zdarec pořeboval bych poradit, díky
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:36:42, on 20.9.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Users\Michal\AppData\Roaming\Adobe\Manager.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [lphc9qvj0ee8l] C:\Windows\system32\lphc9qvj0ee8l.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [Run] "C:\Users\Michal\AppData\Roaming\Adobe\Manager.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://213.192.55.254/RtspVaPgDec.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\eNetHook.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spot (SpotGPSMaxim) - NXP Software B.V. - C:\Program Files\AVerMediaGPS\Services\Spot2741.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9182 bytes
nejakej červ...
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: nejakej červ...
Jestli máš Norton Internet Security , tak odinstaluj Spyware Terminátor.
Odinstaluj i DAEMON Tools Toolbar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Odinstaluj i DAEMON Tools Toolbar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Kód: Vybrat vše
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [lphc9qvj0ee8l] C:\Windows\system32\lphc9qvj0ee8l.exe
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: nejakej červ...
Malwarebytes' Anti-Malware 1.41
Verze databáze: 2836
Windows 6.0.6002 Service Pack 2
21.9.2009 14:21:44
mbam-log-2009-09-21 (14-21-26).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 90785
Uplynulý čas: 4 minute(s), 2 second(s)
Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2
Infikované procesy v paměti:
C:\Users\Michal\AppData\Roaming\Adobe\Manager.exe (Trojan.Agent) -> No action taken.
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Sellmosoft (Rogue.Multiple) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\run (Trojan.Agent) -> No action taken.
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\Users\Michal\AppData\Roaming\Adobe\Manager.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\lphc9qvj0ee8l.exe (Trojan.FakeAlert) -> No action taken.
Verze databáze: 2836
Windows 6.0.6002 Service Pack 2
21.9.2009 14:21:44
mbam-log-2009-09-21 (14-21-26).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 90785
Uplynulý čas: 4 minute(s), 2 second(s)
Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2
Infikované procesy v paměti:
C:\Users\Michal\AppData\Roaming\Adobe\Manager.exe (Trojan.Agent) -> No action taken.
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Sellmosoft (Rogue.Multiple) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\run (Trojan.Agent) -> No action taken.
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\Users\Michal\AppData\Roaming\Adobe\Manager.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\lphc9qvj0ee8l.exe (Trojan.FakeAlert) -> No action taken.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: nejakej červ...
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Vypni rez. ochrany+firewall u Norton Internet Security
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Vypni rez. ochrany+firewall u Norton Internet Security
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: nejakej červ...
takze Mbam:
Malwarebytes' Anti-Malware 1.41
Verze databáze: 2836
Windows 6.0.6002 Service Pack 2
21.9.2009 15:34:15
mbam-log-2009-09-21 (15-34-15).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 90720
Uplynulý čas: 3 minute(s), 52 second(s)
Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2
Infikované procesy v paměti:
C:\Users\Michal\AppData\Roaming\Adobe\Manager.exe (Trojan.Agent) -> Unloaded process successfully.
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sellmosoft (Rogue.Multiple) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\run (Trojan.Agent) -> Quarantined and deleted successfully.
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\Users\Michal\AppData\Roaming\Adobe\Manager.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\lphc9qvj0ee8l.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
a combofix:
ComboFix 09-09-20.01 - Michal 21.09.2009 15:46.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2045.1150 [GMT 2:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Možné infikované stránky -----
hxxp://hqsextube08.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-21 do 2009-09-21 )))))))))))))))))))))))))))))))
.
2009-09-21 13:55 . 2009-09-21 13:55 -------- d-----w- c:\users\Michal\AppData\Local\temp
2009-09-21 13:55 . 2009-09-21 13:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-21 13:41 . 2009-09-21 13:41 -------- d--h--w- c:\users\Michal\AppData\Local\acer eNM
2009-09-21 13:40 . 2009-09-21 13:40 -------- d-----w- c:\users\Michal\AppData\Local\Apps
2009-09-21 12:14 . 2009-09-21 12:14 -------- d-----w- c:\users\Michal\AppData\Roaming\Malwarebytes
2009-09-21 12:14 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-21 12:14 . 2009-09-21 12:14 -------- d-----w- C:\Malwarebytes' Anti-Malware
2009-09-21 12:14 . 2009-09-21 12:14 -------- d-----w- c:\programdata\Malwarebytes
2009-09-21 12:14 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-20 20:36 . 2009-09-21 12:12 -------- d-----w- C:\HijackThis
2009-09-17 16:39 . 2009-09-17 17:01 -------- d-----w- c:\users\Michal\DoctorWeb
2009-09-17 16:38 . 2009-09-17 16:38 77824 ----atw- c:\windows\system32\DRWEBSP.DLL
2009-09-17 16:37 . 2009-09-17 17:07 -------- d-----w- c:\program files\DrWeb
2009-09-17 16:35 . 2009-09-17 16:35 15872 ----a-w- c:\windows\oxo.exe
2009-09-10 19:52 . 2009-09-10 20:20 -------- d-----w- C:\Vista Manager
2009-09-10 18:12 . 2009-09-10 18:12 -------- d-----w- c:\windows\Speeditup Free
2009-09-10 17:15 . 2009-09-10 17:17 -------- d-----w- c:\windows\system32\ca-ES
2009-09-10 17:15 . 2009-09-10 17:17 -------- d-----w- c:\windows\system32\eu-ES
2009-09-10 17:15 . 2009-09-10 17:17 -------- d-----w- c:\windows\system32\vi-VN
2009-09-10 17:07 . 2009-09-10 17:07 -------- d-----w- c:\windows\system32\SPReview
2009-09-10 16:40 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-09-10 16:40 . 2009-04-10 21:27 57856 ----a-w- c:\windows\system32\compcln.exe
2009-09-10 16:30 . 2009-04-10 21:32 27624 ----a-w- c:\windows\system32\drivers\Dumpata.sys
2009-09-10 16:29 . 2009-04-10 21:32 48104 ----a-w- c:\windows\system32\drivers\mup.sys
2009-09-10 16:28 . 2009-04-10 21:28 199680 ----a-w- c:\windows\system32\WebClnt.dll
2009-09-10 16:27 . 2009-04-10 21:33 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-09-10 16:26 . 2009-04-10 21:28 1576960 ----a-w- c:\windows\system32\tquery.dll
2009-09-10 16:26 . 2009-04-10 21:28 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-09-10 16:26 . 2009-04-10 21:32 53224 ----a-w- c:\windows\system32\drivers\termdd.sys
2009-09-10 16:26 . 2009-04-10 21:28 615424 ----a-w- c:\windows\system32\themeui.dll
2009-09-10 16:26 . 2009-04-10 21:28 449024 ----a-w- c:\windows\system32\termsrv.dll
2009-09-10 16:26 . 2009-04-10 21:28 313344 ----a-w- c:\windows\system32\thawbrkr.dll
2009-09-10 16:26 . 2009-04-10 21:28 270336 ----a-w- c:\windows\system32\taskcomp.dll
2009-09-10 16:26 . 2009-04-10 21:28 242688 ----a-w- c:\windows\system32\tapisrv.dll
2009-09-10 16:26 . 2009-04-10 21:28 170496 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-09-10 16:26 . 2009-04-10 21:28 135168 ----a-w- c:\windows\system32\tcpmon.dll
2009-09-10 16:26 . 2009-04-10 21:28 1152000 ----a-w- c:\windows\system32\themecpl.dll
2009-09-10 16:26 . 2009-04-10 21:28 169984 ----a-w- c:\windows\system32\taskeng.exe
2009-09-10 16:26 . 2009-04-10 19:45 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-09-10 16:23 . 2009-09-10 16:23 -------- d-----w- c:\windows\system32\EventProviders
2009-09-10 05:52 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-10 05:52 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-10 05:52 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-10 05:52 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 05:52 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-10 05:52 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-10 05:52 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-10 05:52 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-09 13:18 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 13:18 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 13:18 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 13:18 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 13:18 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 13:18 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 13:18 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 13:18 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 13:18 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 13:18 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 13:18 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 13:17 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 13:17 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 13:17 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-09 13:17 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 13:17 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 13:17 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-09 13:17 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-09 13:17 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-09 13:17 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-09 13:17 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-09 13:17 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-08 15:06 . 2009-09-08 15:06 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-09-08 15:06 . 2008-11-12 14:44 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-09-08 15:06 . 2008-11-12 14:44 17152 ----a-w- c:\windows\system32\authuitu.dll
2009-09-08 15:06 . 2009-09-08 16:10 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-08 15:05 . 2009-09-08 15:06 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-09-08 14:59 . 2009-09-08 15:04 -------- d-----w- c:\users\Michal\AppData\Roaming\Smart PC Solutions
2009-09-03 15:01 . 2009-09-03 15:05 -------- d-----w- C:\MyBackup
2009-09-03 15:00 . 2009-09-08 14:56 -------- d-----w- c:\program files\Premium Booster
2009-09-03 13:18 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 13:18 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-01 13:30 . 2009-09-01 13:30 -------- d-----w- c:\programdata\NOS
2009-09-01 13:30 . 2009-09-01 13:30 -------- d-----w- c:\program files\NOS
2009-08-26 23:05 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 13:19 . 2009-04-11 06:28 1696768 ----a-w- c:\windows\system32\gameux.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 13:47 . 2007-01-08 21:09 93610 ----a-w- c:\windows\system32\perfh005.dat
2009-09-21 13:47 . 2007-01-08 21:09 29590 ----a-w- c:\windows\system32\perfc005.dat
2009-09-21 12:01 . 2009-01-20 15:01 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-09-17 17:08 . 2007-01-12 01:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-14 21:06 . 2009-01-15 22:29 -------- d-----w- c:\users\Michal\AppData\Roaming\dvdcss
2009-09-13 20:26 . 2008-09-16 13:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:46 . 2008-08-25 12:29 -------- d-----w- c:\program files\QIP
