C9EDBC