Ano ostatné bolo 0/36
Tak tu je daľší log z CF :
ComboFix 08-11-28.03 - Erricco 2008-11-29 21:57:33.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1329 [GMT 1:00]
Spuštěný z: c:\documents and settings\Erricco\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Erricco\Dokumenty\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active
FILE ::
c:\windows\_MSRSTRT.EXE
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\_MSRSTRT.EXE
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-28 do 2008-11-29 )))))))))))))))))))))))))))))))
.
2008-11-29 16:15 . 2008-11-29 16:15 <DIR> d-------- c:\windows\ERUNT
2008-11-28 21:07 . 2008-11-28 21:07 <DIR> d-------- c:\program files\IObit
2008-11-28 20:56 . 2008-11-28 20:56 <DIR> d-------- c:\documents and settings\Erricco\Data aplikací\IObit
2008-11-23 16:30 . 2008-11-23 16:30 <DIR> d-------- c:\program files\Adobe Media Player
2008-11-23 16:28 . 2008-11-23 16:28 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-23 16:25 . 2008-11-23 16:25 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-11-19 18:35 . 2008-11-19 18:35 <DIR> d-------- c:\program files\VstPlugins
2008-11-19 18:35 . 2006-06-20 09:56 225,280 --a------ c:\windows\system32\rewire.dll
2008-11-19 18:34 . 2008-11-19 18:34 <DIR> d-------- c:\program files\Outsim
2008-11-19 18:34 . 2008-11-19 18:35 <DIR> d-------- c:\program files\Image-Line
2008-11-19 18:34 . 2002-07-07 23:14 1,294,336 --a------ c:\windows\system32\vorbis.acm
2008-11-19 18:06 . 2002-11-02 09:53 57,344 --a------ c:\windows\system32\WNASPINT.DLL
2008-11-15 23:13 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2008-11-15 23:13 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2008-11-15 23:13 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2008-11-15 23:13 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2008-11-15 23:13 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2008-11-15 23:13 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2008-11-15 23:13 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2008-11-15 20:44 . 2008-11-15 20:44 222 --a------ c:\windows\system32\spupdsvc.inf
2008-11-13 01:16 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-08 18:21 . 2008-11-08 18:21 <DIR> d-------- c:\program files\Audacity 1.3 Beta
2008-11-03 20:22 . 2008-11-03 20:22 <DIR> d-------- c:\windows\Vienna Explorer
2008-11-03 16:23 . 2008-11-03 16:23 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-03 16:22 . 2008-04-14 07:52 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-03 09:33 . 2008-06-14 18:35 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-03 09:29 . 2008-08-14 14:26 2,191,360 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-03 09:29 . 2008-08-14 14:26 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-03 09:29 . 2008-08-14 14:26 2,068,224 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-03 09:29 . 2008-08-14 14:26 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-03 08:45 . 2008-11-13 02:18 <DIR> d--h----- c:\windows\$hf_mig$
2008-11-03 00:02 . 2008-11-03 00:04 <DIR> d-------- c:\program files\Gadgets
2008-11-02 23:54 . 2008-11-02 23:54 <DIR> d-------- c:\documents and settings\Erricco\Data aplikací\360desktop
2008-11-02 22:03 . 2008-11-02 22:04 5,271 --a------ c:\windows\BricoPackFoldersDelete.cmd
2008-11-02 22:00 . 2008-11-02 22:00 <DIR> d-------- c:\documents and settings\Erricco\Data aplikací\Styler
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 20:05 --------- d-----w c:\documents and settings\Erricco\Data aplikací\Skype
2008-11-29 16:11 --------- d-----w c:\documents and settings\Erricco\Data aplikací\skypePM
2008-11-29 15:13 --------- d-----w c:\documents and settings\Erricco\Data aplikací\uTorrent
2008-11-28 20:12 --------- d-----w c:\program files\Yahoo!