2009-09-10 21:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-10 20:18 . 2008-08-25 11:39 -------- d-----w- c:\program files\Launch Manager
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-10 17:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-09 14:32 . 2009-03-19 17:34 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-16 22:26 . 2008-08-25 13:43 -------- d-----w- c:\programdata\Microsoft Help
2009-08-11 14:33 . 2009-08-11 14:32 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-11 10:59 . 2009-08-11 10:59 -------- d-----w- c:\users\Michal\AppData\Roaming\Mikrotik
2009-08-07 18:23 . 2008-08-25 13:47 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-08-07 17:51 . 2009-08-07 17:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 17:51 . 2009-08-07 17:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-07-21 21:52 . 2009-08-01 19:25 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-01 19:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-01 19:25 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-01 19:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 20:40 . 2009-07-18 20:40 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2009-07-17 13:54 . 2009-08-12 16:30 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 16:29 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 16:29 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 16:29 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 16:29 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-06-29 18:39 . 2009-06-29 18:39 56 ---ha-w- c:\programdata\ezsidmv.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-09-16_21.40.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-02 10:33 . 2009-09-16 19:49 52078 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-09-21 13:47 52078 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-16 19:49 22820 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-09-21 13:47 22820 c:\windows\System32\perfc009.dat
+ 2008-08-25 11:35 . 2009-09-21 13:51 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-25 11:35 . 2009-09-16 21:21 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-25 11:35 . 2009-09-16 21:21 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-25 11:35 . 2009-09-21 13:51 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-25 11:35 . 2009-09-16 21:21 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-25 11:35 . 2009-09-21 13:51 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-21 13:39 . 2009-09-21 13:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-09-16 21:38 . 2009-09-16 21:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-09-21 13:39 . 2009-09-21 13:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-09-16 21:38 . 2009-09-16 21:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-29 198160]
"Malwarebytes Anti-Malware (reboot)"="c:\malwarebytes' anti-malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-01 4186112]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-1-12 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"Google Update"="c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4b,b0,91,e8,3b,32,ca,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5CE281B3-18EA-4941-8F91-4E5970A7468B}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{8350E0F5-E947-4811-87B4-2C185D77422B}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"TCP Query User{C00B711B-294D-4C5D-B6AC-4E235FFE206D}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{E51AD13B-ADD4-4B90-B0D7-A071DB9B6424}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"{64BAF684-99AB-4BF9-A19C-6D7A086A95C5}"= UDP:c:\programy\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{6908E9A5-B933-4021-9A8B-C799EFF609BA}"= TCP:c:\programy\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{2693818C-AC58-4F6A-8E41-650BBF0D1287}"= UDP:c:\programy\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{016D9579-C790-4A4E-937C-A4EE33074A29}"= TCP:c:\programy\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{7D4F62B5-AA4B-4E14-ACFA-85E0E4F3ABBA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D21FC639-08F0-4196-9093-29D96F5327B6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{12ADD5CE-5D20-48C8-A872-4AB3F8BA7BCB}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{91B883A9-39FB-4C43-9690-01C283B5DC4B}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{2C5961DB-F987-40D1-A2E7-FF62D47E5776}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{C770B252-025E-4990-ABD3-75978FC2C3B1}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{0344F94A-7B3C-4D0A-A125-728071E565CA}c:\\programy\\bit lord\\bitlord.exe"= UDP:c:\programy\bit lord\bitlord.exe:BitLord
"UDP Query User{162AD2F1-3B43-4F70-B74A-50CBB3BDD513}c:\\programy\\bit lord\\bitlord.exe"= TCP:c:\programy\bit lord\bitlord.exe:BitLord
"TCP Query User{737A42DA-B9C3-49B9-BFC7-C6DEBF9E4E44}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{664085D5-4DE9-4356-85FB-291C8E6F8D08}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{909EE809-F764-402B-B71C-234BB616D6EF}d:\\hry\\unrealtournament\\system\\unrealtournament.exe"= UDP:d:\hry\unrealtournament\system\unrealtournament.exe:UnrealTournament.exe
"UDP Query User{169961F5-AC1D-4994-96B7-52112EACB7B6}d:\\hry\\unrealtournament\\system\\unrealtournament.exe"= TCP:d:\hry\unrealtournament\system\unrealtournament.exe:UnrealTournament.exe
"TCP Query User{0FFA0734-EE01-47C0-8320-B6DFB0BC2E86}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{E0BB29AF-457B-4BFB-BF2F-D473630CE3DC}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{006DE6F2-06E3-40CE-A78C-FEAAFF898C74}c:\\programy\\bit lord\\bitlord.exe"= UDP:c:\programy\bit lord\bitlord.exe:BitLord
"UDP Query User{312DF1E7-A44C-4F1C-9087-0CBA67399B32}c:\\programy\\bit lord\\bitlord.exe"= TCP:c:\programy\bit lord\bitlord.exe:BitLord
"TCP Query User{93D38BE7-F819-4946-8884-D5D32AA51E6D}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= UDP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"UDP Query User{7AD700EE-98C3-4216-8294-EA29A393D80C}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= TCP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"TCP Query User{E4F69016-1700-4457-A8BD-4F09E16BEC78}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= UDP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"UDP Query User{3640775A-1400-4FD4-8F90-8E13DC931ADC}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= TCP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"TCP Query User{E909A86D-D2B2-4B3C-B41D-D6FFF36D380B}d:\\rollcage2\\direct3d\\rollcage.exe"= UDP:d:\rollcage2\direct3d\rollcage.exe:Rollcage Main Game Executable
"UDP Query User{27E93381-380D-49D2-95E5-6F5E75BD2652}d:\\rollcage2\\direct3d\\rollcage.exe"= TCP:d:\rollcage2\direct3d\rollcage.exe:Rollcage Main Game Executable
"TCP Query User{16049CF6-449A-4285-9936-ED9EC08A738A}d:\\microsoft virtual pc\\virtual pc.exe"= UDP:d:\microsoft virtual pc\virtual pc.exe:Virtual PC 2007
"UDP Query User{73F8851D-A5C9-4901-9541-395C011FE6A9}d:\\microsoft virtual pc\\virtual pc.exe"= TCP:d:\microsoft virtual pc\virtual pc.exe:Virtual PC 2007
"TCP Query User{8E63721D-17B3-4852-971B-B7EBE2B31F47}d:\\icq6.5\\icq.exe"= UDP:d:\icq6.5\icq.exe:ICQ
"UDP Query User{0921C14A-79E9-4CFB-B4A8-CFA3A9617D50}d:\\icq6.5\\icq.exe"= TCP:d:\icq6.5\icq.exe:ICQ
"TCP Query User{AFDB7A3C-ACAD-430A-A1D1-56C3D17E89A0}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= UDP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{0C25104E-B640-45A4-8999-BFB24431EA8F}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= TCP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"TCP Query User{903667BB-56C3-48EC-87A0-F4829606C274}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= UDP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{83C41D14-9EBA-4757-BD6C-3CA175649441}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= TCP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [23.4.2009 17:06 64160]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20081120.001\IDSvix86.sys [21.11.2008 16:32 270384]
R2 SpotGPSMaxim;Spot;c:\program files\AVerMediaGPS\Services\Spot2741.exe [25.6.2007 11:50 610407]
R3 SpotVcp;NXP swGPS Spot Virtual COM port driver;c:\windows\System32\drivers\SpotVcp.sys [16.5.2007 14:19 34304]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [3.10.2008 15:14 37936]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1029456]
S3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\System32\drivers\AVerAF15.sys [25.10.2007 7:02 280576]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\System32\drivers\BTCamDrv.sys [31.8.2008 23:11 228352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3.9.2008 19:53 99376]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [28.8.2008 10:01 21504]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\System32\drivers\imhidusb.sys [9.11.2008 0:57 17920]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [12.1.2007 11:02 31232]
S3 spotJ;Spot Software GPS USB Driver (spotJ);c:\windows\System32\drivers\spotJ32.sys [20.11.2008 16:34 36608]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [22.2.2007 19:39 2808664]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-09-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 14:28]
2009-09-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:07]
2009-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2350665712-444876920-1834457973-1000Core.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-26 13:09]
2009-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2350665712-444876920-1834457973-1000UA.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-26 13:09]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} - hxxp://213.192.55.254/RtspVaPgDec.cab
.
.
------- Asociace souborů -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-21 15:55
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-09-21 15:59
ComboFix-quarantined-files.txt 2009-09-21 13:59
Před spuštěním: 8 130 416 640
Po spuštění: 8 616 210 432
329 --- E O F --- 2009-09-17 15:06
Malwarebytes' Anti-Malware 1.41
Verze databáze: 2836
Windows 6.0.6002 Service Pack 2
21.9.2009 15:34:15
mbam-log-2009-09-21 (15-34-15).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 90720
Uplynulý čas: 3 minute(s), 52 second(s)
Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2
Infikované procesy v paměti:
C:\Users\Michal\AppData\Roaming\Adobe\Manager.exe (Trojan.Agent) -> Unloaded process successfully.
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sellmosoft (Rogue.Multiple) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\run (Trojan.Agent) -> Quarantined and deleted successfully.
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\Users\Michal\AppData\Roaming\Adobe\Manager.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\lphc9qvj0ee8l.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
a combofix:
ComboFix 09-09-20.01 - Michal 21.09.2009 15:46.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2045.1150 [GMT 2:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Možné infikované stránky -----
hxxp://hqsextube08.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-21 do 2009-09-21 )))))))))))))))))))))))))))))))
.
2009-09-21 13:55 . 2009-09-21 13:55 -------- d-----w- c:\users\Michal\AppData\Local\temp
2009-09-21 13:55 . 2009-09-21 13:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-21 13:41 . 2009-09-21 13:41 -------- d--h--w- c:\users\Michal\AppData\Local\acer eNM
2009-09-21 13:40 . 2009-09-21 13:40 -------- d-----w- c:\users\Michal\AppData\Local\Apps
2009-09-21 12:14 . 2009-09-21 12:14 -------- d-----w- c:\users\Michal\AppData\Roaming\Malwarebytes
2009-09-21 12:14 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-21 12:14 . 2009-09-21 12:14 -------- d-----w- C:\Malwarebytes' Anti-Malware
2009-09-21 12:14 . 2009-09-21 12:14 -------- d-----w- c:\programdata\Malwarebytes
2009-09-21 12:14 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-20 20:36 . 2009-09-21 12:12 -------- d-----w- C:\HijackThis
2009-09-17 16:39 . 2009-09-17 17:01 -------- d-----w- c:\users\Michal\DoctorWeb
2009-09-17 16:38 . 2009-09-17 16:38 77824 ----atw- c:\windows\system32\DRWEBSP.DLL
2009-09-17 16:37 . 2009-09-17 17:07 -------- d-----w- c:\program files\DrWeb
2009-09-17 16:35 . 2009-09-17 16:35 15872 ----a-w- c:\windows\oxo.exe
2009-09-10 19:52 . 2009-09-10 20:20 -------- d-----w- C:\Vista Manager
2009-09-10 18:12 . 2009-09-10 18:12 -------- d-----w- c:\windows\Speeditup Free
2009-09-10 17:15 . 2009-09-10 17:17 -------- d-----w- c:\windows\system32\ca-ES
2009-09-10 17:15 . 2009-09-10 17:17 -------- d-----w- c:\windows\system32\eu-ES
2009-09-10 17:15 . 2009-09-10 17:17 -------- d-----w- c:\windows\system32\vi-VN
2009-09-10 17:07 . 2009-09-10 17:07 -------- d-----w- c:\windows\system32\SPReview
2009-09-10 16:40 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-09-10 16:40 . 2009-04-10 21:27 57856 ----a-w- c:\windows\system32\compcln.exe
2009-09-10 16:30 . 2009-04-10 21:32 27624 ----a-w- c:\windows\system32\drivers\Dumpata.sys
2009-09-10 16:29 . 2009-04-10 21:32 48104 ----a-w- c:\windows\system32\drivers\mup.sys
2009-09-10 16:28 . 2009-04-10 21:28 199680 ----a-w- c:\windows\system32\WebClnt.dll
2009-09-10 16:27 . 2009-04-10 21:33 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-09-10 16:26 . 2009-04-10 21:28 1576960 ----a-w- c:\windows\system32\tquery.dll
2009-09-10 16:26 . 2009-04-10 21:28 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-09-10 16:26 . 2009-04-10 21:32 53224 ----a-w- c:\windows\system32\drivers\termdd.sys
2009-09-10 16:26 . 2009-04-10 21:28 615424 ----a-w- c:\windows\system32\themeui.dll
2009-09-10 16:26 . 2009-04-10 21:28 449024 ----a-w- c:\windows\system32\termsrv.dll
2009-09-10 16:26 . 2009-04-10 21:28 313344 ----a-w- c:\windows\system32\thawbrkr.dll
2009-09-10 16:26 . 2009-04-10 21:28 270336 ----a-w- c:\windows\system32\taskcomp.dll
2009-09-10 16:26 . 2009-04-10 21:28 242688 ----a-w- c:\windows\system32\tapisrv.dll
2009-09-10 16:26 . 2009-04-10 21:28 170496 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-09-10 16:26 . 2009-04-10 21:28 135168 ----a-w- c:\windows\system32\tcpmon.dll
2009-09-10 16:26 . 2009-04-10 21:28 1152000 ----a-w- c:\windows\system32\themecpl.dll
2009-09-10 16:26 . 2009-04-10 21:28 169984 ----a-w- c:\windows\system32\taskeng.exe
2009-09-10 16:26 . 2009-04-10 19:45 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-09-10 16:23 . 2009-09-10 16:23 -------- d-----w- c:\windows\system32\EventProviders
2009-09-10 05:52 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-10 05:52 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-10 05:52 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-10 05:52 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 05:52 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-10 05:52 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-10 05:52 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-10 05:52 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-09 13:18 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 13:18 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 13:18 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 13:18 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 13:18 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 13:18 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 13:18 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 13:18 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 13:18 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 13:18 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 13:18 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 13:17 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 13:17 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 13:17 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-09 13:17 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 13:17 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 13:17 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-09 13:17 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-09 13:17 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-09 13:17 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-09 13:17 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-09 13:17 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-08 15:06 . 2009-09-08 15:06 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-09-08 15:06 . 2008-11-12 14:44 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-09-08 15:06 . 2008-11-12 14:44 17152 ----a-w- c:\windows\system32\authuitu.dll
2009-09-08 15:06 . 2009-09-08 16:10 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-08 15:05 . 2009-09-08 15:06 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-09-08 14:59 . 2009-09-08 15:04 -------- d-----w- c:\users\Michal\AppData\Roaming\Smart PC Solutions
2009-09-03 15:01 . 2009-09-03 15:05 -------- d-----w- C:\MyBackup
2009-09-03 15:00 . 2009-09-08 14:56 -------- d-----w- c:\program files\Premium Booster
2009-09-03 13:18 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 13:18 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-01 13:30 . 2009-09-01 13:30 -------- d-----w- c:\programdata\NOS
2009-09-01 13:30 . 2009-09-01 13:30 -------- d-----w- c:\program files\NOS
2009-08-26 23:05 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 13:19 . 2009-04-11 06:28 1696768 ----a-w- c:\windows\system32\gameux.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 13:47 . 2007-01-08 21:09 93610 ----a-w- c:\windows\system32\perfh005.dat
2009-09-21 13:47 . 2007-01-08 21:09 29590 ----a-w- c:\windows\system32\perfc005.dat
2009-09-21 12:01 . 2009-01-20 15:01 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-09-17 17:08 . 2007-01-12 01:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-14 21:06 . 2009-01-15 22:29 -------- d-----w- c:\users\Michal\AppData\Roaming\dvdcss
2009-09-13 20:26 . 2008-09-16 13:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:46 . 2008-08-25 12:29 -------- d-----w- c:\program files\QIP
2009-09-10 21:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-10 20:18 . 2008-08-25 11:39 -------- d-----w- c:\program files\Launch Manager
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-10 17:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-09 14:32 . 2009-03-19 17:34 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-16 22:26 . 2008-08-25 13:43 -------- d-----w- c:\programdata\Microsoft Help
2009-08-11 14:33 . 2009-08-11 14:32 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-11 10:59 . 2009-08-11 10:59 -------- d-----w- c:\users\Michal\AppData\Roaming\Mikrotik
2009-08-07 18:23 . 2008-08-25 13:47 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-08-07 17:51 . 2009-08-07 17:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 17:51 . 2009-08-07 17:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-07-21 21:52 . 2009-08-01 19:25 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-01 19:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-01 19:25 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-01 19:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 20:40 . 2009-07-18 20:40 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2009-07-17 13:54 . 2009-08-12 16:30 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 16:29 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 16:29 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 16:29 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 16:29 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-06-29 18:39 . 2009-06-29 18:39 56 ---ha-w- c:\programdata\ezsidmv.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-09-16_21.40.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-02 10:33 . 2009-09-16 19:49 52078 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-09-21 13:47 52078 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-16 19:49 22820 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-09-21 13:47 22820 c:\windows\System32\perfc009.dat
+ 2008-08-25 11:35 . 2009-09-21 13:51 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-25 11:35 . 2009-09-16 21:21 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-25 11:35 . 2009-09-16 21:21 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-25 11:35 . 2009-09-21 13:51 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-25 11:35 . 2009-09-16 21:21 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-25 11:35 . 2009-09-21 13:51 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-21 13:39 . 2009-09-21 13:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-09-16 21:38 . 2009-09-16 21:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-09-21 13:39 . 2009-09-21 13:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-09-16 21:38 . 2009-09-16 21:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-29 198160]
"Malwarebytes Anti-Malware (reboot)"="c:\malwarebytes' anti-malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-01 4186112]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-1-12 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"Google Update"="c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4b,b0,91,e8,3b,32,ca,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5CE281B3-18EA-4941-8F91-4E5970A7468B}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{8350E0F5-E947-4811-87B4-2C185D77422B}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"TCP Query User{C00B711B-294D-4C5D-B6AC-4E235FFE206D}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{E51AD13B-ADD4-4B90-B0D7-A071DB9B6424}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"{64BAF684-99AB-4BF9-A19C-6D7A086A95C5}"= UDP:c:\programy\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{6908E9A5-B933-4021-9A8B-C799EFF609BA}"= TCP:c:\programy\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{2693818C-AC58-4F6A-8E41-650BBF0D1287}"= UDP:c:\programy\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{016D9579-C790-4A4E-937C-A4EE33074A29}"= TCP:c:\programy\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{7D4F62B5-AA4B-4E14-ACFA-85E0E4F3ABBA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D21FC639-08F0-4196-9093-29D96F5327B6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{12ADD5CE-5D20-48C8-A872-4AB3F8BA7BCB}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{91B883A9-39FB-4C43-9690-01C283B5DC4B}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{2C5961DB-F987-40D1-A2E7-FF62D47E5776}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{C770B252-025E-4990-ABD3-75978FC2C3B1}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{0344F94A-7B3C-4D0A-A125-728071E565CA}c:\\programy\\bit lord\\bitlord.exe"= UDP:c:\programy\bit lord\bitlord.exe:BitLord
"UDP Query User{162AD2F1-3B43-4F70-B74A-50CBB3BDD513}c:\\programy\\bit lord\\bitlord.exe"= TCP:c:\programy\bit lord\bitlord.exe:BitLord
"TCP Query User{737A42DA-B9C3-49B9-BFC7-C6DEBF9E4E44}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{664085D5-4DE9-4356-85FB-291C8E6F8D08}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{909EE809-F764-402B-B71C-234BB616D6EF}d:\\hry\\unrealtournament\\system\\unrealtournament.exe"= UDP:d:\hry\unrealtournament\system\unrealtournament.exe:UnrealTournament.exe
"UDP Query User{169961F5-AC1D-4994-96B7-52112EACB7B6}d:\\hry\\unrealtournament\\system\\unrealtournament.exe"= TCP:d:\hry\unrealtournament\system\unrealtournament.exe:UnrealTournament.exe
"TCP Query User{0FFA0734-EE01-47C0-8320-B6DFB0BC2E86}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{E0BB29AF-457B-4BFB-BF2F-D473630CE3DC}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{006DE6F2-06E3-40CE-A78C-FEAAFF898C74}c:\\programy\\bit lord\\bitlord.exe"= UDP:c:\programy\bit lord\bitlord.exe:BitLord
"UDP Query User{312DF1E7-A44C-4F1C-9087-0CBA67399B32}c:\\programy\\bit lord\\bitlord.exe"= TCP:c:\programy\bit lord\bitlord.exe:BitLord
"TCP Query User{93D38BE7-F819-4946-8884-D5D32AA51E6D}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= UDP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"UDP Query User{7AD700EE-98C3-4216-8294-EA29A393D80C}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= TCP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"TCP Query User{E4F69016-1700-4457-A8BD-4F09E16BEC78}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= UDP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"UDP Query User{3640775A-1400-4FD4-8F90-8E13DC931ADC}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= TCP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"TCP Query User{E909A86D-D2B2-4B3C-B41D-D6FFF36D380B}d:\\rollcage2\\direct3d\\rollcage.exe"= UDP:d:\rollcage2\direct3d\rollcage.exe:Rollcage Main Game Executable
"UDP Query User{27E93381-380D-49D2-95E5-6F5E75BD2652}d:\\rollcage2\\direct3d\\rollcage.exe"= TCP:d:\rollcage2\direct3d\rollcage.exe:Rollcage Main Game Executable
"TCP Query User{16049CF6-449A-4285-9936-ED9EC08A738A}d:\\microsoft virtual pc\\virtual pc.exe"= UDP:d:\microsoft virtual pc\virtual pc.exe:Virtual PC 2007
"UDP Query User{73F8851D-A5C9-4901-9541-395C011FE6A9}d:\\microsoft virtual pc\\virtual pc.exe"= TCP:d:\microsoft virtual pc\virtual pc.exe:Virtual PC 2007
"TCP Query User{8E63721D-17B3-4852-971B-B7EBE2B31F47}d:\\icq6.5\\icq.exe"= UDP:d:\icq6.5\icq.exe:ICQ
"UDP Query User{0921C14A-79E9-4CFB-B4A8-CFA3A9617D50}d:\\icq6.5\\icq.exe"= TCP:d:\icq6.5\icq.exe:ICQ
"TCP Query User{AFDB7A3C-ACAD-430A-A1D1-56C3D17E89A0}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= UDP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{0C25104E-B640-45A4-8999-BFB24431EA8F}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= TCP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"TCP Query User{903667BB-56C3-48EC-87A0-F4829606C274}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= UDP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{83C41D14-9EBA-4757-BD6C-3CA175649441}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= TCP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [23.4.2009 17:06 64160]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20081120.001\IDSvix86.sys [21.11.2008 16:32 270384]
R2 SpotGPSMaxim;Spot;c:\program files\AVerMediaGPS\Services\Spot2741.exe [25.6.2007 11:50 610407]
R3 SpotVcp;NXP swGPS Spot Virtual COM port driver;c:\windows\System32\drivers\SpotVcp.sys [16.5.2007 14:19 34304]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [3.10.2008 15:14 37936]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1029456]
S3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\System32\drivers\AVerAF15.sys [25.10.2007 7:02 280576]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\System32\drivers\BTCamDrv.sys [31.8.2008 23:11 228352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3.9.2008 19:53 99376]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [28.8.2008 10:01 21504]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\System32\drivers\imhidusb.sys [9.11.2008 0:57 17920]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [12.1.2007 11:02 31232]
S3 spotJ;Spot Software GPS USB Driver (spotJ);c:\windows\System32\drivers\spotJ32.sys [20.11.2008 16:34 36608]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [22.2.2007 19:39 2808664]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-09-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 14:28]
2009-09-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:07]
2009-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2350665712-444876920-1834457973-1000Core.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-26 13:09]
2009-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2350665712-444876920-1834457973-1000UA.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-26 13:09]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} - hxxp://213.192.55.254/RtspVaPgDec.cab
.