2008-11-28 20:11 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-11-28 17:09 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-28 16:54 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-11-28 16:51 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-27 20:48 --------- d-----w c:\documents and settings\Erricco\Data aplikací\FrostWire
2008-11-27 20:14 --------- d-----w c:\program files\FrostWire
2008-11-27 10:21 --------- d-----w c:\documents and settings\Erricco\Data aplikací\BSplayer PRO
2008-11-23 15:39 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-23 15:33 --------- d-----w c:\program files\Common Files\Real
2008-11-23 15:31 --------- d-----w c:\program files\Common Files\Adobe
2008-11-23 15:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-22 22:58 --------- d-----w c:\documents and settings\Erricco\Data aplikací\Vso
2008-11-18 12:28 6,204,032 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-11-08 17:34 --------- d-----w c:\documents and settings\Erricco\Data aplikací\Audacity
2008-11-02 21:04 70,888 ----a-w c:\windows\BricoPackUninst.cmd
2008-11-02 20:34 --------- d-----w c:\program files\Fraps
2008-11-02 20:18 --------- d-----w c:\program files\NVIDIA Corporation
2008-10-25 18:16 --------- d-----w c:\program files\easetech
2008-10-25 17:39 --------- d-----w c:\program files\Common Files\Apple
2008-10-25 17:25 --------- d-----w c:\documents and settings\Erricco\Data aplikací\Apple Computer
2008-10-25 17:19 --------- d-----w c:\program files\QuickTime
2008-10-25 17:18 --------- d-----w c:\documents and settings\All Users\Data aplikací\Apple Computer
2008-10-24 11:21 455,296 ------w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 20:55 --------- d-----w c:\documents and settings\Erricco\Data aplikací\vghd
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-13 17:52 --------- d-----w c:\documents and settings\Erricco\Data aplikací\Acronis
2008-10-13 17:27 --------- d-----w c:\documents and settings\LocalService\Data aplikací\Acronis
2008-10-13 17:25 441,760 ----a-w c:\windows\system32\drivers\timntr.sys
2008-10-13 17:25 44,384 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2008-10-13 17:25 129,248 ----a-w c:\windows\system32\drivers\snapman.sys
2008-10-13 17:25 --------- d-----w c:\documents and settings\All Users\Data aplikací\Acronis
2008-10-13 17:24 368,736 ----a-w c:\windows\system32\drivers\tdrpman.sys
2008-10-13 17:24 --------- d-----w c:\program files\Common Files\Acronis
2008-10-13 17:24 --------- d-----w c:\program files\Acronis
2008-10-13 07:47 --------- d-----w c:\program files\Rar Repair Tool
2008-10-10 20:19 --------- d-----w c:\program files\Common Files\Nero
2008-10-10 20:12 --------- d-----w c:\documents and settings\All Users\Data aplikací\Nero
2008-10-10 19:14 --------- d-----w c:\documents and settings\Erricco\Data aplikací\Nero
2008-10-10 18:32 --------- d-----w c:\program files\Absolute Video Converter
2008-10-10 07:28 --------- d-----w c:\program files\Zoner
2008-10-09 22:35 --------- d-----w c:\documents and settings\Erricco\Data aplikací\Zoner
2008-10-08 18:59 --------- d-----w c:\program files\Opera
2008-10-07 08:30 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-07 08:09 --------- d-----w c:\program files\CCleaner
2008-10-06 13:31 --------- d-----w c:\program files\Nokia
2008-10-06 12:11 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-06 12:11 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-10-06 12:10 --------- d-----w c:\documents and settings\All Users\Data aplikací\Nokia
2008-10-06 12:08 --------- d-----w c:\program files\MSXML 6.0
2008-10-06 12:06 --------- d-----w c:\program files\Common Files\Nokia
2008-10-06 12:05 --------- d-----w c:\documents and settings\All Users\Data aplikací\Installations
2008-10-03 07:50 --------- d-----w c:\program files\ARAR
2008-09-30 18:41 --------- d-----w c:\program files\ICQ6
2008-09-29 21:16 --------- d-----w c:\program files\Scorpions WinCheater
2008-09-29 15:28 --------- d-----w c:\program files\Total Video Converter
2008-09-28 13:38 --------- d-----w c:\documents and settings\All Users\Data aplikací\FLEXnet
2008-09-28 13:27 --------- d-----w c:\program files\Common Files\Download Manager
2008-09-16 00:17 22,328 ----a-w c:\documents and settings\Erricco\Data aplikací\PnkBstrK.sys
2008-08-08 16:14 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2008-08-07 21:52 47,360 ----a-w c:\documents and settings\Erricco\Data aplikací\pcouffin.sys
2008-03-09 05:25 236 ---ha-w c:\program files\Common Files\dx.reg
.