.
------- Asociace souborů -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-21 15:55
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-09-21 15:59
ComboFix-quarantined-files.txt 2009-09-21 13:59
Před spuštěním: 8 130 416 640
Po spuštění: 8 616 210 432
329 --- E O F --- 2009-09-17 15:06
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: nejakej červ...
Zdravím, jaro3 tu asi chvíli nebude, tak to vezmu za něj.
Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.
C:\Users\Michal\AppData\Roaming\Adobe\Manager.exe
c:\windows\oxo.exe
Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.
C:\Users\Michal\AppData\Roaming\Adobe\Manager.exe
c:\windows\oxo.exe
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: nejakej červ...
zatim je tu jen tohleto , to druhy nemuzu najit u kdyz dam zobrazit skryte
http://www.virustotal.com/cs/analisis/9 ... 1253545936
http://www.virustotal.com/cs/analisis/9 ... 1253545936
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: nejakej červ...
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\programdata\ezsidmv.dat
c:\windows\oxo.exe
Folder::
c:\programdata\NOS
c:\program files\NOS
c:\program files\DAEMON Tools Toolbar
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
RegNull::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: nejakej červ...
ComboFix 09-09-20.01 - Michal 21.09.2009 17:52.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2045.1100 [GMT 2:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Michal\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\programdata\ezsidmv.dat"
"c:\windows\oxo.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\DTToolbar.dll
c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.xpt
c:\program files\DAEMON Tools Toolbar\FirefoxDTT\chrome.manifest
c:\program files\DAEMON Tools Toolbar\FirefoxDTT\chrome\dttoolbar.jar
c:\program files\DAEMON Tools Toolbar\FirefoxDTT\install.rdf
c:\program files\DAEMON Tools Toolbar\Resources\about.ico
c:\program files\DAEMON Tools Toolbar\Resources\AboutWindow.ico
c:\program files\DAEMON Tools Toolbar\Resources\AddRadioStation.ico
c:\program files\DAEMON Tools Toolbar\Resources\as.ico
c:\program files\DAEMON Tools Toolbar\Resources\as.png
c:\program files\DAEMON Tools Toolbar\Resources\astro.ico
c:\program files\DAEMON Tools Toolbar\Resources\az.ico
c:\program files\DAEMON Tools Toolbar\Resources\b1.bmp
c:\program files\DAEMON Tools Toolbar\Resources\b1.png
c:\program files\DAEMON Tools Toolbar\Resources\BurnImage.ico
c:\program files\DAEMON Tools Toolbar\Resources\buy.ico
c:\program files\DAEMON Tools Toolbar\Resources\cond000.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond001.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond003.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond004.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond005.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond006.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond007.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond008.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond009.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond010.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond011.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond019.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond020.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond021.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond022.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond023.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond024.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond025.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond026.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond037.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond038.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond039.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond040.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond041.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond046.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond048.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond050.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond051.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond052.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond053.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond054.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond055.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond056.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond057.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond058.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond059.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond060.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond061.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond062.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond063.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond064.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond065.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond066.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond067.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond068.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond069.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond075.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond076.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond077.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond078.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond079.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond080.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond084.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond085.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond086.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond087.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond088.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond089.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond090.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond091.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond092.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond093.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond094.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond095.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond108.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond109.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond110.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond111.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond112.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond113.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond120.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond121.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond122.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond126.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond127.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond128.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond129.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond130.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond131.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond132.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond133.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond134.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond135.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond136.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond137.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond138.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond140.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond141.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond142.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond143.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond148.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond149.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond152.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond154.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond155.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond156.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond157.gif
c:\program files\DAEMON Tools Toolbar\Resources\Config.ico
c:\program files\DAEMON Tools Toolbar\Resources\d.ico
c:\program files\DAEMON Tools Toolbar\Resources\d2.ico
c:\program files\DAEMON Tools Toolbar\Resources\daemon.ico
c:\program files\DAEMON Tools Toolbar\Resources\ds.ico
c:\program files\DAEMON Tools Toolbar\Resources\dsearch.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt.ico
c:\program files\DAEMON Tools Toolbar\Resources\DTPro.ico
c:\program files\DAEMON Tools Toolbar\Resources\Dwnl.ico
c:\program files\DAEMON Tools Toolbar\Resources\emulation.ico
c:\program files\DAEMON Tools Toolbar\Resources\features.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameCentrix.ico
c:\program files\DAEMON Tools Toolbar\Resources\gd.ico
c:\program files\DAEMON Tools Toolbar\Resources\genre.xml
c:\program files\DAEMON Tools Toolbar\Resources\globe.ico
c:\program files\DAEMON Tools Toolbar\Resources\GrabImage.ico
c:\program files\DAEMON Tools Toolbar\Resources\hb.bmp
c:\program files\DAEMON Tools Toolbar\Resources\hb.ico
c:\program files\DAEMON Tools Toolbar\Resources\help.ico
c:\program files\DAEMON Tools Toolbar\Resources\ip.ico
c:\program files\DAEMON Tools Toolbar\Resources\lang.xml
c:\program files\DAEMON Tools Toolbar\Resources\lingvo.ico
c:\program files\DAEMON Tools Toolbar\Resources\m.ico
c:\program files\DAEMON Tools Toolbar\Resources\mail.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_disable.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico
c:\program files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico
c:\program files\DAEMON Tools Toolbar\Resources\MenuRSCur.ico
c:\program files\DAEMON Tools Toolbar\Resources\MenuTr.ico
c:\program files\DAEMON Tools Toolbar\Resources\next.bmp
c:\program files\DAEMON Tools Toolbar\Resources\next_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\next_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\next_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\none.bmp
c:\program files\DAEMON Tools Toolbar\Resources\none_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\noW.gif
c:\program files\DAEMON Tools Toolbar\Resources\op.ico
c:\program files\DAEMON Tools Toolbar\Resources\play.bmp
c:\program files\DAEMON Tools Toolbar\Resources\play.ico
c:\program files\DAEMON Tools Toolbar\Resources\play_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\play_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\play_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\pragma.ico
c:\program files\DAEMON Tools Toolbar\Resources\prev.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prev_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prev_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prev_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prod.ico
c:\program files\DAEMON Tools Toolbar\Resources\Radio.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioBg.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioBg.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioE.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioG.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioL.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLeft.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLM.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioN.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioR.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioR.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioRM.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioRU.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioW.bmp
c:\program files\DAEMON Tools Toolbar\Resources\refresh.bmp
c:\program files\DAEMON Tools Toolbar\Resources\refresh_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\refresh_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\refresh_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Rss.ico
c:\program files\DAEMON Tools Toolbar\Resources\Rss1.ico
c:\program files\DAEMON Tools Toolbar\Resources\rssClose.ico
c:\program files\DAEMON Tools Toolbar\Resources\rssL.bmp
c:\program files\DAEMON Tools Toolbar\Resources\rssOpen.ico
c:\program files\DAEMON Tools Toolbar\Resources\size.bmp
c:\program files\DAEMON Tools Toolbar\Resources\size_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\skins.ico
c:\program files\DAEMON Tools Toolbar\Resources\spt.ico
c:\program files\DAEMON Tools Toolbar\Resources\stop.bmp
c:\program files\DAEMON Tools Toolbar\Resources\stop.ico
c:\program files\DAEMON Tools Toolbar\Resources\stop_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\stop_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\stop_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\style.ico
c:\program files\DAEMON Tools Toolbar\Resources\SupportRequest.ico
c:\program files\DAEMON Tools Toolbar\Resources\time.ico
c:\program files\DAEMON Tools Toolbar\Resources\TitleIcon.ico
c:\program files\DAEMON Tools Toolbar\Resources\toolbar.xml
c:\program files\DAEMON Tools Toolbar\Resources\trans.ico
c:\program files\DAEMON Tools Toolbar\Resources\Trash.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\u.ico
c:\program files\DAEMON Tools Toolbar\Resources\vol.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol.ico
c:\program files\DAEMON Tools Toolbar\Resources\vol_back.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_dott.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wb.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Weather_m42.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Weather_m43.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wi.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi0.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi1.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi10.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi11.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi12.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi13.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi2.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi3.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi4.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi5.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi6.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi7.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi8.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi9.ico
c:\program files\DAEMON Tools Toolbar\uninst.exe
c:\program files\NOS
c:\program files\NOS\bin\getPlus_Helper.dll
c:\program files\NOS\bin\gp.ocx
c:\programdata\ezsidmv.dat
c:\programdata\NOS
c:\programdata\NOS\getUninst_Adobe.dat
c:\windows\oxo.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_getPlusHelper
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-21 do 2009-09-21 )))))))))))))))))))))))))))))))
.
2009-09-21 16:00 . 2009-09-21 16:06 -------- d-----w- c:\users\Michal\AppData\Local\temp
2009-09-21 16:00 . 2009-09-21 16:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-21 16:00 . 2009-09-21 16:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-21 13:41 . 2009-09-21 13:41 -------- d--h--w- c:\users\Michal\AppData\Local\acer eNM
2009-09-21 13:40 . 2009-09-21 13:40 -------- d-----w- c:\users\Michal\AppData\Local\Apps
2009-09-21 12:14 . 2009-09-21 12:14 -------- d-----w- c:\users\Michal\AppData\Roaming\Malwarebytes
2009-09-21 12:14 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-21 12:14 . 2009-09-21 12:14 -------- d-----w- C:\Malwarebytes' Anti-Malware
2009-09-21 12:14 . 2009-09-21 12:14 -------- d-----w- c:\programdata\Malwarebytes
2009-09-21 12:14 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-20 20:36 . 2009-09-21 12:12 -------- d-----w- C:\HijackThis
2009-09-17 16:39 . 2009-09-17 17:01 -------- d-----w- c:\users\Michal\DoctorWeb
2009-09-17 16:38 . 2009-09-17 16:38 77824 ----atw- c:\windows\system32\DRWEBSP.DLL
2009-09-17 16:37 . 2009-09-17 17:07 -------- d-----w- c:\program files\DrWeb
2009-09-10 19:52 . 2009-09-10 20:20 -------- d-----w- C:\Vista Manager
2009-09-10 18:12 . 2009-09-10 18:12 -------- d-----w- c:\windows\Speeditup Free
2009-09-10 17:15 . 2009-09-10 17:17 -------- d-----w- c:\windows\system32\ca-ES
2009-09-10 17:15 . 2009-09-10 17:17 -------- d-----w- c:\windows\system32\eu-ES
2009-09-10 17:15 . 2009-09-10 17:17 -------- d-----w- c:\windows\system32\vi-VN
2009-09-10 17:07 . 2009-09-10 17:07 -------- d-----w- c:\windows\system32\SPReview
2009-09-10 16:40 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-09-10 16:40 . 2009-04-10 21:27 57856 ----a-w- c:\windows\system32\compcln.exe
2009-09-10 16:30 . 2009-04-10 21:32 27624 ----a-w- c:\windows\system32\drivers\Dumpata.sys
2009-09-10 16:29 . 2009-04-10 21:32 48104 ----a-w- c:\windows\system32\drivers\mup.sys
2009-09-10 16:28 . 2009-04-10 21:28 199680 ----a-w- c:\windows\system32\WebClnt.dll
2009-09-10 16:27 . 2009-04-10 21:33 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-09-10 16:26 . 2009-04-10 21:28 1576960 ----a-w- c:\windows\system32\tquery.dll
2009-09-10 16:26 . 2009-04-10 21:28 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-09-10 16:26 . 2009-04-10 21:32 53224 ----a-w- c:\windows\system32\drivers\termdd.sys
2009-09-10 16:26 . 2009-04-10 21:28 615424 ----a-w- c:\windows\system32\themeui.dll
2009-09-10 16:26 . 2009-04-10 21:28 449024 ----a-w- c:\windows\system32\termsrv.dll
2009-09-10 16:26 . 2009-04-10 21:28 313344 ----a-w- c:\windows\system32\thawbrkr.dll
2009-09-10 16:26 . 2009-04-10 21:28 270336 ----a-w- c:\windows\system32\taskcomp.dll
2009-09-10 16:26 . 2009-04-10 21:28 242688 ----a-w- c:\windows\system32\tapisrv.dll
2009-09-10 16:26 . 2009-04-10 21:28 170496 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-09-10 16:26 . 2009-04-10 21:28 135168 ----a-w- c:\windows\system32\tcpmon.dll
2009-09-10 16:26 . 2009-04-10 21:28 1152000 ----a-w- c:\windows\system32\themecpl.dll
2009-09-10 16:26 . 2009-04-10 21:28 169984 ----a-w- c:\windows\system32\taskeng.exe
2009-09-10 16:26 . 2009-04-10 19:45 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-09-10 16:23 . 2009-09-10 16:23 -------- d-----w- c:\windows\system32\EventProviders
2009-09-10 05:52 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-10 05:52 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-10 05:52 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-10 05:52 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 05:52 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-10 05:52 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-10 05:52 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-10 05:52 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-09 13:18 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 13:18 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 13:18 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 13:18 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 13:18 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 13:18 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 13:18 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 13:18 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 13:18 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 13:18 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 13:18 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 13:17 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 13:17 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 13:17 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-09 13:17 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 13:17 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 13:17 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-09 13:17 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-09 13:17 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-09 13:17 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-09 13:17 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-09 13:17 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-08 15:06 . 2009-09-08 15:06 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-09-08 15:06 . 2008-11-12 14:44 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-09-08 15:06 . 2008-11-12 14:44 17152 ----a-w- c:\windows\system32\authuitu.dll
2009-09-08 15:06 . 2009-09-08 16:10 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-08 15:05 . 2009-09-08 15:06 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-09-08 14:59 . 2009-09-08 15:04 -------- d-----w- c:\users\Michal\AppData\Roaming\Smart PC Solutions
2009-09-03 15:01 . 2009-09-03 15:05 -------- d-----w- C:\MyBackup
2009-09-03 15:00 . 2009-09-08 14:56 -------- d-----w- c:\program files\Premium Booster
2009-09-03 13:18 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 13:18 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-26 23:05 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 13:19 . 2009-04-11 06:28 1696768 ----a-w- c:\windows\system32\gameux.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 13:47 . 2007-01-08 21:09 93610 ----a-w- c:\windows\system32\perfh005.dat
2009-09-21 13:47 . 2007-01-08 21:09 29590 ----a-w- c:\windows\system32\perfc005.dat
2009-09-17 17:08 . 2007-01-12 01:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-14 21:06 . 2009-01-15 22:29 -------- d-----w- c:\users\Michal\AppData\Roaming\dvdcss
2009-09-13 20:26 . 2008-09-16 13:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:46 . 2008-08-25 12:29 -------- d-----w- c:\program files\QIP
2009-09-10 21:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-10 20:18 . 2008-08-25 11:39 -------- d-----w- c:\program files\Launch Manager
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-10 17:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-09 14:32 . 2009-03-19 17:34 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-16 22:26 . 2008-08-25 13:43 -------- d-----w- c:\programdata\Microsoft Help
2009-08-11 14:33 . 2009-08-11 14:32 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-11 10:59 . 2009-08-11 10:59 -------- d-----w- c:\users\Michal\AppData\Roaming\Mikrotik
2009-08-07 18:23 . 2008-08-25 13:47 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-08-07 17:51 . 2009-08-07 17:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 17:51 . 2009-08-07 17:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-07-21 21:52 . 2009-08-01 19:25 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-01 19:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-01 19:25 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-01 19:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 20:40 . 2009-07-18 20:40 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2009-07-17 13:54 . 2009-08-12 16:30 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 16:29 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 16:29 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 16:29 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 16:29 7680 ----a-w- c:\windows\system32\spwmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-16_21.40.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 10:33 . 2009-09-21 13:47 52078 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-16 19:49 52078 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-09-21 13:47 22820 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-09-16 19:49 22820 c:\windows\System32\perfc009.dat
- 2008-08-25 11:35 . 2009-09-16 21:21 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-25 11:35 . 2009-09-21 15:47 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-25 11:35 . 2009-09-16 21:21 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-25 11:35 . 2009-09-21 15:47 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-25 11:35 . 2009-09-16 21:21 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-25 11:35 . 2009-09-21 15:47 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-21 15:41 . 2009-09-21 15:41 9560 c:\windows\System32\networklist\icons\{D3BE2FA1-233A-415C-B282-B92D1B6ED9BA}_48.bin
+ 2009-09-21 15:41 . 2009-09-21 15:41 4280 c:\windows\System32\networklist\icons\{D3BE2FA1-233A-415C-B282-B92D1B6ED9BA}_32.bin
+ 2009-09-21 15:41 . 2009-09-21 15:41 2456 c:\windows\System32\networklist\icons\{D3BE2FA1-233A-415C-B282-B92D1B6ED9BA}_24.bin
+ 2009-09-21 16:01 . 2009-09-21 16:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-09-16 21:38 . 2009-09-16 21:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-09-21 16:01 . 2009-09-21 16:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-09-16 21:38 . 2009-09-16 21:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-29 198160]
"Malwarebytes Anti-Malware (reboot)"="c:\malwarebytes' anti-malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-01 4186112]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-1-12 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"Google Update"="c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4b,b0,91,e8,3b,32,ca,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5CE281B3-18EA-4941-8F91-4E5970A7468B}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{8350E0F5-E947-4811-87B4-2C185D77422B}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"TCP Query User{C00B711B-294D-4C5D-B6AC-4E235FFE206D}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{E51AD13B-ADD4-4B90-B0D7-A071DB9B6424}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"{64BAF684-99AB-4BF9-A19C-6D7A086A95C5}"= UDP:c:\programy\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{6908E9A5-B933-4021-9A8B-C799EFF609BA}"= TCP:c:\programy\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{2693818C-AC58-4F6A-8E41-650BBF0D1287}"= UDP:c:\programy\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{016D9579-C790-4A4E-937C-A4EE33074A29}"= TCP:c:\programy\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{7D4F62B5-AA4B-4E14-ACFA-85E0E4F3ABBA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D21FC639-08F0-4196-9093-29D96F5327B6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{12ADD5CE-5D20-48C8-A872-4AB3F8BA7BCB}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{91B883A9-39FB-4C43-9690-01C283B5DC4B}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{2C5961DB-F987-40D1-A2E7-FF62D47E5776}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{C770B252-025E-4990-ABD3-75978FC2C3B1}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{0344F94A-7B3C-4D0A-A125-728071E565CA}c:\\programy\\bit lord\\bitlord.exe"= UDP:c:\programy\bit lord\bitlord.exe:BitLord
"UDP Query User{162AD2F1-3B43-4F70-B74A-50CBB3BDD513}c:\\programy\\bit lord\\bitlord.exe"= TCP:c:\programy\bit lord\bitlord.exe:BitLord
"TCP Query User{737A42DA-B9C3-49B9-BFC7-C6DEBF9E4E44}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{664085D5-4DE9-4356-85FB-291C8E6F8D08}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{909EE809-F764-402B-B71C-234BB616D6EF}d:\\hry\\unrealtournament\\system\\unrealtournament.exe"= UDP:d:\hry\unrealtournament\system\unrealtournament.exe:UnrealTournament.exe
"UDP Query User{169961F5-AC1D-4994-96B7-52112EACB7B6}d:\\hry\\unrealtournament\\system\\unrealtournament.exe"= TCP:d:\hry\unrealtournament\system\unrealtournament.exe:UnrealTournament.exe
"TCP Query User{0FFA0734-EE01-47C0-8320-B6DFB0BC2E86}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{E0BB29AF-457B-4BFB-BF2F-D473630CE3DC}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{006DE6F2-06E3-40CE-A78C-FEAAFF898C74}c:\\programy\\bit lord\\bitlord.exe"= UDP:c:\programy\bit lord\bitlord.exe:BitLord