((((((((((((((((((((((((((((( snapshot@2008-11-29_17.13.48.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-29 21:01:22 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_fb4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-06-06 114688]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2008-11-15 2235920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-10 1351680]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-07-10 1191936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-18 13680640]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.10\RivaTuner.exe" [2008-08-31 2711552]
"RivaTuner"="c:\program files\RivaTuner v2.10\RivaTuner.exe" [2008-08-31 2711552]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-23 2615624]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-18 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-04 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-11-18 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-08-22 c:\windows\system32\advpack.dll]
c:\documents and settings\Erricco\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
c:\documents and settings\Erricco\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
c:\documents and settings\Erricco\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispSettingPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--------- 2008-04-14 07:52 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSD]
--a------ 2007-09-20 15:32 561152 c:\program files\C&E\OSD\osd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
--a------ 2007-02-22 18:53 2209224 c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
--------- 2008-03-20 19:23 83240 c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2006-11-22 16:31 630784 c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ProtexisLicensing"=2 (0x2)
"wscsvc"=2 (0x2)
"ITECIRService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BDRegion"=c:\program files\Cyberlink\Shared Files\brs.exe
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe"
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Games\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2008-05-04 210736]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 16:24:04 41456]
R2 adfs;adfs;c:\windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2008-04-14 14336]
R3 CEBFilter;CEBFilter;\??\c:\program files\C&E\OSD\OsdService\cebuffer.sys [2007-09-04 5120]
R3 CEIO;CEIO;\??\c:\program files\C&E\OSD\OsdService\ceio.sys [2007-08-31 4608]
R3 cKBFilter;cKBFilter;\??\c:\program files\C&E\OSD\OsdService\kbfiltr.sys [2007-08-31 7168]
R3 itecir;ITE EC CIR Driver (PMC);c:\windows\system32\DRIVERS\itecir.sys [2008-08-16 7808]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\DRIVERS\NETw5x32.sys [2008-08-29 3630080]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-13 69120]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2008-08-15 4224]
S2 NVR0FLASHDev;NVR0FLASHDev;\??\c:\windows\nvflash.sys []
S2 OsdService;OsdService;c:\program files\C&E\OSD\OsdService\OsdService.exe [2007-09-03 53248]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-09-15 38496]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-10-06 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-10-06 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2008-10-06 32377]
S4 ITECIRService;ITE Remote Controler service;c:\program files\ITECIR\RemoteControlService.exe []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6642de38-9d0a-11dd-99a3-001060d017d7}]
\Shell\AutoRun\command - G:\web'n'walk_Helper.exe
.
Obsah adresáře 'Naplánované úlohy'
2008-10-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 13:49]
2008-11-29 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2008-11-02 16:35]
2008-11-29 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2008-11-14 23:44]
2008-11-29 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\ [2008-11-29 22:01]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 22:00:15
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(664)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\netprovcredman.dll
- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\relog_ap.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\ESET\ESET Smart Security\ekrn.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2008-11-29 22:03:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-11-29 21:03:20
ComboFix2.txt 2008-11-29 19:08:23
ComboFix3.txt 2008-11-29 16:14:10
Před spuštěním: 5 465 829 376
Po spuštění: 5,449,928,704
305 --- E O F --- 2008-11-13 01:19:49
a tu z Hijack this :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:07:13, on 29. 11. 2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\RivaTuner v2.10\RivaTuner.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.games.searchzu.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.10\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.10\RivaTuner.exe" /T
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofile
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OsdService - Unknown owner - c:\Program Files\C&E\OSD\OsdService\OsdService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 10733 bytes