"UDP Query User{312DF1E7-A44C-4F1C-9087-0CBA67399B32}c:\\programy\\bit lord\\bitlord.exe"= TCP:c:\programy\bit lord\bitlord.exe:BitLord
"TCP Query User{93D38BE7-F819-4946-8884-D5D32AA51E6D}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= UDP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"UDP Query User{7AD700EE-98C3-4216-8294-EA29A393D80C}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= TCP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"TCP Query User{E4F69016-1700-4457-A8BD-4F09E16BEC78}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= UDP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"UDP Query User{3640775A-1400-4FD4-8F90-8E13DC931ADC}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= TCP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"TCP Query User{E909A86D-D2B2-4B3C-B41D-D6FFF36D380B}d:\\rollcage2\\direct3d\\rollcage.exe"= UDP:d:\rollcage2\direct3d\rollcage.exe:Rollcage Main Game Executable
"UDP Query User{27E93381-380D-49D2-95E5-6F5E75BD2652}d:\\rollcage2\\direct3d\\rollcage.exe"= TCP:d:\rollcage2\direct3d\rollcage.exe:Rollcage Main Game Executable
"TCP Query User{16049CF6-449A-4285-9936-ED9EC08A738A}d:\\microsoft virtual pc\\virtual pc.exe"= UDP:d:\microsoft virtual pc\virtual pc.exe:Virtual PC 2007
"UDP Query User{73F8851D-A5C9-4901-9541-395C011FE6A9}d:\\microsoft virtual pc\\virtual pc.exe"= TCP:d:\microsoft virtual pc\virtual pc.exe:Virtual PC 2007
"TCP Query User{8E63721D-17B3-4852-971B-B7EBE2B31F47}d:\\icq6.5\\icq.exe"= UDP:d:\icq6.5\icq.exe:ICQ
"UDP Query User{0921C14A-79E9-4CFB-B4A8-CFA3A9617D50}d:\\icq6.5\\icq.exe"= TCP:d:\icq6.5\icq.exe:ICQ
"TCP Query User{AFDB7A3C-ACAD-430A-A1D1-56C3D17E89A0}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= UDP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{0C25104E-B640-45A4-8999-BFB24431EA8F}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= TCP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"TCP Query User{903667BB-56C3-48EC-87A0-F4829606C274}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= UDP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{83C41D14-9EBA-4757-BD6C-3CA175649441}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= TCP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [23.4.2009 17:06 64160]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20081120.001\IDSvix86.sys [21.11.2008 16:32 270384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1028432]
R2 SpotGPSMaxim;Spot;c:\program files\AVerMediaGPS\Services\Spot2741.exe [25.6.2007 11:50 610407]
R3 SpotVcp;NXP swGPS Spot Virtual COM port driver;c:\windows\System32\drivers\SpotVcp.sys [16.5.2007 14:19 34304]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [3.10.2008 15:14 37936]
S3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\System32\drivers\AVerAF15.sys [25.10.2007 7:02 280576]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\System32\drivers\BTCamDrv.sys [31.8.2008 23:11 228352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3.9.2008 19:53 99376]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\System32\drivers\imhidusb.sys [9.11.2008 0:57 17920]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [12.1.2007 11:02 31232]
S3 spotJ;Spot Software GPS USB Driver (spotJ);c:\windows\System32\drivers\spotJ32.sys [20.11.2008 16:34 36608]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [22.2.2007 19:39 2808664]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-09-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 14:28]
2009-09-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:05]
2009-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2350665712-444876920-1834457973-1000Core.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-26 13:09]
2009-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2350665712-444876920-1834457973-1000UA.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-26 13:09]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} - hxxp://213.192.55.254/RtspVaPgDec.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-21 18:06
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\windows\TEMP\TMP00000049052C0ED8C2AEB092 524288 bytes executable
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(5868)
d:\microsoft virtual pc\VPCShExH.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehrecvr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2009-09-21 18:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-21 16:10
ComboFix2.txt 2009-09-21 13:59
Před spuštěním: 8 705 425 408
Po spuštění: 8 388 595 712
624 --- E O F --- 2009-09-17 15:06
HIJACK
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:06, on 21.9.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://213.192.55.254/RtspVaPgDec.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\eNetHook.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spot (SpotGPSMaxim) - NXP Software B.V. - C:\Program Files\AVerMediaGPS\Services\Spot2741.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7942 bytes
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2045.1100 [GMT 2:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Michal\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\programdata\ezsidmv.dat"
"c:\windows\oxo.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\DTToolbar.dll
c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.xpt
c:\program files\DAEMON Tools Toolbar\FirefoxDTT\chrome.manifest
c:\program files\DAEMON Tools Toolbar\FirefoxDTT\chrome\dttoolbar.jar
c:\program files\DAEMON Tools Toolbar\FirefoxDTT\install.rdf
c:\program files\DAEMON Tools Toolbar\Resources\about.ico
c:\program files\DAEMON Tools Toolbar\Resources\AboutWindow.ico
c:\program files\DAEMON Tools Toolbar\Resources\AddRadioStation.ico
c:\program files\DAEMON Tools Toolbar\Resources\as.ico
c:\program files\DAEMON Tools Toolbar\Resources\as.png
c:\program files\DAEMON Tools Toolbar\Resources\astro.ico
c:\program files\DAEMON Tools Toolbar\Resources\az.ico
c:\program files\DAEMON Tools Toolbar\Resources\b1.bmp
c:\program files\DAEMON Tools Toolbar\Resources\b1.png
c:\program files\DAEMON Tools Toolbar\Resources\BurnImage.ico
c:\program files\DAEMON Tools Toolbar\Resources\buy.ico
c:\program files\DAEMON Tools Toolbar\Resources\cond000.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond001.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond003.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond004.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond005.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond006.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond007.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond008.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond009.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond010.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond011.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond019.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond020.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond021.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond022.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond023.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond024.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond025.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond026.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond037.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond038.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond039.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond040.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond041.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond046.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond048.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond050.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond051.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond052.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond053.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond054.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond055.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond056.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond057.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond058.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond059.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond060.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond061.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond062.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond063.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond064.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond065.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond066.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond067.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond068.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond069.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond075.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond076.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond077.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond078.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond079.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond080.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond084.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond085.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond086.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond087.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond088.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond089.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond090.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond091.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond092.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond093.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond094.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond095.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond108.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond109.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond110.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond111.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond112.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond113.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond120.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond121.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond122.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond126.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond127.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond128.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond129.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond130.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond131.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond132.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond133.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond134.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond135.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond136.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond137.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond138.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond140.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond141.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond142.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond143.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond148.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond149.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond152.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond154.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond155.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond156.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond157.gif
c:\program files\DAEMON Tools Toolbar\Resources\Config.ico
c:\program files\DAEMON Tools Toolbar\Resources\d.ico
c:\program files\DAEMON Tools Toolbar\Resources\d2.ico
c:\program files\DAEMON Tools Toolbar\Resources\daemon.ico
c:\program files\DAEMON Tools Toolbar\Resources\ds.ico
c:\program files\DAEMON Tools Toolbar\Resources\dsearch.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt.ico
c:\program files\DAEMON Tools Toolbar\Resources\DTPro.ico
c:\program files\DAEMON Tools Toolbar\Resources\Dwnl.ico
c:\program files\DAEMON Tools Toolbar\Resources\emulation.ico
c:\program files\DAEMON Tools Toolbar\Resources\features.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameCentrix.ico
c:\program files\DAEMON Tools Toolbar\Resources\gd.ico
c:\program files\DAEMON Tools Toolbar\Resources\genre.xml
c:\program files\DAEMON Tools Toolbar\Resources\globe.ico
c:\program files\DAEMON Tools Toolbar\Resources\GrabImage.ico
c:\program files\DAEMON Tools Toolbar\Resources\hb.bmp
c:\program files\DAEMON Tools Toolbar\Resources\hb.ico
c:\program files\DAEMON Tools Toolbar\Resources\help.ico
c:\program files\DAEMON Tools Toolbar\Resources\ip.ico
c:\program files\DAEMON Tools Toolbar\Resources\lang.xml
c:\program files\DAEMON Tools Toolbar\Resources\lingvo.ico
c:\program files\DAEMON Tools Toolbar\Resources\m.ico
c:\program files\DAEMON Tools Toolbar\Resources\mail.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_disable.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico
c:\program files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico
c:\program files\DAEMON Tools Toolbar\Resources\MenuRSCur.ico
c:\program files\DAEMON Tools Toolbar\Resources\MenuTr.ico
c:\program files\DAEMON Tools Toolbar\Resources\next.bmp
c:\program files\DAEMON Tools Toolbar\Resources\next_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\next_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\next_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\none.bmp
c:\program files\DAEMON Tools Toolbar\Resources\none_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\noW.gif
c:\program files\DAEMON Tools Toolbar\Resources\op.ico
c:\program files\DAEMON Tools Toolbar\Resources\play.bmp
c:\program files\DAEMON Tools Toolbar\Resources\play.ico
c:\program files\DAEMON Tools Toolbar\Resources\play_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\play_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\play_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\pragma.ico
c:\program files\DAEMON Tools Toolbar\Resources\prev.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prev_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prev_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prev_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prod.ico
c:\program files\DAEMON Tools Toolbar\Resources\Radio.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioBg.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioBg.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioE.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioG.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioL.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLeft.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLM.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioN.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioR.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioR.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioRM.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioRU.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioW.bmp
c:\program files\DAEMON Tools Toolbar\Resources\refresh.bmp
c:\program files\DAEMON Tools Toolbar\Resources\refresh_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\refresh_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\refresh_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Rss.ico
c:\program files\DAEMON Tools Toolbar\Resources\Rss1.ico
c:\program files\DAEMON Tools Toolbar\Resources\rssClose.ico
c:\program files\DAEMON Tools Toolbar\Resources\rssL.bmp
c:\program files\DAEMON Tools Toolbar\Resources\rssOpen.ico
c:\program files\DAEMON Tools Toolbar\Resources\size.bmp
c:\program files\DAEMON Tools Toolbar\Resources\size_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\skins.ico
c:\program files\DAEMON Tools Toolbar\Resources\spt.ico
c:\program files\DAEMON Tools Toolbar\Resources\stop.bmp
c:\program files\DAEMON Tools Toolbar\Resources\stop.ico
c:\program files\DAEMON Tools Toolbar\Resources\stop_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\stop_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\stop_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\style.ico
c:\program files\DAEMON Tools Toolbar\Resources\SupportRequest.ico
c:\program files\DAEMON Tools Toolbar\Resources\time.ico
c:\program files\DAEMON Tools Toolbar\Resources\TitleIcon.ico
c:\program files\DAEMON Tools Toolbar\Resources\toolbar.xml
c:\program files\DAEMON Tools Toolbar\Resources\trans.ico
c:\program files\DAEMON Tools Toolbar\Resources\Trash.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\u.ico
c:\program files\DAEMON Tools Toolbar\Resources\vol.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol.ico
c:\program files\DAEMON Tools Toolbar\Resources\vol_back.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_dott.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wb.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Weather_m42.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Weather_m43.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wi.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi0.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi1.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi10.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi11.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi12.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi13.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi2.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi3.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi4.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi5.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi6.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi7.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi8.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi9.ico
c:\program files\DAEMON Tools Toolbar\uninst.exe
c:\program files\NOS
c:\program files\NOS\bin\getPlus_Helper.dll
c:\program files\NOS\bin\gp.ocx
c:\programdata\ezsidmv.dat
c:\programdata\NOS
c:\programdata\NOS\getUninst_Adobe.dat
c:\windows\oxo.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_getPlusHelper
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-21 do 2009-09-21 )))))))))))))))))))))))))))))))
.
2009-09-21 16:00 . 2009-09-21 16:06 -------- d-----w- c:\users\Michal\AppData\Local\temp
2009-09-21 16:00 . 2009-09-21 16:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-21 16:00 . 2009-09-21 16:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-21 13:41 . 2009-09-21 13:41 -------- d--h--w- c:\users\Michal\AppData\Local\acer eNM
2009-09-21 13:40 . 2009-09-21 13:40 -------- d-----w- c:\users\Michal\AppData\Local\Apps
2009-09-21 12:14 . 2009-09-21 12:14 -------- d-----w- c:\users\Michal\AppData\Roaming\Malwarebytes
2009-09-21 12:14 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-21 12:14 . 2009-09-21 12:14 -------- d-----w- C:\Malwarebytes' Anti-Malware
2009-09-21 12:14 . 2009-09-21 12:14 -------- d-----w- c:\programdata\Malwarebytes
2009-09-21 12:14 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-20 20:36 . 2009-09-21 12:12 -------- d-----w- C:\HijackThis
2009-09-17 16:39 . 2009-09-17 17:01 -------- d-----w- c:\users\Michal\DoctorWeb
2009-09-17 16:38 . 2009-09-17 16:38 77824 ----atw- c:\windows\system32\DRWEBSP.DLL
2009-09-17 16:37 . 2009-09-17 17:07 -------- d-----w- c:\program files\DrWeb
2009-09-10 19:52 . 2009-09-10 20:20 -------- d-----w- C:\Vista Manager
2009-09-10 18:12 . 2009-09-10 18:12 -------- d-----w- c:\windows\Speeditup Free
2009-09-10 17:15 . 2009-09-10 17:17 -------- d-----w- c:\windows\system32\ca-ES
2009-09-10 17:15 . 2009-09-10 17:17 -------- d-----w- c:\windows\system32\eu-ES
2009-09-10 17:15 . 2009-09-10 17:17 -------- d-----w- c:\windows\system32\vi-VN
2009-09-10 17:07 . 2009-09-10 17:07 -------- d-----w- c:\windows\system32\SPReview
2009-09-10 16:40 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-09-10 16:40 . 2009-04-10 21:27 57856 ----a-w- c:\windows\system32\compcln.exe
2009-09-10 16:30 . 2009-04-10 21:32 27624 ----a-w- c:\windows\system32\drivers\Dumpata.sys
2009-09-10 16:29 . 2009-04-10 21:32 48104 ----a-w- c:\windows\system32\drivers\mup.sys
2009-09-10 16:28 . 2009-04-10 21:28 199680 ----a-w- c:\windows\system32\WebClnt.dll
2009-09-10 16:27 . 2009-04-10 21:33 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-09-10 16:26 . 2009-04-10 21:28 1576960 ----a-w- c:\windows\system32\tquery.dll
2009-09-10 16:26 . 2009-04-10 21:28 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-09-10 16:26 . 2009-04-10 21:32 53224 ----a-w- c:\windows\system32\drivers\termdd.sys
2009-09-10 16:26 . 2009-04-10 21:28 615424 ----a-w- c:\windows\system32\themeui.dll
2009-09-10 16:26 . 2009-04-10 21:28 449024 ----a-w- c:\windows\system32\termsrv.dll
2009-09-10 16:26 . 2009-04-10 21:28 313344 ----a-w- c:\windows\system32\thawbrkr.dll
2009-09-10 16:26 . 2009-04-10 21:28 270336 ----a-w- c:\windows\system32\taskcomp.dll
2009-09-10 16:26 . 2009-04-10 21:28 242688 ----a-w- c:\windows\system32\tapisrv.dll
2009-09-10 16:26 . 2009-04-10 21:28 170496 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-09-10 16:26 . 2009-04-10 21:28 135168 ----a-w- c:\windows\system32\tcpmon.dll
2009-09-10 16:26 . 2009-04-10 21:28 1152000 ----a-w- c:\windows\system32\themecpl.dll
2009-09-10 16:26 . 2009-04-10 21:28 169984 ----a-w- c:\windows\system32\taskeng.exe
2009-09-10 16:26 . 2009-04-10 19:45 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-09-10 16:23 . 2009-09-10 16:23 -------- d-----w- c:\windows\system32\EventProviders
2009-09-10 05:52 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-10 05:52 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-10 05:52 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-10 05:52 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 05:52 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-10 05:52 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-10 05:52 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-10 05:52 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-09 13:18 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 13:18 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 13:18 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 13:18 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 13:18 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 13:18 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 13:18 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 13:18 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 13:18 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 13:18 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 13:18 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 13:17 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 13:17 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 13:17 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-09 13:17 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 13:17 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 13:17 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-09 13:17 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-09 13:17 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-09 13:17 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-09 13:17 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-09 13:17 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-08 15:06 . 2009-09-08 15:06 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-09-08 15:06 . 2008-11-12 14:44 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-09-08 15:06 . 2008-11-12 14:44 17152 ----a-w- c:\windows\system32\authuitu.dll
2009-09-08 15:06 . 2009-09-08 16:10 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-08 15:05 . 2009-09-08 15:06 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-09-08 14:59 . 2009-09-08 15:04 -------- d-----w- c:\users\Michal\AppData\Roaming\Smart PC Solutions
2009-09-03 15:01 . 2009-09-03 15:05 -------- d-----w- C:\MyBackup
2009-09-03 15:00 . 2009-09-08 14:56 -------- d-----w- c:\program files\Premium Booster
2009-09-03 13:18 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 13:18 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-26 23:05 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 13:19 . 2009-04-11 06:28 1696768 ----a-w- c:\windows\system32\gameux.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 13:47 . 2007-01-08 21:09 93610 ----a-w- c:\windows\system32\perfh005.dat
2009-09-21 13:47 . 2007-01-08 21:09 29590 ----a-w- c:\windows\system32\perfc005.dat
2009-09-17 17:08 . 2007-01-12 01:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-14 21:06 . 2009-01-15 22:29 -------- d-----w- c:\users\Michal\AppData\Roaming\dvdcss
2009-09-13 20:26 . 2008-09-16 13:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:46 . 2008-08-25 12:29 -------- d-----w- c:\program files\QIP
2009-09-10 21:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-10 20:18 . 2008-08-25 11:39 -------- d-----w- c:\program files\Launch Manager
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-10 17:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-09 14:32 . 2009-03-19 17:34 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-16 22:26 . 2008-08-25 13:43 -------- d-----w- c:\programdata\Microsoft Help
2009-08-11 14:33 . 2009-08-11 14:32 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-11 10:59 . 2009-08-11 10:59 -------- d-----w- c:\users\Michal\AppData\Roaming\Mikrotik
2009-08-07 18:23 . 2008-08-25 13:47 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-08-07 17:51 . 2009-08-07 17:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 17:51 . 2009-08-07 17:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-07-21 21:52 . 2009-08-01 19:25 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-01 19:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-01 19:25 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-01 19:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 20:40 . 2009-07-18 20:40 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2009-07-17 13:54 . 2009-08-12 16:30 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 16:29 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 16:29 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 16:29 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 16:29 7680 ----a-w- c:\windows\system32\spwmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-16_21.40.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 10:33 . 2009-09-21 13:47 52078 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-16 19:49 52078 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-09-21 13:47 22820 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-09-16 19:49 22820 c:\windows\System32\perfc009.dat
- 2008-08-25 11:35 . 2009-09-16 21:21 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-25 11:35 . 2009-09-21 15:47 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-25 11:35 . 2009-09-16 21:21 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-25 11:35 . 2009-09-21 15:47 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-25 11:35 . 2009-09-16 21:21 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-25 11:35 . 2009-09-21 15:47 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-21 15:41 . 2009-09-21 15:41 9560 c:\windows\System32\networklist\icons\{D3BE2FA1-233A-415C-B282-B92D1B6ED9BA}_48.bin
+ 2009-09-21 15:41 . 2009-09-21 15:41 4280 c:\windows\System32\networklist\icons\{D3BE2FA1-233A-415C-B282-B92D1B6ED9BA}_32.bin
+ 2009-09-21 15:41 . 2009-09-21 15:41 2456 c:\windows\System32\networklist\icons\{D3BE2FA1-233A-415C-B282-B92D1B6ED9BA}_24.bin
+ 2009-09-21 16:01 . 2009-09-21 16:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-09-16 21:38 . 2009-09-16 21:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-09-21 16:01 . 2009-09-21 16:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-09-16 21:38 . 2009-09-16 21:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-29 198160]
"Malwarebytes Anti-Malware (reboot)"="c:\malwarebytes' anti-malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-01 4186112]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-1-12 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"Google Update"="c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4b,b0,91,e8,3b,32,ca,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5CE281B3-18EA-4941-8F91-4E5970A7468B}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{8350E0F5-E947-4811-87B4-2C185D77422B}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"TCP Query User{C00B711B-294D-4C5D-B6AC-4E235FFE206D}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{E51AD13B-ADD4-4B90-B0D7-A071DB9B6424}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"{64BAF684-99AB-4BF9-A19C-6D7A086A95C5}"= UDP:c:\programy\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{6908E9A5-B933-4021-9A8B-C799EFF609BA}"= TCP:c:\programy\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{2693818C-AC58-4F6A-8E41-650BBF0D1287}"= UDP:c:\programy\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{016D9579-C790-4A4E-937C-A4EE33074A29}"= TCP:c:\programy\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{7D4F62B5-AA4B-4E14-ACFA-85E0E4F3ABBA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D21FC639-08F0-4196-9093-29D96F5327B6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{12ADD5CE-5D20-48C8-A872-4AB3F8BA7BCB}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{91B883A9-39FB-4C43-9690-01C283B5DC4B}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{2C5961DB-F987-40D1-A2E7-FF62D47E5776}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{C770B252-025E-4990-ABD3-75978FC2C3B1}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{0344F94A-7B3C-4D0A-A125-728071E565CA}c:\\programy\\bit lord\\bitlord.exe"= UDP:c:\programy\bit lord\bitlord.exe:BitLord
"UDP Query User{162AD2F1-3B43-4F70-B74A-50CBB3BDD513}c:\\programy\\bit lord\\bitlord.exe"= TCP:c:\programy\bit lord\bitlord.exe:BitLord
"TCP Query User{737A42DA-B9C3-49B9-BFC7-C6DEBF9E4E44}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{664085D5-4DE9-4356-85FB-291C8E6F8D08}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{909EE809-F764-402B-B71C-234BB616D6EF}d:\\hry\\unrealtournament\\system\\unrealtournament.exe"= UDP:d:\hry\unrealtournament\system\unrealtournament.exe:UnrealTournament.exe
"UDP Query User{169961F5-AC1D-4994-96B7-52112EACB7B6}d:\\hry\\unrealtournament\\system\\unrealtournament.exe"= TCP:d:\hry\unrealtournament\system\unrealtournament.exe:UnrealTournament.exe
"TCP Query User{0FFA0734-EE01-47C0-8320-B6DFB0BC2E86}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{E0BB29AF-457B-4BFB-BF2F-D473630CE3DC}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{006DE6F2-06E3-40CE-A78C-FEAAFF898C74}c:\\programy\\bit lord\\bitlord.exe"= UDP:c:\programy\bit lord\bitlord.exe:BitLord
"UDP Query User{312DF1E7-A44C-4F1C-9087-0CBA67399B32}c:\\programy\\bit lord\\bitlord.exe"= TCP:c:\programy\bit lord\bitlord.exe:BitLord
"TCP Query User{93D38BE7-F819-4946-8884-D5D32AA51E6D}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= UDP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"UDP Query User{7AD700EE-98C3-4216-8294-EA29A393D80C}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= TCP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"TCP Query User{E4F69016-1700-4457-A8BD-4F09E16BEC78}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= UDP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"UDP Query User{3640775A-1400-4FD4-8F90-8E13DC931ADC}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= TCP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"TCP Query User{E909A86D-D2B2-4B3C-B41D-D6FFF36D380B}d:\\rollcage2\\direct3d\\rollcage.exe"= UDP:d:\rollcage2\direct3d\rollcage.exe:Rollcage Main Game Executable
"UDP Query User{27E93381-380D-49D2-95E5-6F5E75BD2652}d:\\rollcage2\\direct3d\\rollcage.exe"= TCP:d:\rollcage2\direct3d\rollcage.exe:Rollcage Main Game Executable
"TCP Query User{16049CF6-449A-4285-9936-ED9EC08A738A}d:\\microsoft virtual pc\\virtual pc.exe"= UDP:d:\microsoft virtual pc\virtual pc.exe:Virtual PC 2007
"UDP Query User{73F8851D-A5C9-4901-9541-395C011FE6A9}d:\\microsoft virtual pc\\virtual pc.exe"= TCP:d:\microsoft virtual pc\virtual pc.exe:Virtual PC 2007
"TCP Query User{8E63721D-17B3-4852-971B-B7EBE2B31F47}d:\\icq6.5\\icq.exe"= UDP:d:\icq6.5\icq.exe:ICQ
"UDP Query User{0921C14A-79E9-4CFB-B4A8-CFA3A9617D50}d:\\icq6.5\\icq.exe"= TCP:d:\icq6.5\icq.exe:ICQ
"TCP Query User{AFDB7A3C-ACAD-430A-A1D1-56C3D17E89A0}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= UDP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{0C25104E-B640-45A4-8999-BFB24431EA8F}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= TCP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"TCP Query User{903667BB-56C3-48EC-87A0-F4829606C274}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= UDP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{83C41D14-9EBA-4757-BD6C-3CA175649441}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= TCP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [23.4.2009 17:06 64160]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20081120.001\IDSvix86.sys [21.11.2008 16:32 270384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1028432]
R2 SpotGPSMaxim;Spot;c:\program files\AVerMediaGPS\Services\Spot2741.exe [25.6.2007 11:50 610407]
R3 SpotVcp;NXP swGPS Spot Virtual COM port driver;c:\windows\System32\drivers\SpotVcp.sys [16.5.2007 14:19 34304]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [3.10.2008 15:14 37936]
S3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\System32\drivers\AVerAF15.sys [25.10.2007 7:02 280576]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\System32\drivers\BTCamDrv.sys [31.8.2008 23:11 228352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3.9.2008 19:53 99376]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\System32\drivers\imhidusb.sys [9.11.2008 0:57 17920]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [12.1.2007 11:02 31232]
S3 spotJ;Spot Software GPS USB Driver (spotJ);c:\windows\System32\drivers\spotJ32.sys [20.11.2008 16:34 36608]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [22.2.2007 19:39 2808664]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-09-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 14:28]
2009-09-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:05]
2009-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2350665712-444876920-1834457973-1000Core.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-26 13:09]
2009-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2350665712-444876920-1834457973-1000UA.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-26 13:09]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} - hxxp://213.192.55.254/RtspVaPgDec.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-21 18:06
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\windows\TEMP\TMP00000049052C0ED8C2AEB092 524288 bytes executable
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(5868)
d:\microsoft virtual pc\VPCShExH.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehrecvr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2009-09-21 18:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-21 16:10
ComboFix2.txt 2009-09-21 13:59
Před spuštěním: 8 705 425 408
Po spuštění: 8 388 595 712
624 --- E O F --- 2009-09-17 15:06
HIJACK
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:06, on 21.9.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://213.192.55.254/RtspVaPgDec.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\eNetHook.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spot (SpotGPSMaxim) - NXP Software B.V. - C:\Program Files\AVerMediaGPS\Services\Spot2741.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7942 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: nejakej červ...
Ještě jeden script:
Postup stejný , log dávat nemusíš.
Poté:
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Pokud nebudou problémy , je to vše.
Kód: Vybrat vše
RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
Postup stejný , log dávat nemusíš.
Poté:
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Kód: Vybrat vše
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Pokud nebudou problémy , je to vše.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: nejakej červ...
tak trochu se to zlepšilo, ale pořád wokna načítaj pomalu (zobrazi se po přihlášení černa obrazovka s myší asi na minutu a teprve potom naběhne plocha)
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: nejakej červ...
Nabíhá ti tam poměrně hodně služeb. Než se rozběhnou i jejich podprocesy, může to chvíli trvat.
Počítač máš čistý, není tam žádný šmejd, který by ti úmyslně zpožďoval nabíhání.
Počítač máš čistý, není tam žádný šmejd, který by ti úmyslně zpožďoval nabíhání.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 1 host